Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plaacd combofix log


  • This topic is locked This topic is locked
3 replies to this topic

#1 Plaacid

Plaacid

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 02 May 2008 - 02:01 PM

Hi - I'm looking for some help to determine if I still have issues... Previously, my PC didn't pass POST. I removed the hard drive and tested it independently (HD enclosure), removed some temp files, etc. and reinstalled it. Windows then loaded - although painfully slowly and littered my desktop with error messages. I've since used HijackThis, Eusing Free Registry Cleaner, Ad-Aware and CCleaner. I've installed Windows XP Recovery Console and have run ComboFix. Prior to posting the following ComboFix log, I ran Ad-Aware again - it returned ZERO issues. Frankly not sure if I still have issues - Please review and provide guidance:

ComboFix 08-05-01.1 - Family 2008-05-02 16:12:03.2 - NTFSx86
Running from: E:\PC Fix Tools\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Family\Application Data\install.dat
C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\CPV.stt
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\Downloaded Program Files\UGDC_0001_N122M0502NetInstaller.exe
C:\WINDOWS\Downloaded Program Files\UGES_0001_N122M2602NetInstaller.exe
C:\WINDOWS\system32\wgozvemx.dllbox
C:\WINDOWS\uninstall_nmon.vbs

.
((((((((((((((((((((((((( Files Created from 2008-04-02 to 2008-05-02 )))))))))))))))))))))))))))))))
.

2008-05-01 15:41 . 2008-05-01 15:41 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
2008-05-01 15:20 . 2008-05-02 12:16 <DIR> d-------- C:\VundoFix Backups
2008-05-01 13:20 . 2003-04-07 02:05 155,648 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll
2008-05-01 13:07 . 2004-08-04 06:00 1,875,968 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-05-01 13:06 . 2004-08-04 06:00 13,463,552 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-05-01 13:05 . 2004-08-04 06:00 1,677,824 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-05-01 13:04 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fp4awel.dll
2008-05-01 12:58 . 2008-05-01 12:58 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-01 12:58 . 2008-05-01 12:58 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-05-01 12:58 . 2008-05-01 12:58 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-05-01 12:58 . 2008-05-01 12:58 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-05-01 12:58 . 2008-05-01 12:58 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-05-01 12:57 . 2004-08-04 06:00 111,104 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-05-01 12:57 . 2004-08-04 06:00 111,104 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-05-01 08:28 . 2008-05-01 08:28 <DIR> d-------- C:\WINDOWS\dell
2008-04-30 15:28 . 2008-04-30 15:28 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-04-29 21:08 . 2008-04-29 21:08 <DIR> d--hs---- C:\$RECYCLE.BIN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 21:10 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2008-05-01 21:08 --------- d-----w C:\Program Files\Quicken Legal Products
2008-03-09 00:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-04 20:26 20,480 ----a-w C:\WINDOWS\quit.exe
2008-03-04 19:52 40,960 ----a-w C:\WINDOWS\SYSTEM32\fadgsd.exe
2008-03-04 19:52 40,960 ----a-w C:\WINDOWS\cgghyljkm.exe
2008-03-03 21:26 40,960 ----a-w C:\WINDOWS\SYSTEM32\rfhdfhw.exe
2008-03-03 21:26 40,960 ----a-w C:\WINDOWS\gfhy45juyhgr.exe
2008-03-01 20:49 40,960 ----a-w C:\WINDOWS\rtgertyjrg.exe
2008-02-28 17:03 49,164 ----a-w C:\WINDOWS\SYSTEM32\kpwnw64l.exe
2008-02-28 16:45 49,157 ----a-w C:\WINDOWS\SYSTEM32\rwwnw64d.exe
2008-02-12 23:10 28,736 ----a-w C:\WINDOWS\SYSTEM32\63mo18qx.exe
2006-10-18 20:09 19,282 ----a-w C:\Program Files\DeIsL1.isu
2006-10-18 20:06 169 -c--a-w C:\Program Files\cgela.ini
2006-02-09 22:47 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2005-02-27 15:35 362,496 -c--a-w C:\Program Files\DVN-TH.c00
2003-05-29 14:05 1,770,414 -c--a-w C:\Program Files\DVN-TH.c43
2003-05-29 13:59 2,913,000 -c--a-w C:\Program Files\DVN-TH.ace
2003-05-29 12:06 5,478 -c--a-w C:\Program Files\divine.nfo
2002-10-12 19:23 148 -c--a-w C:\Program Files\REGSETUP.reg
2002-10-08 06:07 9,728 -c--a-w C:\Program Files\patch.exe
2002-10-07 03:20 2,305 -c--a-w C:\Program Files\Keyboard.cfg
2002-10-07 03:14 32,915 -c--a-w C:\Program Files\INSTALL.LOG
2002-09-20 20:41 327,680 -c--a-w C:\Program Files\RenderD3D.dll
2002-09-20 20:41 303,104 -c--a-w C:\Program Files\RenderOpenGL.dll
2002-09-20 20:00 53,248 -c--a-w C:\Program Files\config.exe
2002-09-20 15:53 110,387 -c--a-w C:\Program Files\Readme.rtf
2002-08-26 22:01 90,112 -c--a-w C:\Program Files\p5dll.dll
2002-08-05 09:20 159,744 -c--a-w C:\Program Files\jpegdll.dll
2002-07-09 04:00 135,168 -c--a-w C:\Program Files\eax.dll
2001-11-10 23:51 2,402 -c--a-w C:\Program Files\crack.nfo
2001-10-30 20:57 290,869 -c--a-w C:\Program Files\msvcrt.dll
2000-08-29 16:00 401,462 -c--a-w C:\Program Files\Msvcp60.dll
1998-02-13 12:57 89,760 ----a-w C:\Program Files\SMACKE16.DLL
1998-02-13 12:57 71,680 ----a-w C:\Program Files\SMACKW32.DLL
1998-02-13 12:57 379,392 ----a-w C:\Program Files\cgela.exe
1998-02-13 12:57 3 -c--a-w C:\Program Files\CGELA.RST
1998-02-13 12:57 28,432 ----a-w C:\Program Files\VAULT.INF
1998-02-13 12:57 18,454 ----a-w C:\Program Files\SMACKW16.DLL
1998-02-13 12:57 159,744 ----a-w C:\Program Files\MSS32.DLL
1998-02-13 12:57 112,128 ----a-w C:\Program Files\MSS16.DLL
1998-02-10 13:50 10,056 -c--a-w C:\Program Files\README.WRI
2005-07-29 21:24 472 -csha-r C:\WINDOWS\RmFtaWx5\lAIQuqUc.vbs
.

((((((((((((((((((((((((((((( snapshot@2008-05-02_14.59.43.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-02 18:51:09 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-02 20:07:43 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-02 20:08:03 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5c8.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 02:07 114688]
"QuickTime Task"="C:\program files\quicktime\qttask.exe" [2007-06-29 06:24 286720]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2006-12-19 17:47 77824]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2006-12-19 17:47 69632]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2006-12-19 17:47 69632]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2006-12-19 17:47 77824]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-12-19 17:47 77824]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 02:19 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe" [2006-06-22 14:44 128648]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:59 44544]

C:\Documents and Settings\Family\Start Menu\Programs\Accessories\Startup\
PowerReg Scheduler V3.exe [2005-09-16 20:05:26 225280]
PowerReg Scheduler.exe [2005-02-16 17:38:55 189952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\req]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ares Lite Edition\\Ares.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=


*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-01-16 12:50:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-17 22:19:06 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7600#MY35S1238G7I.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe$/#Hewlett-Packard#7600#MY35S1238G7I
"2008-05-01 17:18:08 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2004-04-25 03:23:35 C:\WINDOWS\Tasks\WebReg 20040424232334.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe4/TaskName 20040424232334 /N
"2005-02-28 18:31:09 C:\WINDOWS\Tasks\WebReg 20050228133102.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exeb/TaskName 20050228133102 /N
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 16:17:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-02 16:24:04
ComboFix-quarantined-files.txt 2008-05-02 20:23:59
ComboFix2.txt 2008-05-02 19:01:13

Pre-Run: 29,704,658,944 bytes free
Post-Run: 29,694,267,392 bytes free

152

BC AdBot (Login to Remove)

 


#2 Plaacid

Plaacid
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 02 May 2008 - 02:02 PM

Sorry - I should have also mentioned that I have a Dell Dimension 2400 Desktop PC with Windows XP Home (Service Pack 2). Error messages no longer appear - it appears to be working okay...

#3 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:12:41 PM

Posted 02 May 2008 - 02:17 PM

Sorry - I should have also mentioned that I have a Dell Dimension 2400 Desktop PC with Windows XP Home (Service Pack 2). Error messages no longer appear - it appears to be working okay...

Hi; you seem to have posted in someone else's thread so the Mods will need to move this log

#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:07:41 AM

Posted 02 May 2008 - 02:22 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users