Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

generic.200

Started by alaskansnowman , Mar 11 2009 09:22 PM

  • Please log in to reply

#1
alaskansnowman
Posted 11 March 2009 - 09:22 PM

alaskansnowman

    New Member

  • Member
  • Pip
  • 1 posts
i was looking around and found that the best way to fix my computer is to get combofix and post the log that it generates at the end and have someone tell me whats going on and how to fix this problem. anyways if any one can please help i would greatly appreciate it!


heres my log that combo fix has prompted me with

ComboFix 09-03-10.03 - Owner 2009-03-11 22:00:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.894.487 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\docume~1\Owner\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Owner\LOCALS~1\Temp\tmp2.tmp
c:\program files\Adssite Games Collection
c:\program files\Adssite Games Collection\BattlesOfHelicopters.exe
c:\program files\Adssite Games Collection\BobAndBill.exe
c:\program files\Adssite Games Collection\CrazyBlocks.exe
c:\program files\Adssite Games Collection\Lines.exe
c:\program files\Adssite Games Collection\uninstall.exe
c:\program files\Adssite Games Collection\VideoPool.exe
c:\program files\Common Files\System\Uninstall
c:\program files\INSTALL.LOG
c:\windows\install.exe
c:\windows\system32\dcads-remove.exe
c:\windows\system32\mysidesearch_sidebar_uninstall.exe
c:\windows\system32\qsrwlonqapjao.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UAClyqqakbe.dat
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-10 22:24 . 2009-03-10 22:24 24,352 --a------ c:\windows\system32\AAWService_2009_03_10_22_24_27.dmp
2009-03-10 21:01 . 2009-03-10 21:01 <DIR> dr------- c:\program files\Norton Support
2009-03-10 20:41 . 2009-03-10 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-03-10 20:40 . 2009-03-10 20:40 <DIR> d-------- c:\windows\system32\drivers\NAV
2009-03-10 20:40 . 2009-03-10 20:40 <DIR> d-------- c:\program files\Windows Sidebar
2009-03-10 20:40 . 2009-03-10 20:40 <DIR> d-------- c:\program files\Symantec
2009-03-10 20:40 . 2009-03-10 20:40 <DIR> d-------- c:\program files\NortonInstaller
2009-03-10 20:40 . 2009-03-10 20:40 <DIR> d-------- c:\program files\Norton AntiVirus
2009-03-10 20:40 . 2009-03-10 20:44 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-03-10 20:40 . 2009-03-10 20:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-03-10 20:40 . 2009-03-10 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-03-10 20:40 . 2009-03-10 20:40 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-10 20:40 . 2009-03-10 20:40 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-03-10 20:40 . 2009-03-10 20:40 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-03-10 20:40 . 2009-03-10 20:40 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-10 20:40 . 2009-03-10 20:40 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-03-10 20:28 . 2009-03-10 20:28 <DIR> d-------- c:\program files\Viewpoint
2009-03-10 20:28 . 2009-03-10 20:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2009-03-09 23:41 . 2009-03-09 23:41 <DIR> d-------- c:\documents and settings\Owner\Application Data\AVGTOOLBAR
2009-03-09 23:41 . 2009-03-09 23:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-09 23:21 . 2009-03-09 23:21 22,889 --a------ c:\windows\system32\AAWService_2009_03_09_23_21_55.dmp
2009-03-09 23:10 . 2009-01-18 16:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-09 22:08 . 2009-03-09 22:08 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-03-09 22:08 . 2009-03-09 22:08 <DIR> d-------- c:\program files\Lavasoft
2009-03-09 22:08 . 2009-03-09 22:08 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-09 22:08 . 2009-01-18 16:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-09 21:59 . 2009-03-09 22:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-05 11:39 . 2004-08-04 01:56 21,504 --a------ c:\windows\system32\hidserv.dll
2009-03-05 11:39 . 2004-08-04 01:56 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2009-03-03 19:00 . 2009-03-03 19:19 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-03-03 13:56 . 2009-03-05 09:10 69,158 --a------ c:\windows\system32\qsrwlonqapjao.dll-uninst.exe
2009-03-02 21:55 . 2008-06-13 08:10 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-03-02 21:55 . 2008-06-13 08:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-02 21:52 . 2008-05-01 09:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-03-02 16:45 . 2009-03-02 16:45 <DIR> d-------- c:\program files\support.com
2009-03-02 16:45 . 2009-03-02 16:45 <DIR> d-------- c:\program files\Common Files\SupportSoft
2009-03-02 16:45 . 2009-03-02 16:45 1,147 --a------ C:\net_save.dna

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 04:37 --------- d-----w c:\program files\McAfee
2009-03-10 04:37 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-05 02:21 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com
2009-03-04 17:43 --------- d-----w c:\program files\Common Files\AOL
2009-03-04 17:43 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-04 17:42 --------- d-----w c:\program files\Google
2009-02-22 01:51 --------- d-----w c:\program files\BellSouth
2009-02-22 01:28 --------- d-----w c:\program files\BearShare Applications
2009-02-18 04:07 12,496 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2006-03-16 00:42 0 ----a-w c:\documents and settings\Mark\Application Data\wklnhst.dat
2008-04-08 19:51 8 --sh--r c:\windows\system32\1074846871.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"HostManager"="c:\program files\Common Files\AOL\1104964342\ee\AOLSoftware.exe" [2006-03-08 48280]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 126104]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2005-01-05 1742384]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1104964342\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-09 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1002000.007\SymEFA.sys [2009-03-10 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-03-10 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-03-10 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSxpx86.sys [2009-03-11 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-03-10 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-10 101936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 1e07d21f-679c-4c51-b363-ad56f2569d34;1e07d21f-679c-4c51-b363-ad56f2569d34;\??\e:\cds300\cds300.dll --> e:\cds300\cds300.dll [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88db96a1-5f67-11d9-b266-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88db96a2-5f67-11d9-b266-806d6172696f}]
\shell\PlayWithPowerDVD\Command - "c:\program files\CyberLink\PowerDVD\PowerDVD.exe" "%l"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{feb7fba1-5bcb-11d9-85ee-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2009-03-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:34]

2009-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{EEEBED9A-15BB-9770-FC90-0DE5CD42ABB8} - c:\windows\system32\qsrwlonqapjao.dll
HKCU-Run-14F2FBE77919B1974F5E762474498647 - c:\program files\A360\av360.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-11 22:02:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-03-11 22:03:24
ComboFix-quarantined-files.txt 2009-03-12 03:03:21

Pre-Run: 172,287,811,584 bytes free
Post-Run: 172,308,054,016 bytes free

181 --- E O F --- 2009-03-11 01:47:57
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP