Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Need Help With My Combo Fix Log Results


  • This topic is locked This topic is locked
2 replies to this topic

#1 bsantefort

bsantefort

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:31 AM

Posted 23 April 2008 - 03:48 PM

I had a networm-i.Virus , said I had a back door trojan, and there were lots of popups. After running my combo fix my computer is running faster and it seems to be fixed. I am not getting any popups anymore. My concern is my security. Is it protected. When I go to put in a password it says do you want to veiw the nonsecure parts of the page. I would appreciate your help.
Here's my log.


ComboFix 08-04-22.3 - Owner 2008-04-23 7:48:48.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\ErrorProtector Free
C:\Documents and Settings\Owner\Application Data\ErrorProtector Free\Logs\update.log
C:\Documents and Settings\Owner\Favorites\Online Security Test.url
C:\Documents and Settings\Owner\ResErrors.log
C:\Program Files\AntiSpywareMaster
C:\Program Files\AntiSpywareMaster\asm.exe
C:\Program Files\AntiSpywareShield
C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
C:\Program Files\AntiSpywareShield\AntiSpywareShield.lic
C:\Program Files\AntiSpywareShield\AntiSpywareShield0.ad
C:\Program Files\AntiSpywareShield\AntiSpywareShield1.ad
C:\Program Files\AntiSpywareShield\Uninstall.exe
C:\Program Files\NetProject\sbmdl.dll
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\sbun.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\scu.exe
C:\Program Files\XP Antivirus
C:\Program Files\XP Antivirus\xpa.exe.tmp
C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-22 17:35 . 2008-04-22 17:35 <DIR> d-------- C:\WINDOWS\Speeditup Free
2008-04-22 17:35 . 2008-04-22 17:36 <DIR> d-------- C:\Program Files\Speeditup Free
2008-04-21 21:59 . 2008-04-21 22:07 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-20 22:11 . 2008-04-20 22:11 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-04-20 22:10 . 2008-04-20 22:31 <DIR> d-------- C:\Program Files\Norton 360
2008-04-20 22:07 . 2008-04-20 22:14 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-20 22:07 . 2008-04-20 22:14 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-20 22:07 . 2008-04-20 22:14 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-20 22:07 . 2008-04-20 22:14 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-20 22:06 . 2008-04-20 22:14 <DIR> d-------- C:\Program Files\Symantec
2008-04-20 22:06 . 2008-04-20 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-20 21:50 . 2008-04-20 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-19 07:31 . 2008-04-21 08:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-19 07:31 . 2008-04-19 07:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-19 00:30 . 2008-04-19 22:28 <DIR> d-------- C:\WINDOWS\system32\892267
2008-04-13 13:11 . 2008-04-13 13:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ieSpell
2008-04-01 22:31 . 2008-04-01 22:31 <DIR> d-------- C:\Program Files\ieSpell

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 13:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-23 04:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-21 14:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-03-20 08:24 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 15:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-13 04:12 --------- d-----w C:\Program Files\iTunes
2008-03-12 13:57 --------- d-----w C:\Program Files\QuickTime
2008-03-08 04:27 --------- d-----w C:\Program Files\Swypeout Battle Racing
2008-03-07 02:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 02:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 02:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 01:06 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-02-20 01:06 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2008-01-29 17:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
2007-06-24 18:36 4,718,592 ----a-w C:\Documents and Settings\Owner 134\ntuser.oldnothing.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-23 21:08 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-20 22:13 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll" [2008-02-23 21:08 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-02-23 21:08 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@={4433A54A-1AC8-432F-90FC-85F045CF383C}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@={F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@={476D0EA3-80F9-48B5-B70B-05E677C9C148}

[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 03:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-09 20:21 68856]
"AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-10-16 21:31 7307264]
"nwiz"="nwiz.exe" [2005-10-16 21:31 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-10-16 21:31 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 04:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 14:37 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 09:50 988512]
"AntiSpywareMaster"="C:\Program Files\AntiSpywareMaster\asm.exe" [ ]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-23 16:28:38 126136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-23 13:33:31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 08:09:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-04-23 8:35:52 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-04-23 13:34:53

Pre-Run: 11,142,598,656 bytes free
Post-Run: 11,290,157,056 bytes free

186 --- E O F --- 2008-04-09 11:26:39

BC AdBot (Login to Remove)

 


#2 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 AM

Posted 30 April 2008 - 07:08 PM

Welcoming to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

You seem to have missed the directions that are pinned to the top of this forum and posted above.

Sorry for the wait, if you still need help, post a fresh HJT log for starters, using these instructions:

Download Trend Micro Hijack This™
http://download.bleepingcomputer.com/hijac.../HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 AM

Posted 07 May 2008 - 06:31 PM

There has been no response to this topic in over a week
This topic is closed

Thanks...pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users