Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Combofix Log....Help needed by a Newbie

Started by sqerlygirl , Aug 27 2009 05:24 PM

  • Please log in to reply

#1
sqerlygirl
Posted 27 August 2009 - 05:24 PM

sqerlygirl

    New Member

  • Member
  • Pip
  • 1 posts
Hi :)

I have no experience dealing with viruses....my laptop crashed yesterday. I lost all my documents (I did have them backed up, so they are not completely lost)...I cannot do a system restore. I get the message that a file is corrupt and then the computer shuts down . I ran Mcafee, when it didn't work...I disabled Mcafee and ran Combofix. Here is the resulting log...

If anyone can help me with this, I would really appreciate it!

TIA! Charlene

ComboFix 09-08-27.01 - Charlene 08/27/2009 14:10.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.169 [GMT -4:00]
Running from: c:\documents and settings\Charlene.SHIRLEY1\My Documents\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\desktop
c:\windows\desktop\Instal~1.lnk
c:\windows\system32\autorun.ini
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\winhelp.ini


.
((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.

2009-08-27 17:36 . 2009-08-27 17:36 -------- d-----w- c:\documents and settings\Charlene.SHIRLEY1\Application Data\McAfee
2009-08-27 16:51 . 2009-08-27 16:51 -------- d-sh--w- c:\documents and settings\Charlene.SHIRLEY1\PrivacIE
2009-08-27 16:51 . 2009-08-27 16:51 -------- d-----w- c:\documents and settings\Charlene.SHIRLEY1\Application Data\Yahoo!
2009-08-27 16:51 . 2009-08-27 16:51 -------- d-----w- c:\documents and settings\Charlene.SHIRLEY1\Local Settings\Application Data\Google
2009-08-27 16:51 . 2009-08-27 16:51 -------- d-----w- c:\documents and settings\Charlene.SHIRLEY1\Application Data\Delicious IE Extension
2009-08-27 15:21 . 2009-08-27 15:21 140 ----a-w- c:\documents and settings\Charlene.SHIRLEY1\Local Settings\Application Data\fusioncache.dat
2009-08-27 15:21 . 2009-08-27 15:21 113848 ----a-w- c:\documents and settings\Charlene.SHIRLEY1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-27 15:21 . 2009-08-27 15:21 -------- d-----w- c:\documents and settings\Charlene.SHIRLEY1\Local Settings\Application Data\ApplicationHistory
2009-08-27 15:19 . 2009-08-27 15:19 -------- d-----w- c:\documents and settings\Charlene.SHIRLEY1\Local Settings\Application Data\Identities
2009-08-27 15:12 . 2009-08-27 15:12 -------- d-----w- c:\documents and settings\Charlene.SHIRLEY1\Local Settings\Application Data\AOL
2009-08-27 15:12 . 2009-08-27 15:12 -------- d-----w- c:\documents and settings\Charlene.SHIRLEY1\Local Settings\Application Data\Apple Computer
2009-08-27 15:12 . 2009-08-27 15:12 -------- d-----w- c:\documents and settings\Charlene.SHIRLEY1\Local Settings\Application Data\Fisher-Price
2009-08-27 15:07 . 2009-08-27 15:07 -------- d-----w- c:\documents and settings\TEMP
2009-08-26 23:16 . 2009-08-26 23:16 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-08-25 02:04 . 2009-08-25 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-24 02:26 . 2009-08-24 02:26 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-15 04:02 . 2009-08-15 04:02 -------- d-sh--w- C:\FOUND.000
2009-08-11 18:11 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 22:32 . 2004-08-04 02:39 8416 ----a-w- c:\windows\system32\drivers\aec.sys
2009-08-05 09:01 . 2004-08-04 09:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 09:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 09:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 09:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 09:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 09:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 09:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 09:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 09:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 09:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 19:03 . 2009-04-12 02:19 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2009-06-24 11:18 . 2004-08-04 09:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 09:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 09:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 09:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 09:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-04 09:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 09:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 09:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2006-08-20 18:13 . 2006-08-20 18:08 21290704 ----a-w- c:\program files\AdbeRdr708_en_US.exe
2006-08-20 18:08 . 2006-08-20 18:06 7050552 ----a-w- c:\program files\psa30se_en_us.exe
2006-08-20 18:06 . 2006-08-20 18:06 762512 ----a-w- c:\program files\ytb612_efgsip.exe
.

------- Sigcheck -------

[-] 2009-08-26 22:32 8416 D4533785ED70D50CA44E9659F607E01C c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[7] 2004-08-04 02:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$NtServicePackUninstall$\aec.sys
[7] 2008-04-13 16:39 142592 8BED39E3C35D6A489438B8141717A557 c:\windows\ServicePackFiles\i386\aec.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-06-24 19:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-06-24 19:03 2835256 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-05-18 160592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-10-26 212992]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-10-26 2889728]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-06-06 69632]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 385024]
"Net-It Launcher"="c:\windows\system32\NILaunch.exe" [1998-02-05 24576]
"\\DCDSFV21\EPSON Stylus CX5400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-27 99840]
"Auto EPSON Stylus CX5400 on DCDSFV21"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" [2003-05-27 99840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-29 185896]
"HostManager"="c:\program files\Common Files\AOL\1180574891\ee\AOLSoftware.exe" [2006-09-26 50736]
"eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2008-09-03 487424]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
ACS.lnk - c:\windows\system32\ACS.BAT [2006-8-16 28]
D-Link AirPlus Xtreme G Configuration Utility.lnk - c:\program files\D-Link AirPlus Xtreme G\AirPlus.exe [2006-8-16 544866]
D-Link REG Utility.lnk - c:\program files\D-Link AirPlus Xtreme G\Reg.exe [2006-8-16 24576]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-6-24 2876216]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1180574891\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 mozyFilter;mozyFilter;c:\windows\system32\drivers\mozy.sys [4/11/2009 10:19 PM 54776]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2/22/2009 1:14 PM 266240]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/2/2008 8:45 AM 210216]
S1 mailKmd;mailKmd; [x]
S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [8/7/2006 7:09 AM 2343]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-01-02 17:32]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-01-02 17:32]

2008-07-01 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2008-07-01 21:46]

2009-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-08-27 c:\windows\Tasks\User_Feed_Synchronization-{0F2452D3-C5AF-46C2-AC31-6181A07EA9EE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-27 14:28
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\MCE001d6\feapp.da.tĺ 2072281088 bytes
c:\windows\TEMP\MCE001d6\c:\windows\TEMP\MCE001d6\

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\WININET.dll
.
Completion time: 2009-08-27 14:35
ComboFix-quarantined-files.txt 2009-08-27 18:35

Pre-Run: 8,085,323,776 bytes free
Post-Run: 8,185,446,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

211 --- E O F --- 2009-08-26 07:00
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP