Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Here is my combo fix log registry what next??


  • This topic is locked This topic is locked
2 replies to this topic

#1 bamamike

bamamike

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:30 AM

Posted 26 November 2010 - 09:22 PM

I had a virus pop up Microsoft essentials alert virus. I could not access the internet or run any current spyware. I went to another computer and download several programs to CD that dealt with this virus. Combo fix was the only one that seemed to work. Once I ran combofix everything worked fine. During the repair it could not access the internet so the microsoft console would not download. I started to do it manually but thought I better seek out help. Do I need the new console ? I'm running xp 5.1 pro sp 3.

Here is the log registry

ComboFix 10-11-25.06 - PBS 11/26/2010 18:17:58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.358 [GMT -6:00]
Running from: D:\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PBS\Application Data\hotfix.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-10-27 to 2010-11-27 )))))))))))))))))))))))))))))))
.

2010-11-26 22:31 . 2010-11-26 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-11-26 22:31 . 2010-11-26 22:31 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-11-26 22:31 . 2010-11-26 22:31 -------- d-----w- c:\program files\Common Files\XoftSpySE
2010-11-26 22:31 . 2010-11-26 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE
2010-11-26 21:30 . 2010-11-26 21:30 -------- d-----w- c:\program files\bam
2010-11-26 03:25 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{29900EFD-4424-4C63-AC26-C29EBD12DB5D}\mpengine.dll
2010-11-25 22:25 . 2010-11-25 22:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-25 14:29 . 2010-11-25 14:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-11-25 14:11 . 2010-11-25 14:11 190 ----a-w- c:\documents and settings\PBS\Application Data\aswhj.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-10 04:33 . 2010-04-08 21:37 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2010-04-05 20:27 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-18 17:23 . 2006-04-30 06:55 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-04-30 06:55 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-04-30 06:55 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-04-30 06:55 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-04-30 06:55 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-04-30 06:55 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2006-04-30 06:55 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-04-30 06:55 1852800 ------w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-04-18 17:05 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^PBS^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\PBS\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^PBS^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\PBS\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2005-11-14 06:23 487424 ------w- c:\program files\ThinkVantage\AMSG\Amsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
2006-04-18 17:05 69632 ------w- c:\program files\Lenovo\AwayTask\AwaySch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
2006-05-13 04:15 2333440 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 11:42 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2006-05-19 00:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2006-02-02 10:20 122940 ------w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FPCCSMiddleware]
2008-03-07 00:47 536184 ------w- c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-04-18 17:44 68592 ------w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-08 01:07 61952 ------w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-06-23 19:44 86016 ------w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 20:49 49152 ------w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2005-09-07 08:25 36864 ------w- c:\program files\HP\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I.R.I.S. Desktop Search]
2006-01-11 13:37 5193512 ------w- c:\program files\IRIS Desktop Search\IRISDesktopSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2006-06-23 19:41 98304 ------w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ------w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2006-03-22 16:10 106496 ------w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-02-03 18:05 233304 ------w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2010-05-04 00:38 550232 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
2005-04-13 22:34 49152 ------w- c:\windows\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 09:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDService.exe]
2006-03-14 00:38 41472 ------r- c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2006-06-23 19:40 81920 ------w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2005-10-28 18:08 335872 ------w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-12-09 03:27 417792 ------w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-20 13:12 148888 ------w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-31 03:31 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2006-02-02 13:12 45056 ------w- c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2006-03-28 12:01 503808 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tvtnetwk"=2 (0x2)
"TVT Scheduler"=2 (0x2)
"TVT Backup Service"=2 (0x2)
"ThinkVantage Registry Monitor Service"=2 (0x2)
"SUService"=2 (0x2)
"SeaPort"=2 (0x2)
"PsaSrv"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"LeapFrog Connect Device Service"=2 (0x2)
"IPSSVC"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"DVD-RAM_Service"=2 (0x2)
"Diskeeper"=2 (0x2)
"CCALib8"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:LitvinenKO

R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 6:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [5/12/2006 8:10 PM 3968]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [4/6/2009 1:43 PM 18560]
S3 XoftSpyService;XoftSpyService;c:\program files\Common Files\XoftSpySE\6\xoftspyservice.exe [9/29/2010 12:43 PM 582424]
.
Contents of the 'Scheduled Tasks' folder

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410958148-315197523-2699183023-1005Core.job
- c:\documents and settings\PBS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-06 13:39]

2010-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410958148-315197523-2699183023-1005UA.job
- c:\documents and settings\PBS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-06 13:39]

2010-11-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]

2010-11-27 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-09-29 18:43]

2010-11-26 c:\windows\Tasks\XoftSpySE.job
- c:\documents and settings\PBS\My Documents\spy software\XoftSpySE6\XoftSpySELauncher.exe [2010-09-29 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-26 18:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'explorer.exe'(6012)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2010-11-26 18:32:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-27 00:32
ComboFix2.txt 2010-04-05 17:04

Pre-Run: 62,072,614,912 bytes free
Post-Run: 62,547,742,720 bytes free

- - End Of File - - BC711A9690A86707F317811EB9BF55B8

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:30 AM

Posted 26 November 2010 - 09:28 PM

Hello bamamike ,

Posted Image

Can you get me a DDS report? Look at the top of this page....click the link in bold blue and follow the directions for DDS. :thumbup2:

Just to be clear....as of now you aren't having any problems?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:30 AM

Posted 04 December 2010 - 09:58 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users