Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » Please Check My Log

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

Please Check My Log

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 07-02-2008, 01:52 PM
divad213's Avatar
Junior Member
New Recruit
  
Join Date: Jan 2008
Posts: 30
divad213 Is a beginner here at D-A-L
Please Check My Log
Help!My pc suddenly can show hidden files, it always return to the do not show hidden files state.. I tried downloading flashdisinfector and combofix but i cant access the webpage...

please help me, im currently working on a school project and i dont want to lose any of my files

thanks in advance


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:35 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2B0D4E3-BF50-4E7A-A2A9-5EB7BFB907FE}: NameServer = 202.78.97.41 210.4.2.61
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

--
End of file - 5375 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 07-02-2008, 02:39 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Please Check My Log
Quote:
I tried downloading flashdisinfector and combofix
Try downloading such tools to another PC for use on your PC if the following does not help make those downloads possible:


Quote:
SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O4 - HKCU\..\Run: [KAVA] C:\WINDOWS\system32\kavo.exe

O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.


REBOOT.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Last edited by VopThis; 07-02-2008 at 02:43 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 08-02-2008, 02:47 PM
divad213's Avatar
Junior Member
New Recruit
  
Join Date: Jan 2008
Posts: 30
divad213 Is a beginner here at D-A-L
Re: Please Check My Log
I already downloaded flash disinfector from another pc it seems to work..
but i found a new file on my drive c: named kmd.exe is this a threat also?
here is my new log file of hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:42:59 PM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly%20Here%20and%20Now/Images/armhelper.ocx
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

--
End of file - 4874 bytes

thanks again. you rock!!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 08-02-2008, 02:49 PM
divad213's Avatar
Junior Member
New Recruit
  
Join Date: Jan 2008
Posts: 30
divad213 Is a beginner here at D-A-L
Re: Please Check My Log
i still have npkcsvc.exe on this line is it still a threat?

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

thanks again
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 08-02-2008, 03:32 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Please Check My Log
The main infection that we 'fixed' often has other components that are cleaned by running ComboFix. I need to see that log in order to properly advise you as you still seem to indicate your sense that there is still potential malware on your PC. Also, your use of 'MSCONFIG' could be hiding issues that may need resolving. NOTE: many such disabled items may not be particularly helpful towards a better functioning PC.


Quote:
kmd.exe
This file is often found to be associated with Kazaa and is not normally considered to be an infected file. Any use of such P2P tools increases the risk profile of your PC, however:

http://www.google.ca/search?hl=en&q=...=Google+Search



NPKCSVC.EXE is generally classified as safe. It appears to be related to antiviral software by INCA Internet Co., Ltd. and accordingly might be duplicative of your current antivirus tool and a possible source of conflict:

http://spywarefiles.prevx.com/RRIAFH...KCSVC.EXE.html
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 10-02-2008, 11:54 AM
divad213's Avatar
Junior Member
New Recruit
  
Join Date: Jan 2008
Posts: 30
divad213 Is a beginner here at D-A-L
Re: Please Check My Log
should i delete the kmd.exe???

Heres the Combo Fix Log file...

ComboFix 08-02.05.3 - David Sanchez 2008-02-08 21:09:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.267 [GMT 8:00]
Running from: C:\Documents and Settings\David Sanchez\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-07 20:45 . 2008-02-07 20:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-03 11:39 . 2004-08-04 09:07 13 --a------ C:\WINDOWS\system32\WINSPOOL.CRC
2008-01-27 12:26 . 2008-01-27 12:26 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-01-27 12:26 . 2008-02-07 21:03 <DIR> d-------- C:\Documents and Settings\David Sanchez\Application Data\MegauploadToolbar
2008-01-27 02:53 . 2008-01-27 02:53 <DIR> d-------- C:\Program Files\BearShare Applications
2008-01-27 02:53 . 2008-01-27 12:21 <DIR> d-------- C:\Documents and Settings\David Sanchez\Application Data\BearShare
2008-01-27 02:53 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-01-27 02:08 . 2008-01-27 02:08 <DIR> d-------- C:\Program Files\iriver
2008-01-25 02:32 . 2008-01-25 02:32 <DIR> d-------- C:\Documents and Settings\David Sanchez\DoctorWeb
2008-01-13 09:24 . 2008-01-13 09:24 <DIR> d-------- C:\WINDOWS\FreeStyle Online
2008-01-13 09:24 . 2008-02-03 16:30 <DIR> d-------- C:\Program Files\FreeStyle Online
2008-01-12 11:18 . 2008-01-12 11:18 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-12 11:18 . 2008-01-12 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-07 16:10 --------- d-----w C:\Program Files\Warcraft III
2008-02-07 13:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-31 12:19 --------- d-----w C:\Documents and Settings\David Sanchez\Application Data\Business Logic
2008-01-21 00:14 --------- d-----w C:\Program Files\Google
2008-01-20 16:07 --------- d-----w C:\Program Files\PopCap Games
2008-01-10 14:44 --------- d-----w C:\Program Files\Pivot Stickfigure Animator
2008-01-06 15:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 09:11 --------- d-----w C:\Program Files\Eidos
2007-12-30 07:55 --------- d-----w C:\Program Files\Mystery Case Files - Prime Suspects
2007-12-19 13:08 --------- d-----w C:\Program Files\Common Files\AnimeVamp
2007-12-15 12:55 --------- d-----w C:\Program Files\SourceTec
2007-12-15 12:55 --------- d-----w C:\Program Files\Common Files\SourceTec
2007-12-14 02:03 --------- d-----w C:\Program Files\TrendyFlash Site Builder
2007-12-10 00:58 --------- d-----w C:\Program Files\BFG
2007-12-08 12:35 --------- d--h--w C:\Program Files\Zero G Registry
2007-12-08 12:34 --------- d-----w C:\Program Files\Siemens
2007-12-08 12:33 --------- d-----w C:\Program Files\mIRC
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-17 17:19 802,816 ----a-w C:\WINDOWS\feedingfrenzy.scr
2007-11-17 17:17 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-07-12 13:57 108,330 ----a-w C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2004-10-01 07:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2004-07-22 02:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-19 14:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-19 14:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 06:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 01:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 01:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-08 20:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-08 20:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-08 19:03 62,976 ----a-w C:\Program Files\DSETUP.dll
2004-08-03 22:56 202,474 --sha-r C:\WINDOWS\system32\mveo.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:07 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 21:00 79224]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2006-10-22 12:22 86016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-28 02:11 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\David Sanchez\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-19 06:05:02 630784]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ampli]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BHR]
C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303]
C:\WINDOWS\VM303_STI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 09:07 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
-r------- 2006-06-28 17:54 49152 C:\WINDOWS\Domino.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 05:34 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 12:22 7700480 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoOE]
C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoSA]
C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-r------- 2005-09-23 00:42 90112 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-04-28 02:11 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
-r------- 2006-08-30 10:58 49152 C:\WINDOWS\VMSnap3.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-11-22 01:38 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-07-16 15:17 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-03-29 06:10 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"Macromedia Licensing Service"=3 (0x3)
"IDriverT"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"SQLWriter"=3 (0x3)
"ServiceLayer"=3 (0x3)
"MSSQL$SQLEXPRESS"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX3 2.sys [2006-02-23 11:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 11:39]
R3 vmfilter303;vmfilter303;C:\WINDOWS\system32\driver s\vmfilter303.sys [2006-04-25 10:57]
R3 ZSMC303;A4 TECH PC Camera H;C:\WINDOWS\system32\Drivers\usbVM303.sys [2006-12-01 14:23]
S4 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{6876d310-c5c1-11dc-aec4-0018f31960bb}]
\Shell\0pen\command - krag.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{f5f3caa4-f60a-11db-b57e-ea2a123e6a9b}]
\Shell\AutoRun\command - E:\SSCVIIHOST.exe
\Shell\Open\command - E:\SSCVIIHOST.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-01 02:04:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 21:13:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-02-08 21:14:30
ComboFix-quarantined-files.txt 2008-02-08 13:14:15
ComboFix2.txt 2008-01-28 00:52:13


THANKS
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 10-02-2008, 01:25 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: Please Check My Log
Quote:
should i delete the kmd.exe???
I do not see any indication of Kazaa on your PC. May be best to locate the full file path and submit file for analysis:

Submit files to VirusTotal

Go to http://www.virustotal.com/en/indexf.html
Copy each of the following lines into the white textbox:
  • [Full Path]\kmd.exe
    [Full Path]\krag.exe (possibly C:\Window\krag.exe)
    E:\SSCVIIHOST.exe
Click Send.
Please post the results of each scan to this thread.

If VirusTotal's service load is too high, you can use the following scanner instead:
http://virusscan.jotti.org

The following MSCONFIG disabled files are probably also undesirable:
Quote:
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoOE]
C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeekmoSA]
C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe



You also appear to be using 'Bearshare' which can increase the risk of new malware appearing on your PC. Even screensavers can often be found to be infected. In those situations, you would be well-advised to at least consider strengthening your real-time prevention tools and use either Spy Sweeper or Spyware Doctor, and possibly also run AVG Anti-Spyware (mainly for anti-trojan defensive purposes) in real-time, as well (paid version=realtime). No combination of tools, however, can ever be completely fail-safe for all such possible issues.









Download SUPERAntiSpyware (SAS) free home version:

http://www.superantispyware.com/supe...freevspro.html


Install it and double-click the icon on your desktop to run it:
  • It will ask if you want to update the program definitions, click "Yes",
  • Let it through your firewall!
  • Under "Configuration and Preferences", click the Preferences BUTTON.
  • Click the Scanning Control TAB.
  • Under "Scanner Options" make sure the following and additional items are checked:
    • Close browsers before scanning
    • Scan for tracking cookies (default)
    • Terminate memory threats before quarantining.
    • Ignore System Restore/Volume Information on ME and XP
    • Optional scan item:
      • Scan Alternate Data Streams (OPTIONAL Selection – deeper, trickier infection issues - longer scan).
    • Click the Close button to leave the control center screen.
  • On the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left check "C:\Fixed Drive".
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete a summary box will appear. Click "OK".
    • Make sure everything in the white box has a check next to it, then click "Next".
    • It will quarantine what it found and if it asks if you want to reboot, click "Yes".
  • To retrieve the removal information - please do the following:
    • After reboot, double-click the "SUPERAntiSpyware icon" on your desktop.
    • Click "Preferences". Click the Statistics/Logs TAB.
    • Under "Scanner Logs", double-click "SUPERAntiSpyware Scan Log".
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything , then right-click and choose copy.
  • Click close and close again to exit the program.
  • Please paste:
    • The SAS LOG information.
    • A new HijackThis LOG (with any current observations).
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
plz check my log xlaurax Spyware, Adware, Viruses and HijackThis Logs 1 25-12-2006 06:36 PM
please check out this log lordladeda Spyware, Adware, Viruses and HijackThis Logs 1 24-12-2006 07:51 PM
Could you just check this for me??? HappyBlonde Spyware, Adware, Viruses and HijackThis Logs 5 04-12-2006 12:11 AM
Check for me please. FRIAS11102 Spyware, Adware, Viruses and HijackThis Logs 1 19-08-2006 02:44 PM
Please check this log MARSH Spyware, Adware, Viruses and HijackThis Logs 5 28-08-2005 05:04 PM


All times are GMT +1. The time now is 02:26 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav