Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combofix


  • This topic is locked This topic is locked
3 replies to this topic

#1 errntoo

errntoo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 06 December 2012 - 08:58 AM

I ran combofix without supervision...this was on a suggestion from a friend and I was unaware of what problems it might cause. I won't do it again because now my computer keeps shutting down. Please help! Below is the combofix log, I hope this helps
.ComboFix 12-12-04.01 - Owner 12/06/2012 8:16.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.1095 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-06 to 2012-12-06 )))))))))))))))))))))))))))))))
.
.
2012-12-06 02:56 . 2012-12-06 02:56 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{133BAB7F-2A07-40D7-8C7D-CD50CBB850E5}\offreg.dll
2012-12-06 02:51 . 2012-12-06 13:00 -------- d-----w- c:\documents and settings\Owner\Downloads
2012-12-05 18:44 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{133BAB7F-2A07-40D7-8C7D-CD50CBB850E5}\mpengine.dll
2012-12-05 18:07 . 2012-12-05 18:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\e-academy Inc
2012-12-05 18:07 . 2012-12-05 18:07 -------- d-----w- c:\documents and settings\Owner\Application Data\e-academy Inc
2012-12-05 16:08 . 2012-12-05 16:08 -------- d-----w- c:\program files\CCleaner
2012-12-05 15:42 . 2012-12-05 15:42 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-12-05 15:42 . 2012-12-05 15:42 -------- d-----w- c:\documents and settings\All Users\Microsoft
2012-12-04 20:46 . 2010-02-28 06:13 49024 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
2012-12-04 20:46 . 2010-01-10 01:37 127232 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
2012-12-04 17:41 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-21 13:10 . 2012-11-21 13:10 -------- d-----w- c:\documents and settings\Owner\Application Data\StartNow Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 16:37 . 2012-10-22 16:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-22 16:37 . 2012-10-22 16:40 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-22 16:37 . 2011-11-14 19:06 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-22 08:37 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fa63398e-322b-4833-9af3-15837ad12138}"= "c:\program files\searchresults\searchresultsDx.dll" [2012-03-14 87008]
.
[HKEY_CLASSES_ROOT\clsid\{fa63398e-322b-4833-9af3-15837ad12138}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7878997-94DC-4FC7-8AEC-3038972E4D85}]
2010-12-29 18:20 14432 ----a-w- c:\program files\Shop to Win 23\Shop to Win 23.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 01:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fa63398e-322b-4833-9af3-15837ad12138}]
2012-03-14 11:14 87008 ----a-w- c:\program files\searchresults\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
"{fa63398e-322b-4833-9af3-15837ad12138}"= "c:\program files\searchresults\searchresultsDx.dll" [2012-03-14 87008]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{fa63398e-322b-4833-9af3-15837ad12138}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-06-19 101144]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-06-19 84760]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-06-19 125720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\searchresults\\dtUser.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [8/26/2011 5:18 AM 88192]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-527237240-1417001333-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-25 23:06]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-527237240-1417001333-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-25 23:06]
.
2012-12-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]
.
2012-12-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-06-07 01:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/web?l=dis&o=APN10019&gct=hp&apn_dtid=^YYYYYY^YY^US&apn_ptnrs=^A4L&apn_uid=2896515217634422&p2=^A4L^YYYYYY^YY^US
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-06 08:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3792)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\searchresults\searchresultstb.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2012-12-06 08:42:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-06 13:42
ComboFix2.txt 2012-12-05 18:35
.
Pre-Run: 44,337,618,944 bytes free
Post-Run: 44,347,252,736 bytes free
.
- - End Of File - - DE99BDA9250C83DB5078695C34475D9C

BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:12:33 PM

Posted 10 December 2012 - 08:31 AM

Hi,

Welcome to Bleeping Computer. My name is oneof4 and I will be helping you with your log.
Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic box to the right of your topic title and selecting Immediate Notification.


Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.


Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:

Best Regards,
oneof4.


#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:12:33 PM

Posted 15 December 2012 - 06:08 PM

Do you still need help?

Best Regards,
oneof4.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:33 PM

Posted 19 December 2012 - 07:46 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users