1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

could u pleez check my combofix log?

Discussion in 'Virus & Other Malware Removal' started by lw222, Oct 12, 2008.

Thread Status:
Not open for further replies.
  1. lw222

    lw222 Thread Starter

    Joined:
    Oct 12, 2008
    Messages:
    1
    ComboFix 08-10-11.04 - spacey 2008-10-12 13:51:35.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1736 [GMT -4:00]
    Running from: C:\Documents and Settings\spacey\Desktop\ComboFix.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\LocalService\Application Data\wsnpoem
    C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll
    C:\Documents and Settings\NetworkService\Application Data\wsnpoem
    C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll
    C:\Program Files\Microsoft Common
    C:\WINDOWS\system32\brastk.exe
    C:\WINDOWS\system32\DelSelf.bat
    C:\WINDOWS\system32\wsnpoem
    .
    ((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
    .
    2008-10-12 13:29 . 2008-10-12 13:38 <DIR> d-------- C:\Program Files\SpywareBlaster
    2008-10-12 13:07 . 2008-10-12 13:11 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-10-12 13:07 . 2008-10-12 13:07 <DIR> d-------- C:\Documents and Settings\spacey\Application Data\PC Tools
    2008-10-12 13:07 . 2008-10-12 13:48 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-10-12 13:07 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-10-12 13:07 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-10-12 13:07 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-10-12 13:07 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-10-12 12:42 . 2008-10-12 12:42 0 --a------ C:\WINDOWS\VPC32.INI
    2008-10-12 12:41 . 2008-10-12 12:41 <DIR> d-------- C:\WINDOWS\system32\CBA
    2008-10-12 12:41 . 2008-10-12 12:42 <DIR> d-------- C:\Program Files\Symantec
    2008-10-12 12:41 . 2008-10-12 12:41 <DIR> d-------- C:\Program Files\NavNT
    2008-10-12 12:41 . 2008-10-12 12:41 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
    2008-10-12 12:41 . 2008-10-12 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2008-10-12 12:41 . 2001-09-24 08:29 120,379 --a------ C:\WINDOWS\system32\SYMEVNT.386
    2008-10-12 12:41 . 2001-09-24 08:29 57,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-10-12 12:41 . 2001-09-24 08:29 36,864 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2008-10-12 12:41 . 2001-09-24 08:29 4,032 --a------ C:\WINDOWS\system32\SYMEVNT1.DLL
    2008-10-12 12:39 . 2008-10-12 12:39 <DIR> d-------- C:\Documents and Settings\spacey\WINDOWS
    2008-10-12 12:36 . 2006-02-28 08:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
    2008-10-12 12:36 . 2006-02-28 08:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
    2008-10-12 12:10 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-10-12 10:25 . 2008-10-12 10:25 <DIR> d-------- C:\WINDOWS\system32\LogFiles
    2008-10-10 13:38 . 2008-10-10 14:05 <DIR> d-------- C:\Documents and Settings\spacey\.housecall6.6
    2008-10-10 13:12 . 2008-10-10 13:15 <DIR> d-------- C:\Lesson2
    2008-10-07 16:12 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-10-07 16:12 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-10-07 16:08 . 2008-10-07 16:08 <DIR> d-------- C:\WINDOWS\USB
    2008-10-07 16:08 . 2008-10-07 16:08 <DIR> d-------- C:\Program Files\Memorex
    2008-10-07 16:08 . 1999-03-29 17:37 317,952 --a------ C:\WINDOWS\system32\Roboex32.dll
    2008-10-07 16:08 . 1998-04-04 05:21 288,256 --a------ C:\WINDOWS\system32\ltkrn90n.dll
    2008-10-07 16:08 . 1998-04-04 05:21 220,160 --a------ C:\WINDOWS\system32\LTDIS90n.dll
    2008-10-07 16:08 . 1998-04-04 05:22 107,008 --a------ C:\WINDOWS\system32\ltimg90n.dll
    2008-10-07 16:08 . 1998-04-04 05:21 98,304 --a------ C:\WINDOWS\system32\ltfil90n.DLL
    2008-10-07 16:08 . 1996-10-20 07:52 87,392 --a------ C:\WINDOWS\system32\Twain.dll
    2008-10-07 16:08 . 1996-10-20 07:52 77,312 --a------ C:\WINDOWS\system32\Twain_32.dll
    2008-10-07 16:08 . 1998-06-26 07:07 69,632 --a------ C:\WINDOWS\system32\Twunk_32.exe
    2008-10-07 16:08 . 1995-09-14 04:51 48,560 --a------ C:\WINDOWS\system32\Twunk_16.exe
    2008-10-07 15:57 . 2008-10-07 15:57 <DIR> d-------- C:\Program Files\ImageForge3
    2008-10-07 15:57 . 2008-10-07 15:57 <DIR> d-------- C:\Documents and Settings\spacey\Application Data\CursorArts
    2008-10-04 14:44 . 2008-10-04 14:44 <DIR> d-------- C:\Program Files\Seagate
    2008-10-04 14:25 . 2008-10-04 14:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-04 14:21 . 2008-10-04 14:39 <DIR> d-------- C:\Program Files\NOS
    2008-10-04 14:21 . 2008-10-04 14:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
    2008-10-04 13:58 . 2008-10-04 13:58 <DIR> d-------- C:\Program Files\Notepad++
    2008-10-04 13:58 . 2008-10-12 12:34 <DIR> d-------- C:\Documents and Settings\spacey\Application Data\Notepad++
    2008-10-04 13:54 . 2008-10-04 13:54 0 --a------ C:\WINDOWS\cdplayer.ini
    2008-10-04 13:52 . 2008-10-04 13:54 <DIR> d-------- C:\Program Files\Feurio
    2008-10-04 13:51 . 2008-10-04 14:39 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
    2008-10-04 13:50 . 2008-10-04 13:50 9,557 --a------ C:\WINDOWS\EAC.CFG
    2008-10-04 13:49 . 2008-10-04 13:49 164,112 --a------ C:\WINDOWS\system32\wnaspi32.dll
    2008-10-04 13:38 . 2008-10-04 13:39 <DIR> d-------- C:\Program Files\EAC
    2008-10-04 13:36 . 2008-10-04 13:36 <DIR> d-------- C:\Documents and Settings\spacey\Application Data\Yahoo!
    2008-10-04 13:30 . 2008-10-04 14:39 <DIR> d-------- C:\Program Files\Yahoo!
    2008-10-04 13:30 . 2008-10-04 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-10-04 13:27 . 2008-10-04 13:27 <DIR> d-------- C:\Program Files\Google
    2008-10-04 12:58 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2008-10-04 12:48 . 2001-01-16 21:10 44,852 --a------ C:\WINDOWS\system32\drivers\viaudio.sys
    2008-10-04 11:04 . 2008-06-23 12:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-10-04 11:04 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-10-04 11:04 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-10-04 11:04 . 2008-06-23 12:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-10-04 11:04 . 2008-06-23 12:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-10-04 11:04 . 2008-06-23 12:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-10-04 11:04 . 2008-06-23 12:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-10-04 11:04 . 2008-06-23 12:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-10-04 11:04 . 2008-06-23 05:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-10-04 10:38 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-10-04 10:36 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll
    2008-10-04 10:36 . 2008-07-18 22:10 33,992 --a------ C:\WINDOWS\system32\wucltui.dll.mui
    2008-10-04 10:36 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
    2008-10-04 10:36 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-10-04 10:36 . 2008-07-18 22:08 20,680 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
    2008-10-04 10:34 . 2008-10-04 10:34 <DIR> d--hs---- C:\Documents and Settings\spacey\UserData
    2008-10-04 10:01 . 2008-10-04 10:01 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
    2008-10-04 10:01 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
    2008-10-04 10:01 . 2008-10-12 12:41 592 --a------ C:\WINDOWS\ODBC.INI
    2008-10-04 10:00 . 2008-10-04 10:01 <DIR> d-------- C:\WINDOWS\SHELLNEW
    2008-10-04 10:00 . 2008-10-04 10:00 <DIR> d-------- C:\Program Files\Microsoft.NET
    2008-10-04 09:53 . 2008-10-04 09:53 <DIR> dr-h----- C:\MSOCache
    2008-10-03 23:55 . 2008-10-03 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
    2008-10-03 23:55 . 2007-03-28 14:01 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
    2008-10-03 23:49 . 2008-10-03 23:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-10-03 23:49 . 2008-10-03 23:49 <DIR> d-------- C:\Program Files\HP
    2008-10-03 23:49 . 2007-11-01 22:32 364,544 --a------ C:\WINDOWS\system32\hppldcoi.dll
    2008-10-03 23:49 . 2007-11-01 22:32 309,760 --a------ C:\WINDOWS\system32\difxapi.dll
    2008-10-03 23:49 . 2007-12-07 12:02 271,704 --a------ C:\WINDOWS\system32\hpzids01.dll
    2008-10-03 23:49 . 2007-11-01 22:32 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
    2008-10-03 23:49 . 2007-11-01 22:32 21,568 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
    2008-10-03 23:49 . 2007-11-01 22:32 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
    2008-10-03 23:48 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
    2008-10-03 23:48 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-10-03 23:48 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-10-03 23:47 . 2008-10-03 23:56 154,973 --a------ C:\WINDOWS\hpoins16.dat
    2008-10-03 23:47 . 2008-01-23 20:44 4,602 --------- C:\WINDOWS\hpomdl16.dat
    2008-10-03 23:16 . 2008-10-03 23:16 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2008-10-03 23:14 . 2008-10-04 14:36 <DIR> d-------- C:\Program Files\Common Files\Adobe
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-04 02:45 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-10-04 02:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-04 02:06 --------- d-----w C:\Program Files\microsoft frontpage
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    1999-07-19 00:05 15,716 ----a-w C:\WINDOWS\inf\i386\Pmxscan.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-04 39408]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-12 7630848]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-12 86016]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-02-28 158208]
    "vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 73728]
    "nwiz"="nwiz.exe" [2006-08-12 C:\WINDOWS\system32\nwiz.exe]
    C:\Documents and Settings\spacey\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2008-10-04 13:27 39408 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    R3 pmxscan;Memorex USB Kernel;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys [ ]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eeaaf330-9460-11dd-a38c-000a0103457a}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
    \Shell\Explore\command - G:\system.exe
    \Shell\Open\command - G:\system.exe
    .
    - - - - ORPHANS REMOVED - - - -
    MSConfigStartUp-brastk - brastk.exe

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.myspace.com/
    R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-12 13:55:21
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\NavLogon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\NavNT\defwatch.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\MSGSYS.EXE
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-12 13:56:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-12 17:56:45
    Pre-Run: 93,917,917,184 bytes free
    Post-Run: 94,353,817,600 bytes free
    206
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/758456

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice