Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With Combofix Log...


  • Please log in to reply
1 reply to this topic

#1 Quadc

Quadc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:57 AM

Posted 23 February 2008 - 04:02 PM

I am a novice with computers, so please forgive my ignorance. After discovering my computer was infected with the Metajuan virus I was directed to run Combofix and post the log report on this site. I noticed an immediate improvement in my computers performance after Combofix was complete, but I have idea if an infection remains. Any help would be much appreciated!
Here is the Combofix log:

ComboFix 08-02-23.2 - HP_Owner 2008-02-23 10:59:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.377 [GMT -8:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\Application Data\FunWebProducts
C:\Documents and Settings\HP_Owner\Application Data\FunWebProducts\Data\HP_Owner\avatar.dat
C:\Documents and Settings\HP_Owner\Application Data\FunWebProducts\Data\HP_Owner\register.dat
C:\Documents and Settings\HP_Owner\Application Data\FunWebProducts\Data\HP_Owner\zbucks.dat
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch\bar\1.bin\bak\m3IMPipe.exe
C:\Program Files\MyWebSearch\bar\1.bin\bak\mwsoemon.exe
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loader.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_def.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\004EB182
C:\Program Files\MyWebSearch\bar\Cache\004EB598.bin
C:\Program Files\MyWebSearch\bar\Cache\004EB72F.bin
C:\Program Files\MyWebSearch\bar\Cache\004EB809.bin
C:\Program Files\MyWebSearch\bar\Cache\004EB903.bin
C:\Program Files\MyWebSearch\bar\Cache\004EB9CF.bin
C:\Program Files\MyWebSearch\bar\Cache\005DDE46.bin
C:\Program Files\MyWebSearch\bar\Cache\005DDF40.bin
C:\Program Files\MyWebSearch\bar\Cache\005DEB26.bin
C:\Program Files\MyWebSearch\bar\Cache\005DF6DE.bin
C:\Program Files\MyWebSearch\bar\Cache\00C43B79
C:\Program Files\MyWebSearch\bar\Cache\011B467E
C:\Program Files\MyWebSearch\bar\Cache\04FF595D.bin
C:\Program Files\MyWebSearch\bar\Cache\04FF5B61.bin
C:\Program Files\MyWebSearch\bar\Cache\04FF5C4B.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\Temporary
C:\Program Files\Temporary\InsiDERIns.exe
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\matrix.dat
C:\Temp\isgTi19
C:\WINDOWS\b152.exe
C:\WINDOWS\b153.exe
C:\WINDOWS\system32\agiouyru.dll
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\cyrygfkm.dll
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\khkgoben.ini
C:\WINDOWS\system32\lcwpshum.dll
C:\WINDOWS\system32\mfxynucn.ini
C:\WINDOWS\system32\ncunyxfm.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rbnohacv.dll
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\vacwefoz.dllbox
C:\WINDOWS\system32\vdyreprg.dll
C:\WINDOWS\system32\vwrfyjfk.ini
C:\WINDOWS\system32\xprdmlfn.dll
D:\Autorun.inf
C:\Program Files\MyWebSearch

.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-22 22:50 . 2006-06-13 20:59 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-02-22 22:50 . 2006-06-13 20:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-22 22:50 . 2006-06-13 20:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-02-22 22:50 . 2006-06-13 20:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-02-22 22:50 . 2006-06-13 20:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-02-22 22:15 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-02-22 22:15 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-22 22:15 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-02-22 21:36 . 2008-02-22 21:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Uniblue
2008-02-21 21:45 . 2008-02-21 21:45 <DIR> d-------- C:\d3203b8eecb4524af480a00e
2008-02-21 21:14 . 2008-02-21 21:14 <DIR> d-------- C:\Program Files\uTorrent
2008-02-21 21:14 . 2008-02-21 21:20 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\uTorrent
2008-02-21 19:48 . 2008-02-21 19:48 <DIR> d-------- C:\Program Files\JavaCore
2008-02-21 19:43 . 2008-02-21 19:43 <DIR> d-------- C:\Program Files\xInsIDE
2008-02-21 07:44 . 2008-02-23 09:15 70,865 --a------ C:\WINDOWS\BM135205ea.xml
2008-02-21 07:44 . 2008-02-23 09:10 21 --a------ C:\WINDOWS\pskt.ini
2008-02-20 19:38 . 2008-02-21 21:30 318 --ahs---- C:\WINDOWS\system32\kjkkj.ini
2008-02-17 20:06 . 2008-02-21 16:40 74 --a------ C:\WINDOWS\TaxACT07.ini
2008-02-09 20:53 . 2008-02-09 20:53 <DIR> d-------- C:\Program Files\Chill
2008-02-06 14:33 . 2008-02-23 11:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-06 14:33 . 2008-02-06 14:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-02 18:35 . 2008-02-02 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-02 18:25 . 2008-02-06 14:30 <DIR> d-------- C:\Program Files\Bonjour
2008-02-02 18:11 . 2008-02-02 18:11 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-29 15:38 . 2008-01-29 15:38 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-01-27 15:55 . 2008-01-27 15:55 6,463,660 --a------ C:\Program Files\RocketDock-v1.3.5.exe
2008-01-27 14:22 . 2008-01-27 14:22 <DIR> d-------- C:\Program Files\PDF ActiveX
2008-01-27 14:22 . 2008-01-27 14:22 249,856 --------- C:\WINDOWS\Setup1.exe
2008-01-27 14:22 . 2008-01-27 14:22 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-01-25 15:58 . 2008-01-25 15:58 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-01-24 19:13 . 2008-01-24 19:16 <DIR> d-------- C:\Program Files\Drum Machine

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 19:01 --------- d-----w C:\Program Files\GamesBar
2008-02-23 18:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-23 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-23 06:44 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-23 06:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2008-02-22 06:47 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-22 06:47 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-22 06:47 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-22 06:47 --------- d-----w C:\Program Files\Symantec
2008-02-19 01:03 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2008-02-18 04:06 --------- d-----w C:\Program Files\2nd Story Software
2008-02-18 03:33 34,346 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-02-16 01:36 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-02-10 06:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-06 22:32 --------- d-----w C:\Program Files\iTunes
2008-02-06 22:32 --------- d-----w C:\Program Files\iPod
2008-02-06 22:30 --------- d-----w C:\Program Files\QuickTime
2008-02-03 02:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-19 00:36 64,259 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-01-19 00:36 6,120 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-14 03:54 --------- d-----w C:\Program Files\LimeWire
2008-01-14 00:49 --------- d-----w C:\Program Files\Comcast Play Games
2008-01-14 00:47 --------- d-----w C:\Program Files\MySpace
2008-01-07 00:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 00:30 --------- d-----w C:\Program Files\Ubisoft
2008-01-07 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Super X Studios
2008-01-07 00:28 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-01-02 21:52 --------- d-----w C:\Program Files\VideoLAN
2008-01-01 00:27 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2007-12-31 22:28 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\vlc
2007-12-30 04:36 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Flood Light Games
2007-12-30 04:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
2007-12-25 21:50 --------- d-----w C:\Program Files\Microsoft Silverlight
2007-12-25 17:08 --------- d-----w C:\Program Files\Apple Software Update
2007-12-25 17:07 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-25 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
.

------- Sigcheck -------

"C:\WINDOWS\explorer.exe"
----a-w 975,360 2007-06-13 10:23:07 C:\WINDOWS\explorer.exe
----a-w 1,033,216 2007-06-13 11:26:03 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,032,192 2004-08-04 04:00:00 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
----a-w 975,360 2007-06-13 10:23:07 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 253,952 2004-10-14 21:54:32 C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe

----a-w 61,440 2003-02-11 19:02:48 C:\hp\KBD\bak\KBD.EXE

----a-w 180,269 2006-06-14 04:14:15 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 68,856 2007-06-27 05:26:50 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 49,152 2004-06-07 18:53:26 C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe

----a-w 229,952 2006-09-25 21:54:24 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-02-04 22:18:40 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 36,975 2005-04-13 10:48:52 C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe

----a-w 1,207,080 2006-06-21 05:36:22 C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe
----a-w 1,207,080 2006-06-21 06:36:22 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

----a-w 282,624 2006-09-24 10:24:54 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 385,024 2008-02-01 07:13:08 C:\Program Files\QuickTime\QTTask.exe

----a-w 16,384 2007-07-16 04:10:38 C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\m3IMPipe.exe.vir

----a-w 28,672 2007-07-16 04:10:38 C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\mwsoemon.exe.vir

----a-w 663,552 2004-12-14 01:23:44 C:\WINDOWS\CREATOR\bak\Remind_XP.exe

----a-w 233,472 2004-04-14 20:43:46 C:\WINDOWS\SMINST\bak\RECGUARD.EXE

----a-w 180 2007-10-13 02:22:27 C:\WINDOWS\system\bak\hpsysdrv.DAT
----a-w 186 2007-10-08 01:25:46 C:\WINDOWS\system\hpsysdrv.DAT

----a-w 52,736 1998-05-07 16:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe

----a-w 15,360 2004-08-04 04:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 04:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 126,976 2004-11-02 15:59:42 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 659,456 2004-06-07 18:42:30 C:\WINDOWS\system32\bak\hphmon06.exe

----a-w 90,112 2004-10-25 21:17:56 C:\WINDOWS\system32\bak\ps2.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:00 15360]
"Aim6"="" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 22:36 1207080]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]
"xInsIDE"="C:\Program Files\xInsIDE\xInsIDE.exe" [2008-02-21 19:43 53248]
"JavaCore"="C:\Program Files\JavaCore\JavaCore.exe" [2008-02-21 19:48 144896]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-10-13 13:01 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-13 15:17 2742272 C:\WINDOWS\ALCWZRD.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-02 23:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 17:22 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"BM135205ea"="C:\WINDOWS\system32\fayfsimf.dll" [ ]

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 14:05:02 630784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2005-09-14 16:13:36 929886]
Forget Me Not.lnk - C:\Program Files\Broderbund\AG Print\AGremind.exe [2006-10-12 16:05:09 319488]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048]
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2006-10-09 16:58:56 335872]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [2006-06-13 20:23:09 73728]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2006-06-13 20:25:04 45056]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R3 EPUSBSTOR;EPSON USB Storage Driver;C:\WINDOWS\system32\DRIVERS\epusbsto.sys [2001-09-10 08:00]
R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 12:02]
S2 Ca533av;Polaroid Digital Cam Video;C:\WINDOWS\system32\Drivers\Ca533av.sys [2002-10-21 11:37]
S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 11:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4db821a-767d-11d9-947e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 04:46:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-23 05:25:38 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 11:10:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
.
**************************************************************************
.
Completion time: 2008-02-23 12:22:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-23 20:22:41
.
2008-02-22 11:04:04 --- E O F ---

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:57 AM

Posted 23 February 2008 - 04:11 PM

You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users