Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COMBOFIX ANALYSIS NEEDED!


  • This topic is locked This topic is locked
2 replies to this topic

#1 SkanlessKrew

SkanlessKrew

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 10 March 2009 - 05:11 PM

Can someone please assist me with understanding what this combofix log means, and are there anymore steps needed for me to be completely virus/malware free??? All input is welcomed!!! Thanks!!!!!


ComboFix 09-03-10.01 - Master 2009-03-10 15:00:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1504 [GMT -7:00]
Running from: c:\documents and settings\Master\Desktop\Extra bleep\Combofix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-10 14:07 . 2009-03-10 14:49 <DIR> d-------- C:\FixCombo
2009-03-10 12:19 . 2008-06-06 12:15 51,520 --a------ c:\windows\system32\drivers\TfFsMon.sys
2009-03-10 12:19 . 2008-06-06 12:15 38,208 --a------ c:\windows\system32\drivers\TfSysMon.sys
2009-03-10 12:19 . 2008-06-06 12:15 33,088 --a------ c:\windows\system32\drivers\TfNetMon.sys
2009-03-10 12:19 . 2008-06-06 12:15 12,608 --a------ c:\windows\system32\drivers\TfKbMon.sys
2009-03-10 10:18 . 2009-03-10 14:55 <DIR> d-------- c:\program files\Spyware Doctor
2009-03-10 10:18 . 2009-03-10 10:18 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-10 10:18 . 2009-03-10 10:18 <DIR> d-------- c:\documents and settings\Master\Application Data\PC Tools
2009-03-10 10:18 . 2009-03-10 12:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-03-10 10:18 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-10 10:18 . 2009-02-23 10:11 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-10 10:18 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-10 10:18 . 2008-12-10 12:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-09 18:23 . 2009-03-09 18:23 190,592 --ah----- c:\windows\system32\mlfcache.dat
2009-03-09 14:41 . 2009-03-09 14:41 <DIR> d-------- c:\program files\Trend Micro
2009-03-09 14:02 . 2009-03-09 14:02 <DIR> d--hs---- c:\documents and settings\Master\IETldCache
2009-03-09 14:02 . 2009-03-09 14:02 <DIR> d--hs---- c:\documents and settings\Master\IECompatCache
2009-03-09 13:41 . 2009-03-09 13:41 <DIR> d-------- c:\program files\Escan
2009-03-09 13:41 . 2004-10-22 14:10 120,832 --a------ c:\windows\system32\keylbe32.dll
2009-03-09 13:41 . 2002-12-12 08:09 60,416 --a------ c:\windows\system32\MCPAPI.DLL
2009-03-09 13:41 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
2009-03-09 13:41 . 2009-03-09 13:41 3,120 --a------ c:\windows\sharp101.ini
2009-03-09 13:41 . 2009-03-09 13:41 3,120 --a------ c:\windows\Master.ini
2009-03-09 13:41 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2009-03-09 13:20 . 2009-03-09 13:21 <DIR> d--h-c--- c:\windows\ie8
2009-03-09 13:15 . 2009-01-10 22:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-09 12:41 . 2009-03-09 12:41 <DIR> d-------- c:\program files\Windows Defender
2009-03-09 11:48 . 2009-03-09 11:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Martau
2009-03-09 11:36 . 2009-03-09 11:36 <DIR> d-------- c:\program files\Total Uninstall 5
2009-03-08 00:49 . 2009-03-08 00:49 <DIR> d-------- c:\program files\Ace Utilities
2009-03-07 23:54 . 2009-03-09 10:49 <DIR> d-------- c:\windows\Crystal
2009-03-07 09:59 . 2009-03-08 11:21 <DIR> d-------- c:\documents and settings\Master\Application Data\Move Networks
2009-03-06 20:24 . 2009-03-06 20:24 <DIR> d-------- c:\program files\Silver Creek Installer
2009-03-06 18:06 . 2009-03-06 19:45 2,516 --ahs---- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-03-06 18:06 . 2009-03-06 19:41 88 -r-hs---- c:\documents and settings\All Users\Application Data\E57978BFE6.sys
2009-03-06 18:05 . 2009-03-06 18:06 <DIR> d-------- c:\documents and settings\Master\Application Data\Corel
2009-03-06 18:04 . 2009-03-06 18:04 <DIR> d-------- c:\program files\Common Files\Protexis
2009-03-06 18:04 . 2009-03-06 18:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-03-06 17:19 . 2009-03-06 17:19 <DIR> d-------- c:\program files\Corel
2009-03-06 17:19 . 2009-03-06 17:19 <DIR> d-------- c:\program files\Common Files\Corel
2009-02-19 16:32 . 2009-02-19 16:32 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{148E2BA5-04F8-4E34-A0CD-B558E3EF6019}
2009-02-18 21:38 . 2009-02-18 21:38 <DIR> d-------- c:\program files\FontHit Software
2009-02-18 21:38 . 2009-02-18 21:38 <DIR> d-------- c:\documents and settings\Master\Application Data\FontHit
2009-02-16 13:13 . 2009-02-16 13:51 <DIR> d-------- c:\documents and settings\Master\Application Data\Download Manager
2009-02-11 20:05 . 2009-02-11 20:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\HID
2009-02-11 20:03 . 2009-02-11 20:03 <DIR> d-------- c:\program files\Microsoft SQL Server
2009-02-11 20:03 . 2009-02-11 20:04 <DIR> d-------- c:\program files\Common Files\HID
2009-02-11 20:03 . 2009-02-11 20:03 <DIR> d-------- c:\program files\Asure ID AIO
2009-02-11 11:11 . 2009-02-11 11:11 <DIR> d-------- c:\program files\Paint.NET
2009-02-10 19:50 . 2009-02-10 19:50 <DIR> d-------- c:\windows\pfziusb
2009-02-10 19:50 . 2009-02-10 19:50 <DIR> d-------- c:\program files\Zebra
2009-02-10 19:23 . 2009-02-10 19:24 <DIR> d-------- c:\program files\Canon
2009-02-10 19:23 . 2009-02-10 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-02-10 19:21 . 2009-02-10 19:21 <DIR> d-------- c:\program files\Common Files\Canon
2009-02-10 19:16 . 2009-02-10 19:16 <DIR> d-------- c:\program files\Mars Systems
2009-02-10 19:16 . 2009-02-10 19:16 <DIR> d-------- c:\documents and settings\Master\Application Data\Mars Systems
2009-02-10 19:16 . 2009-02-10 19:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Mars Systems
2009-02-10 16:41 . 2009-03-08 19:42 66 --a------ c:\windows\HDP5000Tbo.INI
2009-02-10 16:38 . 2009-02-10 16:38 <DIR> d--h----- c:\documents and settings\All Users\Application Data\{93CD8CC6-0881-4D18-A826-DAA73A031A46}
2009-02-10 14:54 . 2009-03-08 00:53 <DIR> d-------- C:\InstantID+
2009-02-10 14:54 . 1999-08-13 07:00 317,952 --a------ c:\windows\system32\Roboex32.dll
2009-02-10 14:54 . 1998-11-13 05:25 274,704 --a------ c:\windows\system32\ntwdblib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 21:55 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-10 17:30 --------- d-----w c:\documents and settings\Master\Application Data\Azureus
2009-03-10 06:33 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-09 22:45 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-09 20:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-08 07:53 --------- d-----w c:\program files\Punch! Home Design - Platinum
2009-03-08 07:53 --------- d-----w c:\program files\Hardwood Spades
2009-03-06 23:28 --------- d-----w c:\program files\Common Files\Adobe
2009-03-06 23:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-06 23:25 --------- d-----w c:\program files\Vuze
2009-02-23 20:00 --------- d-----w c:\program files\Norton SystemWorks
2009-02-18 04:21 895 ----a-w c:\windows\Fonts\tpybi___.PFM
2009-02-18 04:21 855 ----a-w c:\windows\Fonts\tpyi____.PFM
2009-02-18 04:21 833 ----a-w c:\windows\Fonts\tpyb____.PFM
2009-02-18 04:21 816 ----a-w c:\windows\Fonts\tiyb____.PFM
2009-02-18 04:21 774 ----a-w c:\windows\Fonts\tiybi___.PFM
2009-02-18 04:21 766 ----a-w c:\windows\Fonts\tiyi____.PFM
2009-02-18 04:21 1,812 ----a-w c:\windows\Fonts\tpy_____.PFM
2009-02-18 04:21 1,747 ----a-w c:\windows\Fonts\tiy_____.PFM
2009-02-18 04:15 707 ----a-w c:\windows\Fonts\ambi____.PFM
2009-02-18 04:15 703 ----a-w c:\windows\Fonts\ami_____.PFM
2009-02-18 04:15 701 ----a-w c:\windows\Fonts\amb_____.PFM
2009-02-18 04:15 680 ----a-w c:\windows\Fonts\ariab___.PFM
2009-02-18 04:14 696 ----a-w c:\windows\Fonts\am______.PFM
2009-02-10 23:37 --------- d-----w c:\program files\Fargo
2009-02-04 01:37 --------- d-----w c:\program files\Roxio
2009-02-04 00:19 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-02-04 00:19 286,720 ------w c:\windows\Setup1.exe
2009-02-03 23:44 --------- d-----w c:\documents and settings\Master\Application Data\U3
2009-02-03 19:15 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-02-03 19:14 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-02-03 00:32 --------- d-----w c:\documents and settings\Master\Application Data\FastStone
2009-01-28 04:52 47,360 ----a-w c:\documents and settings\Master\Application Data\pcouffin.sys
2009-01-28 04:52 --------- d-----w c:\documents and settings\Master\Application Data\Vso
2009-01-28 04:49 47,360 ------w c:\windows\system32\drivers\pcouffin.sys
2009-01-28 04:39 --------- d-----w c:\program files\Common Files\AVSMedia
2009-01-28 02:47 --------- d-----w c:\documents and settings\Master\Application Data\AVS4YOU
2009-01-28 02:46 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-27 18:47 --------- d-----w c:\documents and settings\Master\Application Data\Malwarebytes
2009-01-27 18:46 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-27 17:39 146,432 ----a-w c:\windows\regedit.exe
2009-01-27 05:13 --------- d-----w c:\documents and settings\Master\Application Data\Apple Computer
2009-01-25 22:45 --------- d-----w c:\program files\iTunes
2009-01-25 22:45 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-25 22:44 --------- d-----w c:\program files\iPod
2009-01-25 22:44 --------- d-----w c:\program files\Common Files\Apple
2009-01-23 23:30 --------- d-----w c:\program files\Microtek
2009-01-23 18:03 --------- d-----w c:\program files\QuickTime
2009-01-23 17:58 --------- d-----w c:\program files\Safari
2009-01-16 02:49 --------- d-----w c:\program files\High-Logic
2009-01-16 02:49 --------- d-----w c:\documents and settings\Master\Application Data\FontCreator
2009-01-15 09:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 09:05 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-01-15 09:04 18,944 ----a-w c:\windows\system32\corpol.dll
2009-01-15 09:03 72,704 ----a-w c:\windows\system32\admparse.dll
2009-01-15 09:03 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-01-15 09:03 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-01-15 09:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 09:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 09:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-15 08:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-15 00:11 38,496 ------w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 00:11 15,504 ------w c:\windows\system32\drivers\mbam.sys
2009-01-14 07:31 --------- d-----w c:\documents and settings\LocalService\Application Data\Roxio
2009-01-14 05:32 --------- d-----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-01-14 05:31 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2009-01-14 05:26 --------- d-----w c:\program files\SmartSound Software
2009-01-14 05:26 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-14 05:26 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2009-01-14 04:34 410,984 ------w c:\windows\system32\deploytk.dll
2009-01-14 04:34 --------- d-----w c:\program files\Java
2009-01-14 04:21 --------- d-----w c:\program files\MSBuild
2009-01-14 04:20 --------- d-----w c:\program files\Reference Assemblies
2009-01-14 01:15 --------- d-----w c:\program files\Ahead
2009-01-14 00:56 --------- d-----w c:\program files\MagicDisc
2009-01-14 00:36 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-01-14 00:25 --------- d-----w c:\program files\BitPim
2008-04-18 15:56 118,784 ----a-w c:\program files\mozilla firefox\plugins\MyCamera.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-03-10_14.41.35.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-10 21:37:32 16,384 ----atw c:\windows\temp\Perflib_Perfdata_538.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 63,712 2007-03-09 18:09:58 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

----a-w 39,792 2007-10-11 02:51:55 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 39,792 2008-01-12 06:16:38 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

----a-w 185,896 2007-03-15 19:25:45 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 66,680 2004-03-01 00:44:46 c:\program files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 58,728 2008-01-17 19:42:02 c:\program files\Common Files\Symantec Shared\CCAPP.EXE

----a-w 267,048 2008-01-15 11:22:56 c:\program files\iTunes\bak\iTunesHelper.exe
----a-w 290,088 2009-01-06 21:06:36 c:\program files\iTunes\iTunesHelper.exe

----a-w 385,024 2008-01-10 23:27:36 c:\program files\QuickTime\bak\QTTask.exe
----a-w 413,696 2009-01-06 00:18:48 c:\program files\QuickTime\QTTask.exe

----a-w 124,128 2004-03-12 23:18:32 c:\program files\Symantec AntiVirus\bak\VPTray.exe

------w 15,360 2004-08-04 08:56:50 c:\windows\system32\bak\ctfmon.exe
------w 15,360 2008-04-14 00:12:16 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-13 136600]
"spybot"="c:\program files\spybot - search & destroy\spybotsd.exe" [2005-05-31 4393096]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microtek Scanner Finder.lnk - c:\program files\Microtek\ScanWizard 5\ScannerFinder.exe [2009-01-23 344064]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Master^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Master^Start Menu^Programs^Startup^VZAccess Manager.lnk]
backup=c:\windows\pss\VZAccess Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Master^Start Menu^Programs^Startup^WordWeb.lnk]
backup=c:\windows\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
c:\program files\Roxio\CinePlayer\DMXLauncher.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 14:06 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [N/A]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"Norton SystemWorks"="c:\program files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Symantec NetDriver Monitor"=c:\progra~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Ace Utilities\\au.exe"=
"c:\\Program Files\\Adobe\\Adobe Illustrator CS2\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS2\\Photoshop.exe"=
"c:\\Program Files\\EndTask\\EndTask Pro\\EndTaskPro.exe"=
"c:\\Program Files\\Fargo\\Diagnostics Utility\\DiagTool.exe"=
"c:\\Program Files\\Fargo\\Fargo Workbench Printer Utility\\Workbench.exe"=
"c:\\Program Files\\High-Logic\\FontCreator\\FontCreator.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\NMain.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 pctcore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-10 130424]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-03-10 51520]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-03-10 38208]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-03-10 159600]
R2 Cold Fusion Application Server;Cold Fusion Application Server;c:\cfusion\BIN\cfserver.exe [2007-10-24 3485696]
R2 Cold Fusion Executive;ColdFusion Executive;c:\cfusion\BIN\cfexec.exe [2007-10-24 430080]
R2 Cold Fusion RDS;ColdFusion RDS;c:\cfusion\BIN\cfrdsservice.exe [2007-10-24 917504]
R2 ColdFusion Management Repository;ColdFusion Management Repository Server;c:\cfusion\jrun\bin\jrun.exe [2007-10-24 53248]
R2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2009-03-09 2304]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2004-08-31 95328]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-03-10 33088]
S1 d962815e;d962815e;c:\windows\system32\drivers\d962815e.sys --> c:\windows\system32\drivers\d962815e.sys [?]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S2 windefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 AL101;Airlink101 802.11g PCI Driver;c:\windows\system32\drivers\AL101.sys [2007-01-17 380928]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [2007-01-23 14095]
S3 NTProcDrv;Process creation detector for NT.;c:\program files\EndTask\EndTask Pro\NTProcDrv.sys [2007-05-06 3584]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-04-19 99200]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-03-10 64392]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2008-07-16 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2008-07-16 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2008-07-16 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2008-07-16 59520]
S3 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-10 348752]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S4 SessionLauncher;SessionLauncher;c:\docume~1\Master\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Master\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\autorun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3c8db63-f157-11dd-9949-001485101894}]
\shell\autorun\command - G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-29 12:51]

2009-03-07 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Master.job
- c:\progra~1\NORTON~1\NORTON~3\Navw32.exe [2005-10-19 13:54]

2009-03-09 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2004-11-03 22:19]

2009-03-10 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2004-10-27 11:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Master\Application Data\Mozilla\Firefox\Profiles\8poep9xm.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCIG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 15:01:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(772)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2009-03-10 15:03:10
ComboFix-quarantined-files.txt 2009-03-10 22:03:01
ComboFix2.txt 2009-03-10 21:48:52

Pre-Run: 57,882,087,424 bytes free
Post-Run: 57,713,905,664 bytes free

338 --- E O F --- 2009-03-09 20:27:28

BC AdBot (Login to Remove)

 


#2 SkanlessKrew

SkanlessKrew
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 10 March 2009 - 05:13 PM

Sorry.... I'm a newbie... after I already posted my combofix log, I realized that it states not to do that exact thing... My sincerest apologies... Sorry administrators! My bad!!

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:05:55 AM

Posted 10 March 2009 - 06:00 PM

Please follow the explicit instructions here and repost in this forum.

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Keep the CF log but do nothing with it. A Tech may ask for it.

Be patient. We are very busy, but your post will be responded to

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users