Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Google Develops AI That Can Separate Voices in a Crowd

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Photo

Combifix Log

Started by katiepage , Aug 20 2009 11:15 AM

  • This topic is locked This topic is locked
1 reply to this topic

#1 katiepage

katiepage

  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:11:22 AM

Posted 20 August 2009 - 11:15 AM

Hi,

I have run combifix and it seems to have fixed everything but it has suggested that I post the log anyway.

Your comments would be appreciated.

Thanks,
Kat

ComboFix 09-08-19.0C - user 20/08/2009 16:50.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.123 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe

.
((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-20 12:28 . 2009-08-20 12:28 -------- d-----w- c:\windows\system32\KB905474
2009-08-20 12:28 . 2009-03-10 21:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-08-20 12:28 . 2009-03-10 21:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2009-08-20 11:58 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-20 08:41 . 2009-07-25 08:54 335752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-08-20 08:41 . 2009-07-25 08:54 2053912 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-08-20 08:41 . 2009-07-25 08:54 907032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgemc.exe
2009-08-20 08:41 . 2009-07-25 08:54 1111320 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgssie.dll
2009-08-20 08:41 . 2009-07-25 08:54 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-08-20 08:41 . 2009-07-25 08:54 2301720 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-08-20 08:41 . 2009-07-25 08:54 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-08-20 08:41 . 2009-07-25 08:54 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-08-20 08:41 . 2009-07-25 08:54 1206040 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-08-20 08:41 . 2009-07-25 08:54 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-08-20 08:41 . 2009-07-25 08:54 836888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-08-20 08:41 . 2009-07-25 08:54 3298584 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-08-20 08:39 . 2009-07-25 08:53 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-08-20 08:39 . 2009-07-25 08:53 1471768 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-08-19 22:41 . 2009-08-19 22:49 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-19 21:22 . 2009-08-19 21:22 -------- d-----w- c:\program files\Windows Defender
2009-07-28 07:35 . 2009-07-28 07:35 -------- d-----w- c:\program files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-20 13:47 . 2008-09-11 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-20 12:26 . 2009-03-01 11:39 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-20 11:55 . 2008-06-25 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-20 08:41 . 2008-06-25 19:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-20 08:41 . 2008-06-25 19:55 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 08:41 . 2008-06-25 19:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-05 09:01 . 2008-04-14 04:42 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 21:22 . 2009-02-02 09:35 -------- d-----w- c:\documents and settings\user\Application Data\Skype
2009-07-30 15:04 . 2009-02-02 09:36 -------- d-----w- c:\documents and settings\user\Application Data\skypePM
2009-07-29 04:37 . 2008-04-14 04:42 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2008-04-14 04:41 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-28 07:35 . 2009-02-02 09:34 -------- d-----r- c:\program files\Skype
2009-07-28 07:34 . 2009-02-02 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-21 06:30 . 2008-09-11 17:05 -------- d-----w- c:\program files\Google
2009-07-19 12:03 . 2009-07-19 12:03 1915520 ----a-w- c:\documents and settings\user\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-17 19:01 . 2008-04-14 04:41 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2008-04-14 04:42 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2008-05-26 13:43 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2008-05-26 13:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2008-05-26 13:42 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-12 12:31 . 2008-04-14 04:42 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2008-04-14 04:42 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2008-04-14 04:41 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2008-04-14 04:42 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2008-04-14 04:42 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 08:21 . 2008-06-25 19:49 34632 -c--a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-24 23:24 . 2008-05-26 22:18 350208 ------w- c:\windows\system32\mssph.dll
.

------- Sigcheck -------

[-] 2008-05-26 13:44 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-20 2007832]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 08:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/06/2008 20:55 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/06/2008 20:55 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [05/07/2008 00:39 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05/07/2008 00:39 297752]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [16/01/2009 20:12 38144]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [25/06/2008 20:09 35968]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [25/06/2008 20:09 214272]
S2 gupdate1ca09cc6ef6c588;Google Update Service (gupdate1ca09cc6ef6c588);c:\program files\Google\Update\GoogleUpdate.exe [21/07/2009 07:28 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-11 08:51]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 06:27]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 06:27]

2009-08-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-08-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-08-20 21:18]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TkBellExe - c:\program files\ACE Mega CoDecS Pack\SystemS\RealMedia\Update_OB\realsched.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 16:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-20 17:00
ComboFix-quarantined-files.txt 2009-08-20 16:00

Pre-Run: 19,143,892,992 bytes free
Post-Run: 19,129,683,968 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

165 --- E O F --- 2009-08-20 12:29

BC AdBot (Login to Remove)

 

#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
    •  
  • Location:Cleveland, Ohio
  • Local time:06:22 AM

Posted 20 August 2009 - 03:58 PM

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I Infected forum.
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter
Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·