Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Log Report


  • This topic is locked This topic is locked
1 reply to this topic

#1 maddrc16

maddrc16

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 16 July 2008 - 12:51 AM

i am faced each day as i am innocently browsing with obscene and prolific popups. After many failed attempts to remove them i checked tech support forums to look for a solution. I happened upon a combofix guide and tutorial which suggested i post my log report to be analyzed by helpers.


ComboFix 08-07-14.2 - john 2008-07-16 1:14:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.435 [GMT -3:00]
Running from: C:\Documents and Settings\john\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\john\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\john\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Documents and Settings\john\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\john\Local Settings\Temporary Internet Files\ijjistarter2.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000111_.tmp.dll
C:\WINDOWS\system32\amqmry.dll
C:\WINDOWS\system32\exhbwvds.ini
C:\WINDOWS\system32\ibdjnjva.ini
C:\WINDOWS\system32\iiolwscs.dll
C:\WINDOWS\system32\qnyuamyr.ini
C:\WINDOWS\system32\SYaJkUtv.ini
C:\WINDOWS\system32\SYaJkUtv.ini2
C:\WINDOWS\system32\xbxhhtnm.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-14 17:59 . 2008-07-14 17:59 <DIR> d-------- C:\Documents and Settings\john\Application Data\Sierra
2008-07-14 17:45 . 2008-07-14 17:45 <DIR> d-------- C:\Program Files\Sierra
2008-07-13 18:01 . 2008-07-13 18:01 <DIR> d-------- C:\PSFONTS
2008-07-12 13:09 . 2008-07-15 19:23 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-12 12:49 . 2008-07-12 12:57 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-07-12 12:49 . 2008-07-12 12:57 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-07-12 12:49 . 2008-07-12 12:57 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-07-12 12:47 . 2008-07-12 12:47 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-07-12 12:47 . 2008-07-12 13:09 35,559 --a------ C:\WINDOWS\DIIUnin.dat
2008-07-12 12:47 . 2008-07-12 12:47 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-07-12 12:45 . 2008-07-15 19:23 <DIR> d-------- C:\Program Files\Diablo II
2008-07-12 12:09 . 2008-07-12 12:09 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-12 12:03 . 2008-07-12 12:03 <DIR> d-------- C:\Documents and Settings\john\Application Data\DAEMON Tools
2008-07-12 12:03 . 2008-07-12 12:03 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-10 07:58 . 2008-07-13 13:15 1,243 --a------ C:\WINDOWS\system32\msexcr.ini
2008-07-07 12:43 . 2008-07-07 12:43 <DIR> d-------- C:\Program Files\RealMedia
2008-07-07 12:43 . 2008-07-07 12:43 <DIR> d-------- C:\Program Files\OpenSource Flash Video Splitter
2008-07-07 12:43 . 2008-07-07 12:43 <DIR> d-------- C:\Program Files\DScaler5
2008-07-07 12:43 . 2008-07-07 12:43 <DIR> d-------- C:\Program Files\CD Audio Reader Filter
2008-07-07 12:42 . 2008-07-07 12:42 <DIR> d-------- C:\Program Files\SHOUTcast Source
2008-07-07 12:42 . 2008-07-07 12:42 <DIR> d-------- C:\Program Files\Haali
2008-07-07 12:42 . 2008-07-07 12:42 <DIR> d-------- C:\Program Files\DSP-worx
2008-07-07 12:42 . 2008-07-07 12:42 <DIR> d-------- C:\Program Files\DirectVobSub
2008-07-07 12:41 . 2008-07-15 23:23 <DIR> d-------- C:\Program Files\Zoom Player
2008-07-06 17:52 . 2008-07-15 23:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-06 17:52 . 2008-07-15 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-05 10:55 . 2008-07-05 10:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-04 18:40 . 2008-07-04 18:40 <DIR> d-------- C:\Program Files\DivX
2008-07-04 04:15 . 2008-07-06 03:40 <DIR> d-------- C:\Documents and Settings\john\Application Data\SPORE Creature Creator
2008-07-04 04:15 . 2008-07-04 04:15 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-04 04:13 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-04 04:11 . 2008-07-04 04:13 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-07-04 04:11 . 2008-07-04 04:11 <DIR> d-------- C:\WINDOWS\Logs
2008-07-03 13:35 . 2008-07-03 13:35 20,480 --a------ C:\t19k.16
2008-07-03 12:10 . 2008-07-03 12:23 <DIR> d-------- C:\Program Files\STOPzilla!
2008-07-03 10:50 . 2008-07-03 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZILLAbar
2008-07-03 10:49 . 2008-07-03 10:49 <DIR> d-------- C:\Documents and Settings\john\Application Data\STOPzilla!
2008-07-03 10:11 . 2008-07-03 12:17 3,424 --a------ C:\WINDOWS\system32\drivers\kgpcpy.cfg
2008-07-03 10:10 . 2008-07-03 10:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-03 10:09 . 2008-07-03 10:09 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-07-03 10:09 . 2008-07-03 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-02 05:16 . 2008-07-02 05:19 <DIR> d-------- C:\SIERRA
2008-07-02 05:16 . 2008-07-02 05:16 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-07-02 05:16 . 1998-10-30 23:21 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
2008-07-02 05:16 . 1998-10-30 23:21 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2008-07-02 05:16 . 2008-07-02 05:19 579 --a------ C:\WINDOWS\SIERRA.INI
2008-06-30 10:50 . 2008-07-15 19:09 <DIR> d-------- C:\Documents and Settings\john\Application Data\Lavasoft
2008-06-29 14:16 . 2008-06-29 14:16 53,000 --a------ C:\WINDOWS\system32\rounders.dat.dmp
2008-06-29 14:16 . 2008-06-29 14:16 3,314 --a------ C:\WINDOWS\system32\rounders.dat
2008-06-29 14:07 . 2008-06-29 14:07 <DIR> d-------- C:\Program Files\NHN USA
2008-06-29 14:07 . 2008-06-29 14:07 <DIR> d--h----- C:\Documents and Settings\john\Application Data\ijjigame
2008-06-29 14:07 . 2008-06-17 19:28 710,064 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2008-06-29 14:07 . 2008-06-11 23:01 58,800 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2008-06-29 02:02 . 2008-06-29 04:30 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-26 17:45 . 2008-06-26 17:59 724 --a------ C:\WINDOWS\NcEdtCln.INI
2008-06-26 17:22 . 2008-06-26 17:29 <DIR> d-------- C:\Documents and Settings\john\Application Data\PE Explorer
2008-06-26 17:21 . 2008-06-26 17:21 <DIR> d-------- C:\Program Files\PE Explorer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 04:01 --------- d-----w C:\Program Files\Lx_cats
2008-07-16 03:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-14 20:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-07 00:01 --------- d-----w C:\Program Files\music_now
2008-07-05 13:56 --------- d-----w C:\Program Files\AIM6
2008-07-05 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-29 09:19 --------- d-----w C:\Documents and Settings\john\Application Data\SecondLife
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 18:09 258,048 ----a-r C:\WINDOWS\system32\SZBase5.dll
2008-06-12 18:08 401,408 ----a-r C:\WINDOWS\system32\SZComp5.dll
2008-06-12 13:11 364,544 ----a-r C:\WINDOWS\system32\IS3DBA5.dll
2008-06-12 13:11 126,976 ----a-r C:\WINDOWS\system32\IS3HTUI5.dll
2008-06-12 13:10 61,440 ----a-r C:\WINDOWS\system32\IS3Hks5.dll
2008-06-12 13:10 372,736 ----a-r C:\WINDOWS\system32\IS3UI5.dll
2008-06-12 13:10 23,040 ----a-r C:\WINDOWS\system32\IS3XDat5.dll
2008-06-12 13:09 196,608 ----a-r C:\WINDOWS\system32\IS3Win325.dll
2008-06-12 13:08 94,208 ----a-r C:\WINDOWS\system32\IS3Inet5.dll
2008-06-12 13:08 90,112 ----a-r C:\WINDOWS\system32\IS3Svc5.dll
2008-06-12 13:05 708,608 ----a-r C:\WINDOWS\system32\IS3Base5.dll
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-06-03 20:46 --------- d-----w C:\Documents and Settings\john\Application Data\U3
2008-05-30 17:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 17:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 17:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 17:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 17:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 17:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 17:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-28 00:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-27 23:20 --------- d-----w C:\Documents and Settings\john\Application Data\Nexon
2008-05-27 23:19 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-05-27 20:59 --------- d-----w C:\Documents and Settings\john\Application Data\ArcSoft
2008-05-27 20:53 --------- d-----w C:\Program Files\SanDisk
2008-05-27 20:53 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-05-14 16:21 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 01:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2006-07-03 12:28 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 12:09 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-06-19 14:51 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-08 13:22 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 02:05 344064]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 09:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 14:36 827392]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 16:39 94208]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 19:01 233534]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 15:23 1187840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"EPSON Stylus C84 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE" [2003-05-27 03:00 99840]
"EPSON Stylus C84 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE" [2003-05-27 03:00 99840]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 13:02 1838592]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 10:00 79224]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 20:36 323216]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00 267064]
"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 05:58 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 12:30 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-08 04:33:39 125624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 17:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Documents and Settings\\john\\Desktop\\The Campbells\\Applications\\Veoh Networks\\Veoh\\VeohClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19085:TCP"= 19085:TCP:BitComet 19085 TCP
"19085:UDP"= 19085:UDP:BitComet 19085 UDP
"20119:TCP"= 20119:TCP:BitComet 20119 TCP
"20119:UDP"= 20119:UDP:BitComet 20119 UDP

R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-05-13 10:03]
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
R2 PNC Server andron;PNC Server andron;c:\documents and settings\john\desktop\the campbells\steven\cat\BIN\PNCServer.exe [2002-05-13 13:23]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 18:38]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 12:18]
S2 pciinfo;HP Pci Information;C:\DOCUME~1\heide\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c77f010-0cdc-11dd-8d96-0014a574597b}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 00:33:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-16 04:24:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{74C98130-66D2-4F62-B333-7335FB440D38} - C:\WINDOWS\system32\vtUkJaYS.dll
Toolbar-SITEguard - (no file)
HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-TkBellExe - C:\Program Files\RealMedia\Update_OB\realsched.exe
HKLM-Run-AWMON - C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
ShellExecuteHooks-{E55E1C86-434D-46F9-A253-2DE4AB3F9734} - C:\WINDOWS\system32\hgGxUNGy.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 01:21:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????>????|?????? ???B?????????????hLC? ??????

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-07-16 1:32:43 - machine was rebooted [john]
ComboFix-quarantined-files.txt 2008-07-16 04:31:41

Pre-Run: 53,500,735,488 bytes free
Post-Run: 54,400,135,168 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

256 --- E O F --- 2008-06-20 14:19:33

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:03:02 PM

Posted 16 July 2008 - 01:10 AM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected?[ What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

I will have a moderator close this topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users