Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Finished combo fix, can someone look at my log


  • This topic is locked This topic is locked
1 reply to this topic

#1 2naboy

2naboy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 09 June 2009 - 04:49 PM

I ran combofix after using malwarebyte multiple times to scan and delete the malware/virus that was in my computer. It did not work well at all. Every time I ran the scan, it came back with the same results even after it deleted it previously. I went on their forum and read up on some of the postings and found a problem similar to mine. It was suggested, on that thread that combofix be used instead. I followed the link and it led me to this website where I downloaded the program. I had to run it two different times before it worked completely. The first time, the computer crashed right after it deleted some of
the bad files but it did not get to them all. After restarting, I ran combofix again and this time it went all the way through but on the restart, it froze and I had to shutdown the computer and turn it on again. When it turned on and after I logged in, combofix was able to resume and finished the process.

Now my desktop background changed but that seems to be the only side effect of the program thus far. I have not restarted it again after combo fix because I want for somone to look at the log and let me know if there is something else that I need to do. Thanks a lot, I really appreciate the help.

Here are the logs:



ComboFix 09-06-08.05 - Charles 06/09/2009 13:05.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.506 [GMT -7:00]
Running from: c:\users\Charles\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SKYNETibilobqe.sys
c:\windows\system32\SKYNETiopqcbbm.dll
c:\windows\system32\SKYNETjxvwvcyh.dll
c:\windows\system32\SKYNETneustlrp.dat
c:\windows\system32\SKYNETtbipxvof.dat
D:\Desktop.ini
.
---- Previous Run -------
.
c:\windows\system32\drivers\SKYNETibilobqe.sys
c:\windows\system32\drivers\UACpywrfncwsrrisbj.sys
c:\windows\system32\SKYNETefjyqqgy.dat
c:\windows\system32\SKYNEThcuchwmp.dll
c:\windows\system32\SKYNETqoprusnm.dll
c:\windows\system32\UACbtdofmxkepeljyt.dll
c:\windows\system32\UACfqubdpnrlortmnn.log
c:\windows\system32\UACfryyibrpxqujevy.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACipucmxmtvtfwxwd.dll
c:\windows\system32\UACleddsixfnifttwv.dll
c:\windows\system32\UAClfortpppsxpvvxc.log
c:\windows\system32\UACnxqsdwsgnurjpqb.dat
c:\windows\system32\UACpehfefbvffxuodw.db
c:\windows\system32\UACprxcbekcsiggain.dll
c:\windows\system32\UACwdtqumrkntcthvv.dll
c:\windows\system32\UACxxunpihvqqqrucb.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETihmvbntv
-------\Service_UACd.sys
-------\Service_SKYNETihmvbntv


((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-09 20:32 . 2009-06-09 20:32 -------- d-sh--w- \$RECYCLE.BIN
2009-06-09 20:16 . 2009-06-09 20:32 -------- d-----w- c:\users\Charles\AppData\Local\temp
2009-06-09 19:51 . 2009-06-09 20:33 -------- d-s---w- \ComboFix
2009-06-09 17:46 . 2009-06-09 19:11 -------- d-----w- \Qoobox
2009-06-09 16:54 . 2009-06-09 20:29 1003106304 --sha-w- \hiberfil.sys
2009-06-09 00:40 . 2009-06-09 00:40 -------- d-----w- c:\users\Charles\AppData\Roaming\Malwarebytes
2009-06-09 00:06 . 2009-06-09 00:06 -------- d-----w- c:\program files\Trend Micro
2009-06-08 23:34 . 2009-06-09 01:04 -------- d-sh--w- \Config.Msi
2009-06-08 23:07 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 23:07 . 2009-06-08 23:07 -------- d-----w- c:\programdata\Malwarebytes
2009-06-08 23:07 . 2009-06-09 18:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 23:07 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 20:58 . 2009-06-09 20:17 1512480 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-08 20:35 . 2009-06-08 23:34 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-06-08 20:35 . 2009-06-08 20:35 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2009-06-08 20:35 . 2009-06-08 23:34 -------- d-----w- c:\programdata\ParetoLogic
2009-06-08 20:31 . 2009-06-08 20:31 -------- d-----w- c:\users\Charles\AppData\Local\Downloaded Installations
2009-06-08 06:17 . 2009-06-08 06:17 -------- d-----w- C:\44fd4b386644c78ca43742ee26
2009-06-08 06:17 . 2009-06-08 06:17 -------- d-----w- \44fd4b386644c78ca43742ee26
2009-06-08 05:39 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-08 05:39 . 2009-04-03 18:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-08 05:39 . 2008-12-18 19:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-08 05:39 . 2009-06-08 05:41 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-08 05:39 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-08 05:38 . 2009-06-08 06:48 -------- d-----w- c:\program files\Spyware Doctor
2009-06-08 05:38 . 2009-06-08 05:38 -------- d-----w- c:\users\Charles\AppData\Roaming\PC Tools
2009-06-08 05:38 . 2009-06-08 05:38 -------- d-----w- c:\programdata\PC Tools
2009-06-08 05:02 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-08 05:02 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-08 05:02 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-08 05:02 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-08 05:02 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-08 05:02 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-08 05:01 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-08 04:53 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-08 04:53 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-08 04:53 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-08 04:53 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-08 04:53 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-06 18:39 . 2009-06-06 18:39 -------- d-----w- C:\MGADiagToolOutput
2009-06-06 18:39 . 2009-06-06 18:39 -------- d-----w- \MGADiagToolOutput
2009-06-06 18:38 . 2009-06-06 18:38 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-06-06 16:58 . 2009-06-06 16:58 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-06 05:06 . 2009-06-08 05:38 -------- d-----w- c:\program files\Norton Security Scan
2009-06-06 04:51 . 2009-06-06 04:51 -------- d-----w- c:\users\Charles\AppData\Roaming\MSNInstaller
2009-06-06 04:38 . 2009-06-08 05:35 -------- d-----w- c:\programdata\Google Updater
2009-06-06 04:37 . 2009-06-06 04:37 217088 ----a-w- c:\users\Charles\firefox.exe
2009-06-05 23:55 . 2009-06-06 03:55 -------- d-sh--w- c:\users\Charles\'
2009-06-05 23:55 . 2009-06-06 03:15 115968 ----a-w- c:\users\Charles\a.zip
2009-06-05 23:55 . 2009-06-06 03:15 147456 ----a-w- c:\users\Charles\vbzip10.dll
2009-06-05 20:47 . 1997-04-09 03:08 299520 ----a-w- c:\windows\uninst.exe
2009-06-05 20:47 . 2009-06-05 20:47 0 --sha-r- \MSDOS.SYS
2009-06-05 20:47 . 2009-06-05 20:47 0 --sha-r- \IO.SYS
2009-06-04 23:29 . 2009-06-04 23:29 -------- d-----w- c:\programdata\NVIDIA
2009-06-04 21:49 . 2009-06-04 21:50 15196056 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\SetupGamesClient.exe
2009-06-02 01:54 . 2009-06-02 01:54 -------- d-----w- c:\programdata\AVS4YOU
2009-06-02 01:53 . 2009-06-02 01:53 -------- d-----w- c:\users\Charles\AppData\Roaming\AVS4YOU
2009-06-02 01:53 . 2009-06-02 04:54 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-02 01:53 . 2003-05-21 19:50 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-02 01:53 . 2009-06-02 04:54 -------- d-----w- c:\program files\AVS4YOU
2009-05-25 05:36 . 2009-05-25 05:36 -------- d-sh--w- C:\found.000
2009-05-25 05:36 . 2009-05-25 05:36 -------- d-sh--w- \found.000
2009-05-16 16:12 . 2009-05-16 16:12 -------- d-----w- c:\users\Charles\AppData\Roaming\vlc
2009-05-12 20:48 . 2009-05-12 20:48 127877 ----a-w- c:\users\Charles\AppData\Roaming\Move Networks\uninstall.exe
2009-05-10 23:45 . 2009-05-10 23:45 -------- d-----w- c:\programdata\WindowsSearch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 20:29 . 2009-06-09 16:54 1003106304 --sha-w- \hiberfil.sys
2009-06-09 20:29 . 2007-07-06 12:25 1318973440 --sha-w- \pagefile.sys
2009-06-09 20:17 . 2009-06-08 20:58 18164 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-08 22:00 . 2007-08-25 06:10 1356 ----a-w- c:\users\Charles\AppData\Local\d3d9caps.dat
2009-06-06 05:07 . 2007-05-29 07:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-06 04:49 . 2007-05-29 07:33 -------- d-----w- c:\programdata\Symantec
2009-06-06 04:39 . 2007-09-15 16:00 -------- d-----w- c:\program files\Google
2009-06-06 03:15 . 2008-09-15 05:09 -------- d-----w- c:\users\Charles\AppData\Roaming\LimeWire
2009-06-05 23:32 . 2007-05-29 07:31 -------- d-----w- c:\programdata\Roxio
2009-06-05 23:23 . 2007-10-28 02:20 -------- d-----w- c:\users\Charles\AppData\Roaming\Roxio
2009-06-05 22:37 . 2007-07-29 18:42 35541 ----a-w- c:\users\Charles\AppData\Roaming\nvModes.dat
2009-06-04 22:15 . 2007-05-29 08:05 -------- d-----w- c:\programdata\WildTangent
2009-06-04 21:59 . 2007-05-29 08:05 -------- d-----w- c:\program files\HP Games
2009-06-02 01:54 . 2007-07-29 17:59 107136 ----a-w- c:\users\Charles\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-13 10:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 04:04 . 2008-02-08 20:29 -------- d-----w- c:\users\Charles\AppData\Roaming\Move Networks
2009-05-12 20:48 . 2009-05-01 06:30 4183416 ----a-w- c:\users\Charles\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
2009-05-03 03:13 . 2007-08-19 14:45 -------- d-----w- c:\program files\SopCast
2009-04-22 16:23 . 2007-05-29 08:05 -------- d-----w- c:\program files\Yahoo!
2009-04-21 23:49 . 2007-05-29 08:35 -------- d-----w- c:\program files\Java
2009-03-17 03:38 . 2009-04-15 10:21 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 10:21 24064 ----a-w- c:\windows\system32\amxread.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-13 431752]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-28 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-28 81920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-29 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D1A0DAED-B4D9-417E-91AA-F1CB28090FF5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CF420997-A179-42A8-A833-07F6C1DE2F71}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FABC5D01-90B9-4323-978A-1BC9E0C4B648}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{9D839C64-DF27-43D5-9374-45F410999409}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{3E1165D4-6501-4D5C-B527-FD0719E2BFBF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{AF3360B3-52FB-47E0-B472-39F5E0A261E2}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6466F7C8-9789-4F93-B00F-3F85CFE814FB}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2346F100-EA86-48A7-B581-AAFCBAC9515D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9EF3943E-DCE5-480B-ADBE-BDF50FFDB414}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{118BCD34-FAA4-4805-883F-0965C17EE6F0}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{251F8B15-C6B1-4FB6-8647-5F3464FB8CD1}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{4E4C03B3-6F7E-48D9-A502-D165805D7A47}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{B1E1E379-F48F-4F95-870D-452BD42FD1AE}c:\\users\\charles\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\charles\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{7D61C3E1-139B-4B2D-973F-0ED1B4E984D1}c:\\users\\charles\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\charles\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{8F65E6DF-59FA-48D1-A72E-C77380E08176}c:\\program files\\ppmate\\ppamnet.exe"= UDP:c:\program files\ppmate\ppamnet.exe:ppmnet Module
"UDP Query User{5F8669D5-B692-4A53-987D-2957CDC6D13A}c:\\program files\\ppmate\\ppamnet.exe"= TCP:c:\program files\ppmate\ppamnet.exe:ppmnet Module
"TCP Query User{FC27209A-E744-46AA-8907-3F7DCE851742}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{1B5E8F69-B721-49A4-81A9-817881E0E320}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{C73F6769-854E-4BC0-909E-F59D1BC66D5F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{677BA06E-7A2B-426B-85A5-9DE87E2AF432}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{96D7C512-0AF3-41BE-853A-CFF530783385}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{E64FE72F-541B-4062-974E-871E72EFC4F1}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{C473479E-12A9-48D5-8CEE-02317EA96F6B}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{AC269516-0C03-4C93-90B0-97949126CE71}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{58AC04B7-E3D5-44CD-8048-7702F035FA2E}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{13022989-1E15-447B-A7C2-81E210500EF4}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{C0E56952-2C87-48D4-AD67-8A2CB88FFDDB}c:\\program files\\auction client\\ringstart.exe"= UDP:c:\program files\auction client\ringstart.exe:RingStart
"UDP Query User{C9F5DFA0-7831-44B3-AA81-7CAE753B5E7E}c:\\program files\\auction client\\ringstart.exe"= TCP:c:\program files\auction client\ringstart.exe:RingStart
"TCP Query User{701A7514-1DDF-46D6-A2B0-D28ADAD88903}c:\\program files\\auction client\\auctionclient.exe"= UDP:c:\program files\auction client\auctionclient.exe:AuctionClient
"UDP Query User{22C0DF0A-8AB7-49CF-9735-7AAF418EA494}c:\\program files\\auction client\\auctionclient.exe"= TCP:c:\program files\auction client\auctionclient.exe:AuctionClient
"TCP Query User{47109F2A-77DA-46F8-8986-6A9F85EB3794}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{536FE94B-7939-4181-AF02-6B4D716D3456}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{5B66A2DB-7C41-470D-933D-DD133B6D072A}c:\\users\\charles\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:c:\users\charles\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{29C39AAF-EABC-4778-B919-D4160DA5C4D8}c:\\users\\charles\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:c:\users\charles\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{1F1F41EF-35D7-4AE1-8695-A426041EAC68}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{6C346A24-EC1D-48D0-A186-B3BED9BD9802}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{3E4BBEF9-5641-4F0F-91AE-0E80C5B87DA3}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{4878DEED-35D3-4720-BF6E-E5F35837A2F7}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{1D941B48-71D3-4D50-BD17-952E7A3E6FEB}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{E6AE0191-48BC-4C79-ACEE-0883FABF327E}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{7FB9F571-8A58-4463-A88C-5ED4470C4F05}c:\\westwood\\renegadempdemo\\renegadedemo.exe"= UDP:c:\westwood\renegadempdemo\renegadedemo.exe:Renegade
"UDP Query User{E21149CC-757B-40D4-A524-46B0656637C0}c:\\westwood\\renegadempdemo\\renegadedemo.exe"= TCP:c:\westwood\renegadempdemo\renegadedemo.exe:Renegade

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\PPMate\\ppmate.exe"= c:\program files\PPMate\ppmate.exe:*:Enabled:PPMate
"c:\\Program Files\\PPMate\\ppamnet.exe"= c:\program files\PPMate\ppamnet.exe:*:Enabled:PPMate

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [6/7/2009 10:39 PM 130936]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [5/29/2007 12:39 AM 212280]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/7/2009 10:38 PM 348752]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-15 04:38]

2009-06-06 c:\windows\Tasks\Norton Security Scan for Charles.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 11:18]

2009-06-09 c:\windows\Tasks\User_Feed_Synchronization-{1D8C4D96-AB81-426A-85E4-A8B1A04F9B99}.job
- c:\windows\system32\msfeedssync.exe [2009-06-09 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\sjvmj9tt.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\users\Charles\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 13:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-06-09 13:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-09 20:43

Pre-Run: 59,072,323,584 bytes free
Post-Run: 59,724,652,544 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,4,5,6,7,8
293 --- E O F --- 2009-06-09 03:31

BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 09 June 2009 - 05:16 PM

Hello 2naboy,

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users