COMBOFIX LOG

View previous topic View next topic Go down

COMBOFIX LOG

Post by lisadled on Sun Mar 14, 2010 7:31 pm

ComboFix 10-03-13.03 - Lisa 03/14/2010 14:16:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.490 [GMT -5:00]
Running from: c:\documents and settings\Lisa\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Lisa\Application Data\02000000f2e9c41f724C.manifest
c:\documents and settings\Lisa\Application Data\02000000f2e9c41f724O.manifest
c:\documents and settings\Lisa\Application Data\02000000f2e9c41f724P.manifest
c:\documents and settings\Lisa\Application Data\02000000f2e9c41f724S.manifest
c:\documents and settings\Lisa\Application Data\inst.exe
c:\documents and settings\Lisa\Application Data\SystemProc
c:\windows.0\system32\1784401421
c:\windows.0\system32\unrar.exe
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-13 15:35 . 2010-03-13 15:35 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-13 15:35 . 2010-03-13 15:35 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-13 15:35 . 2010-03-13 15:35 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-13 15:35 . 2010-03-13 15:35 12464 ----a-w- c:\windows.0\system32\avgrsstx.dll
2010-03-10 09:06 . 2010-03-10 09:06 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-05 22:00 . 2000-01-24 11:01 453632 ----a-w- c:\windows.0\system32\stdvcl40.dll
2010-03-05 22:00 . 2010-03-05 22:01 -------- d-----w- c:\program files\Web CEO
2010-02-24 12:59 . 2010-02-25 01:45 -------- d-----w- c:\program files\MSECache
2010-02-24 08:50 . 2010-02-24 08:50 -------- d-----w- c:\documents and settings\Lisa\Application Data\Internet Explorer
2010-02-24 08:50 . 2010-02-24 08:50 -------- d-----w- c:\documents and settings\Lisa\Application Data\AddThis
2010-02-24 08:50 . 2010-02-24 08:50 -------- d-----w- c:\program files\AddThis
2010-02-24 01:17 . 2010-02-24 01:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-23 02:37 . 2010-03-07 00:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-23 02:37 . 2010-03-06 02:46 -------- d-----w- c:\documents and settings\Lisa\Local Settings\Application Data\Temp
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows.0\system32\GPhotos.scr
2010-02-13 00:14 . 2010-02-13 00:18 -------- d-----w- c:\windows.0\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 21:27 . 2009-12-06 20:54 -------- d-----w- c:\documents and settings\Lisa\Application Data\LimeWire
2010-03-13 15:35 . 2009-12-06 04:06 242696 ----a-w- c:\windows.0\system32\drivers\avgtdix.sys
2010-03-13 15:35 . 2009-12-06 04:05 29512 ----a-w- c:\windows.0\system32\drivers\avgmfx86.sys
2010-03-13 15:34 . 2009-12-06 04:05 216200 ----a-w- c:\windows.0\system32\drivers\avgldx86.sys
2010-03-11 23:14 . 2010-01-02 04:05 -------- d-----w- c:\documents and settings\Lisa\Application Data\Vso
2010-03-10 09:06 . 2009-12-26 06:06 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-06 02:47 . 2009-12-06 20:06 -------- d-----w- c:\program files\Google
2010-03-05 07:02 . 2010-01-21 10:13 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-03-03 03:01 . 2009-12-27 06:00 -------- d-----w- c:\documents and settings\Lisa\Application Data\Azureus
2010-02-27 23:22 . 2009-12-06 02:22 68736 ----a-w- c:\documents and settings\Lisa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 15:16 . 2009-12-26 06:13 181632 ------w- c:\windows.0\system32\MpSigStub.exe
2010-02-24 05:07 . 2010-01-21 10:17 -------- d-----w- c:\documents and settings\Lisa\Application Data\Windows Live Writer
2010-02-12 21:36 . 2009-12-06 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-02-05 05:51 . 2010-02-05 05:50 10686001 ----a-w- c:\documents and settings\Lisa\Application Data\Azureus\plugins\azump\mplayer.exe
2010-02-03 05:11 . 2009-12-06 04:29 -------- d-----w- c:\documents and settings\Lisa\Application Data\Yahoo!
2010-01-22 19:42 . 2010-01-21 09:48 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-22 02:19 . 2010-01-22 02:19 -------- d-----w- c:\program files\Citrix
2010-01-22 02:11 . 2010-01-22 02:11 70984 ----a-w- c:\documents and settings\Lisa\g2mdlhlpx.exe
2010-01-21 12:53 . 2010-01-21 12:53 -------- d-----w- c:\documents and settings\Lisa\Application Data\Apple Computer
2010-01-21 12:24 . 2010-01-21 12:23 -------- d-----w- c:\program files\QuickTime
2010-01-21 12:23 . 2010-01-21 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-21 12:23 . 2010-01-21 12:23 -------- d-----w- c:\program files\Common Files\Apple
2010-01-21 12:22 . 2010-01-21 12:22 -------- d-----w- c:\program files\Apple Software Update
2010-01-21 12:22 . 2010-01-21 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-21 10:32 . 2010-01-21 10:32 -------- d-----w- c:\documents and settings\Lisa\Application Data\Windows Search
2010-01-21 10:12 . 2010-01-21 10:09 -------- d-----w- c:\program files\Windows Live
2010-01-21 10:12 . 2010-01-21 10:12 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-01-21 10:11 . 2010-01-21 10:11 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-21 10:10 . 2010-01-21 10:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-21 09:49 . 2010-01-21 09:49 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-21 09:49 . 2010-01-21 09:49 -------- d-----w- c:\documents and settings\Lisa\Application Data\Windows Desktop Search
2010-01-21 09:14 . 2009-12-06 04:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 03:02 . 2010-01-18 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-01-17 22:32 . 2009-12-26 09:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-17 22:32 . 2010-01-17 22:32 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-17 22:26 . 2010-01-17 22:16 -------- d-----w- c:\program files\Bing Bar Installer
2010-01-17 22:17 . 2010-01-17 22:17 -------- d-----w- c:\program files\MSN Toolbar
2010-01-17 21:58 . 2009-12-27 06:50 -------- d-----w- c:\program files\Microsoft
2010-01-15 04:55 . 2009-12-07 21:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-15 01:09 . 2009-12-27 07:29 -------- d-----w- c:\program files\DivX
2010-01-14 18:09 . 2009-12-28 16:01 -------- d-----w- c:\documents and settings\Lisa\Application Data\vlc
2010-01-10 06:14 . 2010-01-02 04:05 47360 ----a-w- c:\windows.0\system32\drivers\pcouffin.sys
2010-01-10 06:14 . 2010-01-02 04:05 47360 ----a-w- c:\documents and settings\Lisa\Application Data\pcouffin.sys
2010-01-10 06:14 . 2010-01-02 04:05 47360 ----a-w- c:\documents and settings\Lisa\Application Data\pcouffin.sys
2010-01-07 22:07 . 2009-12-26 09:10 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-12-26 09:10 19160 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2009-12-31 16:50 . 2008-04-14 00:45 353792 ----a-w- c:\windows.0\system32\drivers\srv.sys
2009-12-21 19:14 . 2008-04-14 05:42 916480 ----a-w- c:\windows.0\system32\wininet.dll
2009-12-16 18:43 . 2009-12-06 00:54 343040 ----a-w- c:\windows.0\system32\mspaint.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 18:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BF4467F-BCB3-40F6-B6E3-C27900811DAC}]
2010-02-21 00:46 191488 ----a-w- c:\program files\AddThis\AddThis Toolbar\AddThisToolBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 20:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{3710D257-884E-4CD0-B562-EE94AC159107}"= "c:\program files\AddThis\AddThis Toolbar\AddThisToolBar.dll" [2010-02-21 191488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{3710d257-884e-4cd0-b562-ee94ac159107}]
[HKEY_CLASSES_ROOT\QBand.QBToolband.1]
[HKEY_CLASSES_ROOT\TypeLib\{2D086595-815E-4EDB-B4E6-B47B7A640EF8}]
[HKEY_CLASSES_ROOT\QBand.QBToolband]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-06 39408]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-06 122880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1051.0\mswinext.exe" [2009-11-13 243032]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

c:\documents and settings\Lisa\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 15:35 12464 ----a-w- c:\windows.0\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows.0\system32\drivers\avgldx86.sys [12/5/2009 11:05 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows.0\system32\drivers\avgtdix.sys [12/5/2009 11:06 PM 242696]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [12/27/2009 12:59 AM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [12/27/2009 12:59 AM 234888]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/13/2010 10:35 AM 308064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 3:17 PM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-03-11 c:\windows.0\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-03-14 c:\windows.0\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:17]

2010-03-14 c:\windows.0\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:17]

2010-03-13 c:\windows.0\Tasks\OGALogon.job
- c:\windows.0\system32\OGAEXEC.exe [2009-08-03 21:07]

2010-03-14 c:\windows.0\Tasks\User_Feed_Synchronization-{CA2B664C-CF77-4D9B-8E03-D78591C2B922}.job
- c:\windows.0\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows.0\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-SysTrayApp - c:\program files\IDT\WDM\sttray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 14:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-03-14 14:24:31
ComboFix-quarantined-files.txt 2010-03-14 19:24

Pre-Run: 172,556,881,920 bytes free
Post-Run: 173,256,040,448 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS.0
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4BEEE82E9AE345EB603ABF031F170C8C

lisadled
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-11-25
OS OS : xp
Points Points : 25679
# Likes # Likes : 0

View user profile

Back to top Go down

Re: COMBOFIX LOG

Post by Gabethebabe on Mon Mar 15, 2010 7:34 am

Hi lisadled,

If you have a malware problem, you should post in this forum. Also besides the combofix log you should provide some kind of description of your problem.

I have already seen a couple of things I do not quite like, like two p2p clients and Ask toolbar, but you better create a new thread in the correct forum as indicated above.

Good luck.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38208
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum