Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Clean ?


  • This topic is locked This topic is locked
2 replies to this topic

#1 nighttrain20

nighttrain20

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:14 AM

Posted 27 March 2010 - 06:30 AM

Hello, I was getting the anti virus popups so I ran combo fix. attached is the log can anyone tell me if I am clean. The computer seems to be running fine now....but ya never know.

Thanks in advance,

Tony


ComboFix 10-03-26.02 - Carol April 03/27/2010 7:11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.97 [GMT -4:00]
Running from: D:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\CAROLA~1\LOCALS~1\Temp\tmp1.tmp
c:\documents and settings\All Users\Application Data\e1fb3d3
c:\documents and settings\All Users\Application Data\e1fb3d3\43.mof
c:\documents and settings\All Users\Application Data\e1fb3d3\7781.mof
c:\documents and settings\All Users\Application Data\e1fb3d3\BackUp\DESKTOP.INI
c:\documents and settings\All Users\Application Data\e1fb3d3\SGD.ico
c:\documents and settings\All Users\Application Data\e1fb3d3\SGDSys\vd952342.bd
c:\documents and settings\All Users\Application Data\e1fb3d3\SGe1fb.exe
c:\documents and settings\Carol April\Application Data\Microsoft\dtPaper
c:\documents and settings\Carol April\Application Data\Microsoft\dtPaper\1.html
c:\documents and settings\Carol April\Application Data\Microsoft\dtPaper\cfg.msg
c:\documents and settings\Carol April\Application Data\Microsoft\dtPaper\tmp.bmp
c:\documents and settings\Carol April\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Guard.lnk
c:\documents and settings\Carol April\Application Data\Security Guard
c:\documents and settings\Carol April\Application Data\Security Guard\Instructions.ini
c:\documents and settings\Carol April\Desktop\Security Guard.lnk
c:\documents and settings\Carol April\Start Menu\Programs\Security Guard.lnk
c:\documents and settings\Carol April\Start Menu\Security Guard.lnk
c:\program files\Common Files\Uninstall
c:\program files\Helper
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\jestertb.dll
c:\windows\system\oeminfo.ini
c:\windows\SYSTEM32\adeeg.ini2
c:\windows\system32\akxwurns.ini
c:\windows\system32\avmioaku.ini
c:\windows\system32\awsgvkvy.dll
c:\windows\system32\bsfobvqq.ini
c:\windows\system32\bszip.dll
c:\windows\system32\clagfgcv.ini
c:\windows\system32\cpaktfvx.ini
c:\windows\system32\cuylmuff.exe
c:\windows\system32\devbpovc.ini
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\eewwcbat.ini
c:\windows\system32\erixmlml.exe
c:\windows\system32\ffsyoyft.ini
c:\windows\system32\fmoqxkpm.ini
c:\windows\system32\gpqawhex.exe
c:\windows\system32\gsscopce.exe
c:\windows\system32\huiiimaa.ini
c:\windows\system32\iuimsgfg.ini
c:\windows\system32\jjhnpqam.ini
c:\windows\SYSTEM32\kjllm.ini
c:\windows\system32\kjllm.ini2
c:\windows\system32\koppeopj.ini
c:\windows\system32\ljwsliuy.ini
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\luqppwfo.exe
c:\windows\system32\milyinpp.exe
c:\windows\system32\mkjmregx.ini
c:\windows\system32\mqnkunfr.ini
c:\windows\system32\mubsyxmh.ini
c:\windows\system32\ndisapi.dll
c:\windows\system32\nfwvhhqf.exe
c:\windows\system32\nkkpoqou.ini
c:\windows\system32\ovymptio.ini
c:\windows\system32\peyburjx.ini
c:\windows\system32\pikthmgb.ini
c:\windows\system32\qgdwsstp.exe
c:\windows\system32\qlsraduy.ini
c:\windows\system32\qnjarsvo.exe
c:\windows\system32\qsrbvjog.ini
c:\windows\system32\riercpou.ini
c:\windows\system32\rlsolsgs.ini
c:\windows\system32\rqsmkrob.ini
c:\windows\system32\satqcagr.ini
c:\windows\system32\sdra64.exe
c:\windows\system32\sortcxkc.ini
c:\windows\system32\srutv.ini
c:\windows\SYSTEM32\srutv.ini2
c:\windows\system32\suruqene.exe
c:\windows\system32\sxufejds.exe
c:\windows\system32\tnkxmdlo.ini
c:\windows\system32\tnxfjpsl.exe
c:\windows\system32\tremagki.exe
c:\windows\system32\ttjaabbu.exe
c:\windows\system32\udhsrqlq.ini
c:\windows\system32\vfpdcook.ini
c:\windows\system32\viwtoxka.exe
c:\windows\system32\vpbjfmce.ini
c:\windows\system32\vpgfbbgr.ini
c:\windows\system32\wkrkitri.ini
c:\windows\system32\wvvphrqw.exe
c:\windows\system32\wvykbeqa.ini
c:\windows\system32\xxlfqajl.exe
c:\windows\system32\yfhhbbwv.ini
c:\windows\system32\ykeowwss.ini
c:\windows\system32\ymndtepj.ini
c:\windows\system32\ynxdrsuy.ini
c:\windows\system32\yobmwlst.ini
c:\windows\system32\yrcfytll.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD
-------\Service_NDISRD


((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.

2010-03-25 17:57 . 2010-03-25 17:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-22 22:54 . 2010-03-22 22:54 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-22 00:35 . 2010-03-22 00:35 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SGHTDQD
2010-03-10 00:14 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 23:04 . 2010-03-06 23:04 -------- d-----w- c:\program files\Adobe Media Player

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 22:54 . 2009-08-15 13:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-25 00:26 . 2010-02-25 00:26 52224 ----a-w- c:\documents and settings\Carol April\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-25 00:26 . 2010-02-25 00:26 117760 ----a-w- c:\documents and settings\Carol April\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-25 00:26 . 2010-02-25 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-25 00:25 . 2010-02-25 00:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-25 00:25 . 2010-02-25 00:25 -------- d-----w- c:\documents and settings\Carol April\Application Data\SUPERAntiSpyware.com
2010-02-25 00:24 . 2010-02-25 00:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-22 07:11 . 2010-02-22 07:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-02-22 07:11 . 2010-02-19 03:11 -------- d-----w- c:\program files\McAfee Security Scan
2010-02-19 03:11 . 2010-02-19 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-02-19 03:11 . 2006-07-25 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-18 03:27 . 2008-01-01 19:33 -------- d-----w- c:\program files\Google
2010-02-14 00:32 . 2008-11-23 06:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-14 00:31 . 2010-01-07 00:14 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-14 00:31 . 2008-10-21 12:08 38784 ----a-w- c:\documents and settings\Carol April\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-07 20:07 . 2009-08-15 13:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 20:07 . 2009-08-15 13:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-12 14:06 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-18 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-11 290816]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-03-06 98304]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Carol April^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Carol April\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 22:54 57344 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON NX100 Series]
2008-02-04 21:00 188928 ----a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIEDA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2006-03-24 01:13 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-24 01:17 118784 ----a-w- c:\windows\SYSTEM32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 02:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-09-14 14:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-09-14 14:50 131072 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-03-06 21:21 98304 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-01-28 15:43 2097488 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 08:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 21:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-02-18 03:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Filetopia3\\Filetopia.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
S2 gupdate1c9d0458da338d8;Google Update Service (gupdate1c9d0458da338d8);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 9:29 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 01:29]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 01:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://portal.wowway.net/index.php
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

BHO-{09367929-A83D-41BA-A089-6366046C5541} - (no file)
BHO-{B65F0BEF-7F3B-4281-AF2B-F7CA63914A7B} - (no file)
BHO-{deb9ed19-c90f-4d9f-81e9-d1196b9f9b84} - (no file)
SafeBoot-tdidrv32.sys
MSConfigStartUp-20349907777035391669531638838323 - c:\program files\Antivirus 2009\av2009.exe
MSConfigStartUp-54fdf657 - c:\windows\system32\lltyfcry.dll
MSConfigStartUp-BM57cec5cb - c:\windows\system32\yemaryun.dll
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-MSDRV - NetFilter.exe
MSConfigStartUp-PersonalAV - c:\program files\PersonalAV\pav.exe
MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\mcafee.com\vso\mcmnhdlr.exe
AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 07:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2568)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-27 07:24:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-27 11:24

Pre-Run: 61,513,703,424 bytes free
Post-Run: 61,781,340,160 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F84150F9F95A8C1CCD9A12C0EC2F3FE8


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:14 AM

Posted 30 March 2010 - 07:04 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:14 AM

Posted 04 April 2010 - 07:29 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users