Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log File Of Combofix


  • This topic is locked This topic is locked
1 reply to this topic

#1 perfume117

perfume117

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 14 April 2008 - 12:11 AM

hello. i use combo fix to scan my computer. i ran it fourth times. at first it show that delete autorun.int and amvo.dll and ... from my hard drive and stop and didn't work. i reset my computer. at the second time it deleted one autorun.inf from my harddrive and then stop.i reset my computer. at third time it run to stage 24 and then stop. i reset my computer. and finally at fourth time it complete and repoted a log file below. :thumbsup:


ComboFix 08-04-12.5 - payroll 04/14/2008 20:48:16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.577 [GMT 4.5:30]
Running from: C:\Documents and Settings\payroll\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CCEVTMGR
-------\Service_ccEvtMgr
-------\Service_ccPwdSvc


((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 16:20 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-12 20:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-12 19:46 --------- d-----w C:\Program Files\GetData
2008-04-12 18:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-12 18:16 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-04-12 18:09 --------- d-----w C:\Program Files\Microsoft Visual Studio .NET 2003
2008-04-12 17:40 --------- d-----w C:\Program Files\HTML Help Workshop
2008-04-12 17:37 --------- d-----w C:\Program Files\Common Files\Crystal Decisions
2008-04-12 17:36 --------- d-----w C:\Program Files\Microsoft ACT
2008-04-09 21:37 --------- d-----w C:\Program Files\Symantec
2008-04-09 21:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-09 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-09 20:12 --------- d-----w C:\Program Files\MSBuild
2008-04-09 20:12 --------- d-----w C:\Program Files\Microsoft Works
2008-04-09 20:04 --------- d-----w C:\Program Files\Opera
2008-04-09 19:52 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-04-06 02:51 104,953 --sh--r C:\t.com
2008-03-19 00:02 --------- d-----w C:\Program Files\Winamp
2008-03-19 00:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 00:01 --------- d-----w C:\Program Files\JetAudio
2008-03-19 00:01 --------- d-----w C:\Program Files\Common Files\COWON
2008-03-18 23:56 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-18 23:56 --------- d-----w C:\Program Files\Ahead
2008-03-18 23:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-18 23:51 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-18 23:36 --------- d-----w C:\Program Files\Realtek
2008-03-18 23:36 --------- d-----w C:\Documents and Settings\nima\Application Data\InstallShield
2008-03-18 23:34 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-18 23:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-18 23:31 --------- d-----w C:\Program Files\Intel
2008-03-18 23:30 --------- d-----w C:\Program Files\Yahoo!
2008-03-18 23:22 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:37 AM 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/28/2005 10:25 AM 98304]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/28/2005 10:25 AM 118784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/10/2004 08:01 AM 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [08/03/2004 07:06 AM 124232]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 05:37 AM 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-04-10 00:24:12 69632]

[HKLM\~\startupfolder\C:^Documents and Settings^payroll^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\payroll\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 05/03/2005 03:13 PM 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
C:\WINDOWS\system32\amvo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 10/27/2006 12:17 PM 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
-ra------ 11/28/2005 10:22 AM 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/10/2001 12:20 AM 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 07/05/2007 12:38 PM 16380416 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 06/15/2007 01:15 PM 1826816 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 12/08/2005 11:48 PM 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{074e1492-0983-11dd-85d4-001d7d4aefe2}]
\Shell\AutoRun\command - I:\t.com
\Shell\explore\Command - I:\t.com
\Shell\open\Command - I:\t.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e713cc42-08a9-11dd-85d2-001d7d4aefe2}]
\Shell\AutoRun\command - I:\t.com
\Shell\explore\Command - I:\t.com
\Shell\open\Command - I:\t.com

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-14 20:50:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\PROGRA~1\MICROS~4\MSSQL\Binn\sqlservr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 04/14/2008 20:51:24 - machine was rebooted [payroll]
ComboFix-quarantined-files.txt 2008-04-14 16:21:19
Pre-Run: 14,169,939,968 bytes free
Post-Run: 14,066,507,776 bytes free

Attached Files

  • Attached File  log.txt   7.76KB   6 downloads


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 AM

Posted 14 April 2008 - 06:51 AM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum.. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users