Jump to content

MikeF

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I searched the forum and found a post by someone who was also having trouble getting rid of malware trace. I printed and followed the instructions, I downloaded and ran Combofix, and I think it worked. I will now will be testing out my computer to be sure the symptoms don't recur. But the instructions also said I should post the log here so someone can review it to make sure all of it is gone. Please let me know. You guys are great. Thanks so much for what you do. ComboFix 09-01-19.03 - Mike 2009-01-19 14:18:29.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.204 [GMT -8:00] Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated) AV: McAfee VirusScan *On-access scanning disabled* (Updated) FW: Bitdefender Firewall *disabled* FW: McAfee Personal Firewall *enabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Mike\Start Menu\Programs\InternetGameBox c:\documents and settings\Mike\Start Menu\Programs\InternetGameBox\Privacy Policy.lnk c:\documents and settings\Mike\Start Menu\Programs\InternetGameBox\Terms and conditions.lnk c:\documents and settings\Mike\Start Menu\Programs\InternetGameBox\Website.lnk c:\windows\system32\_004248_.tmp.dll c:\windows\system32\_004249_.tmp.dll c:\windows\system32\_004250_.tmp.dll c:\windows\system32\_004251_.tmp.dll c:\windows\system32\_004258_.tmp.dll c:\windows\system32\_004259_.tmp.dll c:\windows\system32\_004260_.tmp.dll c:\windows\system32\_004261_.tmp.dll c:\windows\system32\_004262_.tmp.dll c:\windows\system32\_004263_.tmp.dll c:\windows\system32\_004264_.tmp.dll c:\windows\system32\_004265_.tmp.dll c:\windows\system32\_004266_.tmp.dll c:\windows\system32\_004267_.tmp.dll c:\windows\system32\_004268_.tmp.dll c:\windows\system32\_004269_.tmp.dll c:\windows\system32\_004270_.tmp.dll c:\windows\system32\_004271_.tmp.dll c:\windows\system32\_004272_.tmp.dll c:\windows\system32\_004274_.tmp.dll c:\windows\system32\_004277_.tmp.dll c:\windows\system32\_004278_.tmp.dll c:\windows\system32\_004282_.tmp.dll c:\windows\system32\_004283_.tmp.dll c:\windows\system32\_004284_.tmp.dll c:\windows\system32\_004285_.tmp.dll c:\windows\system32\_004286_.tmp.dll c:\windows\system32\_004287_.tmp.dll c:\windows\system32\_004288_.tmp.dll c:\windows\system32\_004290_.tmp.dll c:\windows\system32\_004291_.tmp.dll c:\windows\system32\_004292_.tmp.dll c:\windows\system32\_004293_.tmp.dll c:\windows\system32\_004294_.tmp.dll c:\windows\system32\_004295_.tmp.dll c:\windows\system32\_004296_.tmp.dll c:\windows\system32\_004297_.tmp.dll c:\windows\system32\_004298_.tmp.dll c:\windows\system32\_004299_.tmp.dll c:\windows\system32\_004300_.tmp.dll c:\windows\system32\_004301_.tmp.dll c:\windows\system32\_004304_.tmp.dll c:\windows\system32\_004305_.tmp.dll c:\windows\system32\_004306_.tmp.dll c:\windows\system32\_004308_.tmp.dll c:\windows\system32\_004309_.tmp.dll c:\windows\system32\_004310_.tmp.dll c:\windows\system32\_004311_.tmp.dll c:\windows\system32\_004312_.tmp.dll c:\windows\system32\_004314_.tmp.dll c:\windows\system32\_004317_.tmp.dll c:\windows\system32\_004318_.tmp.dll c:\windows\system32\_004322_.tmp.dll c:\windows\system32\_004323_.tmp.dll c:\windows\system32\_004325_.tmp.dll c:\windows\system32\_004328_.tmp.dll c:\windows\system32\_004330_.tmp.dll c:\windows\system32\_004331_.tmp.dll c:\windows\system32\_004332_.tmp.dll c:\windows\system32\_004333_.tmp.dll c:\windows\system32\_004336_.tmp.dll c:\windows\system32\_004337_.tmp.dll c:\windows\system32\_004338_.tmp.dll c:\windows\system32\_004339_.tmp.dll c:\windows\system32\_004340_.tmp.dll c:\windows\system32\_004345_.tmp.dll c:\windows\system32\_004347_.tmp.dll c:\windows\system32\_004348_.tmp.dll c:\windows\Tasks\xzmtlfsz.job c:\windows\wiaserviv.log D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 ))))))))))))))))))))))))))))))) . 2009-01-19 13:53 . 2009-01-19 13:54 <DIR> d-------- C:\32788R22FWJFW 2009-01-18 21:40 . 2009-01-18 21:40 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore 2009-01-18 17:43 . 2009-01-18 17:43 1,409 --a------ c:\windows\system32\tmpF7D9D.FOT 2009-01-18 17:43 . 2009-01-18 17:43 1,409 --a------ c:\windows\system32\tmpDCD9D.FOT 2009-01-18 17:43 . 2009-01-18 17:43 1,409 --a------ c:\windows\system32\tmpC7B9D.FOT 2009-01-18 17:43 . 2009-01-18 17:43 1,409 --a------ c:\windows\system32\tmp14D9D.FOT 2009-01-17 21:17 . 2009-01-19 14:22 54,156 --ah----- c:\windows\QTFont.qfn 2009-01-17 21:17 . 2009-01-17 21:17 1,409 --a------ c:\windows\QTFont.for 2009-01-16 23:36 . 2009-01-16 23:36 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-16 23:36 . 2009-01-16 23:36 <DIR> d-------- c:\documents and settings\Mike\Application Data\Malwarebytes 2009-01-16 23:36 . 2009-01-16 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-16 23:36 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-16 23:36 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-16 21:21 . 2009-01-19 14:24 8,201 --a------ c:\windows\system32\Config.MPF 2009-01-16 21:18 . 2009-01-18 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor 2009-01-16 21:17 . 2006-03-03 08:07 143,360 --a------ c:\windows\system32\dunzip32.dll 2009-01-16 21:14 . 2008-06-27 06:08 207,656 --a------ c:\windows\system32\drivers\mfehidk.sys 2009-01-16 21:14 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys 2009-01-16 21:14 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys 2009-01-16 21:14 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys 2009-01-16 21:14 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys 2009-01-16 21:13 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys 2009-01-16 21:12 . 2009-01-16 21:13 <DIR> d-------- c:\program files\McAfee.com 2009-01-16 21:12 . 2009-01-16 21:14 <DIR> d-------- c:\program files\Common Files\McAfee 2009-01-16 21:11 . 2009-01-18 21:19 <DIR> d-------- c:\program files\McAfee 2009-01-16 21:03 . 2009-01-18 21:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee 2009-01-15 16:36 . 2009-01-15 16:36 <DIR> d-------- c:\program files\Netflix 2009-01-15 13:22 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2009-01-15 13:22 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys 2009-01-15 13:22 . 2008-04-13 11:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2009-01-15 13:22 . 2008-04-13 11:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys 2008-12-19 19:04 . 2008-12-19 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-19 15:26 . 2008-12-19 15:26 <DIR> d-------- c:\documents and settings\Mike\Application Data\Symantec 2008-12-19 14:31 . 2009-01-15 15:33 <DIR> d-------- c:\program files\Symantec 2008-12-19 14:31 . 2009-01-15 15:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-19 05:24 --------- d-----w c:\documents and settings\Mike\Application Data\.purple 2009-01-19 05:17 --------- d-----w c:\documents and settings\Mike\Application Data\uTorrent 2009-01-18 07:53 --------- d-----w c:\documents and settings\Mike\Application Data\Move Networks 2009-01-18 04:05 --------- d-----w c:\documents and settings\Mike\Application Data\gtk-2.0 2009-01-16 19:25 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-01-16 19:23 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-15 23:34 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-12-19 22:25 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2008-12-16 10:10 --------- d-----w c:\documents and settings\Mike\Application Data\Skype 2008-12-16 08:09 --------- d-----w c:\documents and settings\Mike\Application Data\skypePM 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-11-11 212992] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-03-02 1282048] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Dynex Wireless Networking Utility.lnk - c:\program files\Dynex G Desktop Card Adapter\DynexWCUI.exe [2008-08-17 1462272] LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-09-16 57344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=kqqlaz.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= DivXa32.acm [HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Mavis Beacon Teaches Typing Deluxe 11.lnk] path=c:\documents and settings\Mike\Start Menu\Programs\Startup\Mavis Beacon Teaches Typing Deluxe 11.lnk backup=c:\windows\pss\Mavis Beacon Teaches Typing Deluxe 11.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-08-29 07:09 171464 c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] --a------ 2006-01-13 16:13 172032 c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd] --a------ 2004-07-05 16:05 2550272 c:\windows\ALCWZRD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] --------- 2004-03-17 15:10 61952 c:\windows\system32\Hdaudpropshortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-18 206096] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2009-01-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-01-17 c:\windows\Tasks\At1.job - c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 13:50] 2009-01-19 c:\windows\Tasks\At2.job - c:\program files\norton pc checkup\pc_checkup.exe [2008-06-29 13:50] 2009-01-17 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10] 2009-01-17 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10] 2009-01-19 c:\windows\Tasks\Norton Security Scan.job - c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08] . - - - - ORPHANS REMOVED - - - - BHO-{14DB73BD-7066-4E31-ADEF-A0087BF1EFB7} - (no file) BHO-{602588C4-8A36-4CF7-8F05-C6CD178B4A9D} - (no file) Toolbar-SITEguard - (no file) HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\xmi3obz0.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\xmi3obz0.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-19 14:23:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-725345543-57989841-2147175445-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:c4,09,10,b2,56,63,e7,66,84,9b,af,a1,23,e5,66,61,bf,6f,cd,20,bb,ce,4d, 85,90,c1,e9,f1,09,81,2a,de,c8,da,5d,96,0c,d2,57,ef,3d,27,a3,66,c5,83,b7,8b,\ "??"=hex:65,90,9b,06,93,31,79,66,c4,eb,a0,39,b4,1f,36,1b . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(796) c:\windows\System32\BCMLogon.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Ahead\InCD\InCDsrv.exe c:\windows\system32\wltrysvc.exe c:\windows\system32\bcmwltry.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe c:\program files\McAfee\MPF\MpfSrv.exe c:\program files\McAfee\MSK\msksrver.exe c:\program files\Logitech\Video\FxSvr2.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2009-01-19 14:28:00 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-19 22:27:56 Pre-Run: 11,182,714,880 bytes free Post-Run: 11,120,844,800 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,4,5,6 302 --- E O F --- 2009-01-14 00:55:00
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.