Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Log Had A Trojan Avg Couldn't Fix Help!


  • This topic is locked This topic is locked
2 replies to this topic

#1 Tikidude

Tikidude

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:10:44 AM

Posted 13 September 2008 - 09:34 PM

Hi all,

Just ran combofix and it gave me this log which just looks like a bunch of random characters to me... Did it fix the problem or is there something I need to do? I also changed my clock settings and said it would change them back and it did not? HELP!!! Thank you in advance!

ComboFix 08-09-13.03 - Mike 2008-09-13 21:14:13.2 - NTFSx86
Running from: C:\Documents and Settings\Mike\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-08-14 to 2008-09-14 )))))))))))))))))))))))))))))))
.

2008-09-01 08:58 . 2008-09-01 08:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ascentive
2008-09-01 08:57 . 2008-09-01 09:13 <DIR> d-------- C:\Program Files\AscentiveDelete
2008-09-01 08:57 . 2008-04-29 13:14 208,896 --a------ C:\WINDOWS\system32\ConTest.dll
2008-09-01 08:57 . 2007-07-03 11:48 20,480 --a------ C:\WINDOWS\system32\SysRestore.dll
2008-08-31 11:06 . 2008-07-10 19:28 79,896 --a------ C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2008-08-31 11:05 . 2008-07-10 19:28 50,200 --a------ C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-08-31 11:04 . 2008-08-31 11:04 <DIR> d-------- C:\WINDOWS\system32\RsFx
2008-08-31 10:35 . 2008-08-31 10:35 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-08-31 10:35 . 2008-08-31 10:35 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-31 10:29 . 2008-08-31 10:36 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-08-31 10:28 . 2008-08-31 10:28 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-08-31 10:23 . 2008-08-31 10:24 <DIR> d-------- C:\464712e823c15337830c3dd532f2b2
2008-08-31 10:22 . 2008-08-31 10:40 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-08-26 21:16 . 2008-08-26 21:26 <DIR> d-------- C:\linksys wrt110
2008-08-14 06:42 . 2008-09-11 11:55 1,374 --a------ C:\WINDOWS\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-14 01:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-09-11 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-07 02:00 --------- d-----w C:\Documents and Settings\Mike\Application Data\AVG7
2008-09-06 05:27 --------- d-----w C:\Documents and Settings\Mike\Application Data\U3
2008-09-05 02:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-04 17:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-01 14:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-31 16:04 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-08-23 02:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-02 02:24 --------- d-----w C:\Program Files\Moviefone Toolbar
2008-08-02 02:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Moviefone Toolbar
2008-07-30 01:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-30 00:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-30 00:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-30 00:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-30 00:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-30 00:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-30 00:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-25 16:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-25 16:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 16:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 16:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2008-07-23 18:31 --------- d-----w C:\Program Files\TU-S9
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-17 01:42 --------- d-----w C:\Program Files\CCleaner
2008-07-16 22:29 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-16 22:29 --------- d-----w C:\Documents and Settings\Mike\Application Data\Netscape
2008-07-16 20:56 --------- d-----w C:\Documents and Settings\Mike\Application Data\InstallShield
2008-07-11 00:28 34,328 ----a-w C:\WINDOWS\system32\DTSPipelinePerf100.dll
2008-07-10 07:49 215,576 ----a-w C:\WINDOWS\system32\SqlServerSpatial.dll
2008-07-10 07:49 2,459,672 ----a-w C:\WINDOWS\system32\sqlncli10.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-06 12:06 89,088 ----a-w C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-07-06 12:06 575,488 ----a-w C:\WINDOWS\system32\xpsshhdr.dll
2008-07-06 12:06 575,488 ----a-w C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-07-06 12:06 117,760 ----a-w C:\WINDOWS\system32\prntvpt.dll
2008-07-06 12:06 1,676,288 ----a-w C:\WINDOWS\system32\xpssvcs.dll
2008-07-06 12:06 1,676,288 ----a-w C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-07-06 10:50 597,504 ----a-w C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-06-24 23:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 15:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2004-03-15 22:51 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV71ActiveXControl.dll
2005-10-12 20:04 131,072 ----a-w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
2007-11-22 21:50 152 --sh--r C:\WINDOWS\system32\64923883E3.sys
2006-07-25 20:29 88 --sh--r C:\WINDOWS\system32\E383389264.sys
2007-11-22 21:50 7,518 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 45,056 2005-08-12 19:43:58 C:\Program Files\ATI Technologies\ATI.ACE\bak\cli.exe

----a-w 94,208 2005-11-10 14:44:22 C:\Program Files\Common Files\Ahead\Lib\bak\NMBgMonitor.exe

----a-w 81,920 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe

----a-w 249,856 2005-06-10 15:44:02 C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

----a-w 335,970 2005-03-14 17:38:42 C:\Program Files\Dell\Media Experience\bak\PCMService.exe

----a-w 839,680 2005-12-06 15:45:14 C:\Program Files\Dell\QuickSet\bak\quickset.exe
----a-w 1,228,800 2007-07-03 18:57:38 C:\Program Files\Dell\QuickSet\quickset.exe

----a-w 460,784 2007-03-15 16:09:36 C:\Program Files\DellSupport\bak\DSAgnt.exe

----a-w 68,856 2007-08-06 00:20:43 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 421,888 2007-09-20 02:30:17 C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe

----a-w 696,320 2006-10-18 22:58:16 C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe
----a-w 696,320 2006-10-18 22:58:16 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

----a-w 802,816 2006-10-18 23:04:28 C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe
----a-w 802,816 2006-10-18 23:04:28 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

----a-w 132,496 2007-07-12 09:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe

----a-w 761,947 2005-11-29 23:56:30 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 1,024,000 2007-10-26 19:14:48 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

----a-w 48 2007-10-10 01:51:21 C:\Program Files\Trend Micro\Internet Security 12\bak\pc-cillin.ini
----a-w 2,785 2008-09-14 02:08:26 C:\Program Files\Trend Micro\Internet Security 12\pc-cillin.ini

----a-w 823,362 2005-08-30 21:30:26 C:\Program Files\Trend Micro\Internet Security 12\bak\pccguide.exe

----a-w 176,201 2006-04-12 00:39:22 C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\bak\TMAS_OEMon.exe

----a-w 15,360 2004-08-04 10:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 C:\WINDOWS\system32\ctfmon.exe

----a-w 155,648 2001-07-09 15:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

----a-w 122,941 2005-05-31 10:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

----a-w 98,304 2005-04-26 09:00:00 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATIAJA.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Performance Center"="C:\Program Files\Ascentive\Performance Center\APCMain.exe" [N/A]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="" [X]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-11 185896]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1024000]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2007-07-03 1228800]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-19 579584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 C:\WINDOWS\stsystra.exe]
"NWEReboot"="" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{82A0BF0F-4532-4C24-8088-557ECAC6EC99}"= "C:\WINDOWS\system32\msdbdi.dll" [2003-03-31 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\National Instruments\\LabVIEW 8.0\\LabVIEW.exe"=
"C:\\Program Files\\National Instruments\\Shared\\Example Finder\\1.0\\BIN\\NIExampleFinder.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\explorer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15055:TCP"= 15055:TCP:BitComet 15055 TCP
"15055:UDP"= 15055:UDP:BitComet 15055 UDP
"8080:TCP"= 8080:TCP:@xpsp2res.dll,-22008

R3 GameConsoleService;GameConsoleService;C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe [2007-12-19 18:59]
R3 nidsark;nidsark;C:\WINDOWS\system32\drivers\nidsark.dll [2005-10-06 12:14]
R3 niesrk;niesrk;C:\WINDOWS\system32\drivers\niesrk.dll [2005-10-07 00:19]
R3 nimslk;nimslk;C:\WINDOWS\system32\drivers\nimslk.dll [2005-10-06 01:00]
R3 nimsrlk;nimsrlk;C:\WINDOWS\system32\drivers\nimsrlk.dll [2005-10-06 01:00]
R3 nisdigk;nisdigk;C:\WINDOWS\system32\drivers\nisdigk.dll [2005-10-07 00:06]
R3 nisftk;nisftk;C:\WINDOWS\system32\drivers\nisftk.dll [2005-10-06 11:48]
R3 nispdk;nispdk;C:\WINDOWS\system32\drivers\nispdk.dll [2005-10-06 12:07]
R3 nissrk;nissrk;C:\WINDOWS\system32\drivers\nissrk.dll [2005-10-07 00:20]
R3 nistc2k;nistc2k;C:\WINDOWS\system32\drivers\nistc2k.dll [2005-10-06 12:03]
R3 nistcrk;nistcrk;C:\WINDOWS\system32\drivers\nistcrk.dll [2005-10-10 20:07]
R3 nitiork;nitiork;C:\WINDOWS\system32\drivers\nitiork.dll [2005-10-07 00:54]
R3 NiViFWK;NI-VISA FireWire Driver;C:\WINDOWS\system32\drivers\NiViFWK.sys [2005-10-12 17:13]
R3 NiViPciK;NI-VISA PCI Driver;C:\WINDOWS\system32\drivers\NiViPciK.sys [2005-10-12 17:04]
R3 NiViPxiK;NI-VISA PXI Driver;C:\WINDOWS\system32\drivers\NiViPxiK.sys [2005-10-12 17:04]
R3 niwfrk;niwfrk;C:\WINDOWS\system32\drivers\niwfrk.dll [2005-10-07 00:20]
R3 nixsrk;nixsrk;C:\WINDOWS\system32\drivers\nixsrk.dll [2005-10-07 00:20]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 19:28]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 06:17]
R4 RsFx0102;RsFx0102 Driver;C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 02:49]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 19:28]
S0 NIPALK;NIPALK;C:\WINDOWS\System32\drivers\nipalk.sys [2005-09-22 21:12]
S2 cvintdrv;cvintdrv;C:\WINDOWS\system32\DRIVERS\cvintdrv.syS [2005-10-18 10:00]
S2 gpib420;GPIB Analyzer;C:\WINDOWS\system32\drivers\gpib420.sys [2005-07-18 01:45]
S2 GpibPrtK;Gpib Port;C:\WINDOWS\system32\drivers\gpibprtk.sys [2005-07-18 01:25]
S2 lvalarmk;lvalarmk;C:\WINDOWS\system32\drivers\lvalarmk.dll [2005-07-27 08:58]
S2 mxssvr;NI Configuration Manager;C:\Program Files\National Instruments\MAX\nimxs.exe [2005-10-31 23:58]
S2 nidevldu;nidevldu;C:\WINDOWS\system32\nipalsm.exe [2005-09-22 17:16]
S2 nidimk;nidimk;C:\WINDOWS\system32\drivers\nidimk.dll [2005-09-28 21:14]
S2 nidmxfk;nidmxfk;C:\WINDOWS\system32\drivers\nidmxfk.dll [2005-10-13 07:27]
S2 niemrk;niemrk;C:\WINDOWS\system32\drivers\niemrk.dll [2005-10-07 00:19]
S2 nifslk;nifslk;C:\WINDOWS\system32\drivers\nifslk.dll [2005-10-06 11:32]
S2 nimxpk;nimxpk;C:\WINDOWS\system32\drivers\nimxpk.dll [2005-10-06 12:31]
S2 nipxirmk;nipxirmk;C:\WINDOWS\system32\drivers\nipxirmk.dll [2005-09-21 11:30]
S2 niswdk;niswdk;C:\WINDOWS\system32\drivers\niswdk.dll [2005-10-08 01:08]
S2 NITaggerService;National Instruments Variable Engine;C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2005-11-11 11:00]
S2 usb6xxxk;usb6xxxk;C:\WINDOWS\system32\drivers\usb6xxxk.dll [2005-10-07 00:06]
S3 nicdrk;nicdrk;C:\WINDOWS\system32\drivers\nicdrk.dll [2005-10-06 11:56]
S3 nimdbgk;nimdbgk;C:\WINDOWS\system32\drivers\nimdbgk.dll [2005-09-28 20:07]
S3 nimru2k;nimru2k;C:\WINDOWS\system32\drivers\nimru2k.dll [2005-09-28 21:54]
S3 nimsdrk;nimsdrk;C:\WINDOWS\system32\drivers\nimsdrk.dll [2005-10-06 12:19]
S3 nimstsk;nimstsk;C:\WINDOWS\system32\drivers\nimstsk.dll [2005-10-06 12:25]
S3 nimxdfk;nimxdfk;C:\WINDOWS\system32\drivers\nimxdfk.dll [2005-09-28 20:52]
S3 niorbk;niorbk;C:\WINDOWS\system32\drivers\niorbk.dll [2005-10-06 16:22]
S3 niscdk;niscdk;C:\WINDOWS\system32\drivers\niscdk.dll [2005-10-06 12:07]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f5208dc-6cc6-11dc-8bf7-0015c50f5afa}]
\Shell\AutoRun\command - H:\.\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4af7583a-cc2b-11dc-8cba-0015c50f5afa}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\8zith2w2.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 21:23:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-13 21:31:07
ComboFix-quarantined-files.txt 2008-09-14 02:30:37
ComboFix2.txt 2008-09-14 01:33:49

Pre-Run: 59,673,387,008 bytes free
Post-Run: 59,654,049,792 bytes free

262 --- E O F --- 2008-09-11 17:32:15

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:44 PM

Posted 14 September 2008 - 03:13 PM

Hi Tikidude

Firstly:
ComboFix is a tool that shouldn't be run without supervision.

It also changed my clock settings and said it would change them back and it did not?

and it won't yet, not until it's uninstalled.

Did it fix the problem or is there something I need to do?

It's thrown up a few problems.
We have a little work to do here.

but first i need to have a Hjt log as well as the combofix report.

Do you have Hjt on your system?
If not:
Download the latest version from the following link:

HijackThis Download Site
  • Double click HJTinstall.exe to begin installation.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis.
  • Click on Install, then I accept. A HijackThis icon will be created on the desktop and Hijackthis will launch.
  • Click on the Do a system scan button. When the scan is complete, click on the Save Log button to create a log of your information. The log should open in Notepad.
  • In Notepad, click the Format menu and make sure that ''Wordwrap' is NOT ticked. If it is then click on it to UNtick it.
  • Click Edit >> Select All then Edit >> Copy
  • Add the new log as a reply to this topic
Thanks

BBPP6nz.png


#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:04:44 PM

Posted 20 September 2008 - 02:22 PM

Due to the lack of feedback, this Topic will now be closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users