Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can someone please tell me if my system is clean?

Started by kickrz , Mar 26 2009 03:08 PM

  • Please log in to reply

#1
kickrz
Posted 26 March 2009 - 03:08 PM

kickrz

    New Member

  • Member
  • Pip
  • 8 posts
Hello. I recenlty had the google redirect virus and by reading posts i was able to clean up some stuff but want to be sure if my system is clean. I will post the log file from cobofix and maybe someone can tell from that if im clean or can advise me what to do to find out. Thanks very much
....................................................................................................
.................................................




ComboFix 09-03-25.04 - kickerz 2009-03-26 13:44:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.643 [GMT -4:00]
Running from: c:\documents and settings\kickerz\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090322-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\phqghu.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 )))))))))))))))))))))))))))))))
.

2009-03-25 19:20 . 2009-03-25 19:20 <DIR> d-------- c:\documents and settings\Administrator
2009-03-25 10:22 . 2009-03-25 10:22 <DIR> d-------- C:\_OTListIt
2009-03-25 09:38 . 2009-03-25 09:43 <DIR> d-------- C:\Rooter$
2009-03-25 09:38 . 2009-03-25 10:23 405 --a------ c:\windows\system32\BIN_STRSBW.SPT
2009-03-25 09:22 . 2009-03-25 09:22 <DIR> d-------- c:\program files\Panda Security
2009-03-25 09:22 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-03-25 08:05 . 2009-03-25 08:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-25 08:05 . 2009-03-25 08:05 <DIR> d-------- c:\documents and settings\kickerz\Application Data\Malwarebytes
2009-03-25 08:05 . 2009-03-25 08:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-25 08:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 08:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-22 22:09 . 2009-03-22 22:09 <DIR> d-------- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-25 03:27 --------- d-----w c:\program files\Trend Micro
2009-02-23 02:14 --------- d-----w c:\documents and settings\kickerz\Application Data\EasyDailyNote
2009-02-19 03:29 --------- d-----w c:\program files\Chainz 2
2009-02-14 05:24 --------- d-----w c:\documents and settings\All Users\Application Data\RingCentral
2009-02-14 00:07 --------- d-----w c:\program files\Mystery P.I. - The New York Fortune
2009-02-14 00:06 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-14 00:06 --------- d-----w c:\documents and settings\kickerz\Application Data\SpinTop
2009-02-14 00:05 --------- d-----w c:\documents and settings\kickerz\Application Data\SpinTop Games
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 00:37 --------- d-----w c:\program files\IncrediMail
2009-02-08 00:57 --------- d-----w c:\documents and settings\kickerz\Application Data\BHOK It Consulting
2009-02-08 00:49 --------- d-----w c:\program files\BHOK IT Consulting
2009-02-01 15:08 --------- d-----w c:\documents and settings\kickerz\Application Data\DNA
2009-01-31 01:44 --------- d-----w c:\program files\ReflexiveArcade
2008-07-08 11:58 797,032 ----a-w c:\program files\WeatherEyeInstaller.exe
2007-01-22 11:52 39,904 ----a-w c:\program files\Uninstall_CDS.exe
2003-07-17 15:26 448,640 -c--a-w c:\windows\inf\EL2K_N64.sys
2003-07-17 15:22 147,328 -c--a-w c:\windows\inf\EL2K_XP.sys
2003-06-03 20:47 147,328 -c--a-w c:\windows\inf\EL2K_2K.sys
2008-09-05 23:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090520080906\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5ba73b24-4614-4d17-b58e-0d9d95847e14}"= "c:\program files\AIR MILES TOOLBAR\Helper.dll" [2009-01-20 225280]

[HKEY_CLASSES_ROOT\clsid\{5ba73b24-4614-4d17-b58e-0d9d95847e14}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{DF11073E-3AFF-410F-9AC8-72459F32C80F}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{169A78DB-CFC2-4DA4-A9BD-A67B28D41FA7}]
2009-01-20 15:27 1257472 --a------ c:\program files\AIR MILES TOOLBAR\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{789D9334-A44A-486E-8234-313A78E66E61}"= "c:\program files\AIR MILES TOOLBAR\Toolbar.dll" [2009-01-20 1257472]

[HKEY_CLASSES_ROOT\clsid\{789d9334-a44a-486e-8234-313a78e66e61}]
[HKEY_CLASSES_ROOT\FCTB000056939.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB000056939.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{789D9334-A44A-486E-8234-313A78E66E61}"= "c:\program files\AIR MILES TOOLBAR\Toolbar.dll" [2009-01-20 1257472]

[HKEY_CLASSES_ROOT\clsid\{789d9334-a44a-486e-8234-313a78e66e61}]
[HKEY_CLASSES_ROOT\FCTB000056939.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB000056939.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-02-02 4656816]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-22 152992]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-21 177184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"MSACM.MI-SC4"= MI-SC4.acm
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"aux2"= c:\docume~1\kickerz\LOCALS~1\Temp\..\kinbpga.jrn

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNA]
--a------ 2007-05-12 22:50 216064 c:\program files\BitTorrent_DNA\dna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a--c--- 2003-06-04 03:00 99840 c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2005-06-10 05:21 217088 c:\program files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
--a--c--- 2007-01-21 16:57 249420 c:\program files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2007-01-21 16:06 26416 c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--------- 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--------- 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--------- 2004-07-15 11:42 4112384 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--------- 2004-07-15 11:42 81920 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a--c--- 2007-01-22 07:34 46992 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-01-22 07:30 152992 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-10-30 17:23 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-01-21 16:07 177184 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
--a--c--- 2005-06-10 05:24 196608 c:\program files\Microsoft IntelliType Pro\type32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--a------ 2007-01-21 15:38 310272 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
--a--c--- 2007-01-22 07:50 34088 c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherEye]
--a------ 2009-01-16 12:30 4519832 c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-02-02 00:39 4656816 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2004-07-15 11:42 843776 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PtiuPbmd]
--------- 2003-01-15 07:41 24576 c:\windows\system32\ptipbm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\CuteFTP\\cutftp32.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Anti-Trojan-55\\Anti-Trojan.exe"=
"c:\\Program Files\\PhotoParade\\PhotoParade.exe"=
"c:\\Program Files\\messenger\\msmsgs.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2004-08-25 9344]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-03-25 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-11 114768]
R1 bpfinder;BACKPACK Finder;c:\windows\system32\drivers\bpfinder.sys [2003-09-29 62359]
R1 DW;DW;c:\windows\system32\drivers\Dw.sys [2005-10-09 9745]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-11 20560]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2004-08-25 448640]
R3 bpflt;BACKPACK Filter;c:\windows\system32\drivers\bpflt.sys [2003-09-29 4538]
R3 bpusbflt;BACKPACK USB Filter;c:\windows\system32\drivers\bpusbflt.sys [2004-06-23 10653]
S3 bppccard;BACKPACK PC Card;c:\windows\system32\drivers\bppccard.sys [2003-09-29 5493]
S3 bppnpdrv;BACKPACK Driver;c:\windows\system32\drivers\bppnpdrv.sys [2003-09-29 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable;c:\windows\system32\drivers\bpusbdrv.sys [2003-09-29 111180]
S3 USR1806;U.S. Robotics Faxmodem Driver 1806;c:\windows\system32\drivers\USR1806.SYS [2005-12-14 793598]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ
*Deregistered* - aujasnkj
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-InCD - c:\program files\Ahead\InCD\InCD.exe
MSConfigStartUp-Lexmark X74-X75 - c:\program files\Lexmark X74-X75\lxbbbmgr.exe
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-osCheck - c:\program files\Norton AntiVirus\osCheck.exe
MSConfigStartUp-PCCClient - c:\program files\Trend Micro\PC-cillin 2002\PCCClient.exe
MSConfigStartUp-pccguide - c:\program files\Trend Micro\PC-cillin 2002\pccguide.exe
MSConfigStartUp-Pop3trap - c:\program files\Trend Micro\PC-cillin 2002\Pop3trap.exe
MSConfigStartUp-SpywareTerminator - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://google.baby-gaga.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
TCP: {EDE9E06E-B709-4931-859E-34643DC6E92C} = 66.38.192.142 66.38.192.70
DPF: Garmin Internet Explorer Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} - hxxp://di.imgag.com/imgag/cp/install/AxCtp.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 13:46:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-854245398-706699826-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-03-26 13:48:29
ComboFix-quarantined-files.txt 2009-03-26 17:48:24

Pre-Run: 31,254,351,872 bytes free
Post-Run: 31,306,084,352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

246 --- E O F --- 2009-03-16 22:22:59
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP