Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please review my combofix log

Started by brice123 , Dec 12 2008 08:54 AM

  • Please log in to reply

#1
brice123
Posted 12 December 2008 - 08:54 AM

brice123

    New Member

  • Member
  • Pip
  • 1 posts
I ran combo fix on my computer and got this text file, I was wondering if someone smarter then me could look at it and tell me if I need to do anythjing else? Thanks



ComboFix 08-12-11.05 - fpod 2008-12-12 8:34:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.574 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WinXP_EN_HOM_BF.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\fpod\nah_crkf.exe
C:\Documents and Settings\fpod\nah_log.dat
C:\Documents and Settings\fpod\ravmonlog
C:\WINDOWS\a3kebook.ini
C:\WINDOWS\akebook.ini
C:\WINDOWS\ANS2000.INI
C:\WINDOWS\system32\drivers\TDSSrfdc.sys
C:\WINDOWS\system32\TDSSayoa.log
C:\WINDOWS\system32\TDSSedwv.dll
C:\WINDOWS\system32\TDSSfvfe.dll
C:\WINDOWS\system32\TDSSgnaq.dll
C:\WINDOWS\system32\TDSShrii.dll
C:\WINDOWS\system32\TDSSmhvw.log
C:\WINDOWS\system32\TDSSnero.dat
C:\WINDOWS\system32\TDSSnmxh.log
C:\WINDOWS\system32\TDSSrfhc.dll
C:\WINDOWS\system32\TDSSxbae.dll

C:\WINDOWS\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-12 to 2008-12-12 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 13:50 32,718,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-12-12 13:48 1,244,960 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-12-12 13:46 439,904 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-12-12 13:46 118,736 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-12-12 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-11-24 03:42 --------- d-----w C:\Documents and Settings\fpod\Application Data\uTorrent
2008-11-18 20:23 --------- d-----w C:\Documents and Settings\fpod\Application Data\Move Networks
2008-11-12 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-24 11:21 455,296 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-10-20 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-14 20:40 --------- d-----w C:\Program Files\Zone Five Software
2008-10-14 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoneFiveSoftware
2007-07-08 04:40 29,440 ----a-w C:\Documents and Settings\fpod\Application Data\GDIPFONTCACHEV1.DAT
2006-07-19 20:33 88 --sh--r C:\WINDOWS\system32\A3C1FB52E7.sys
2006-07-19 20:33 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-09-07 03:27 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090620080907\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 19:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 16:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 16:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 16:45 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"ECenter"="c:\dell\E-Center\gtb.exe" [2006-06-14 08:17 49152]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16 1121792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 00:18 57344]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 01:05 122939]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 14:09 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 19:12 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 16:40 289576]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\kav\\kav7\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18031:TCP"= 18031:TCP:NortonAV
"15699:TCP"= 15699:TCP:NortonAV


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-Verizon Custom Uninstall Tracking - C:\DOCUME~1\fpod\LOCALS~1\Temp\InstallHelper.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://65.209.44.166/webapps/login/
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cu22xwpm.default\
FF - plugin: C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 08:47:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1192)
C:\WINDOWS\system32\klogon.dll
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP