|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Windows XP Support Find support for Windows XP here. |
 |
|
|
LinkBack | Thread Tools |
07-18-2008, 02:00 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2008
Posts: 1
OS: windows xp service pack 2
|
[SOLVED] need someone to read my combofix log!
ComboFix 08-07-17.4 - Asia Quan 2008-07-18 12:32:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.191 [GMT -7:00] Running from: C:\Documents and Settings\Asia Quan\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Asia Quan\Application Data\AXPDefender C:\Documents and Settings\Asia Quan\Application Data\rhceafj0el7g C:\Program Files\AXPDefender C:\Program Files\rhceafj0el7g C:\WINDOWS\BM6359ad97.txt C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\blphcaafj0el7g.scr C:\WINDOWS\system32\CdMWwvut.ini C:\WINDOWS\system32\CdMWwvut.ini2 C:\WINDOWS\system32\cyqlgefo.ini C:\WINDOWS\system32\dbwgwgtd.ini C:\WINDOWS\system32\fnhnpoyn.ini C:\WINDOWS\system32\ikqykvmy.ini C:\WINDOWS\system32\jsdasbcr.ini C:\WINDOWS\system32\kuikvrrj.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nnuifiuc.ini C:\WINDOWS\system32\phcaafj0el7g.bmp C:\WINDOWS\system32\qmynbkgb.ini C:\WINDOWS\system32\rpltfmve.ini C:\WINDOWS\system32\rtpcjhxj.ini C:\WINDOWS\system32\uflkuhee.ini C:\WINDOWS\system32\uqfjwupc.ini C:\WINDOWS\system32\uxqvkybw.ini . ((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 ))))))))))))))))))))))))))))))) . 2008-07-17 09:51 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 19:39 43,708,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-07-18 19:37 586,388 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-07-18 18:45 --------- d-----w C:\Documents and Settings\Asia Quan\Application Data\AVG7 2008-07-17 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-17 04:27 --------- d-----w C:\Program Files\Lx_cats 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 05:54 27,356 ----a-w C:\Documents and Settings\Asia Quan\Application Data\wklnhst.dat 2008-05-22 05:50 --------- d-----w C:\Program Files\Lexmark 8300 Series 2008-05-22 05:49 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-22 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software 2008-05-22 05:48 --------- d-----w C:\Program Files\Lexmark Applications 2008-05-14 04:48 2,153,984 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp 2008-05-14 04:47 55,296 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp 2008-05-14 04:30 327,680 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp 2008-05-14 04:30 2,156,032 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp 2008-05-14 03:40 100,352 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp 2008-05-14 03:05 2,156,544 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2008-05-14 03:05 124,928 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2008-05-11 23:29 2,152,960 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2008-05-11 23:29 155,648 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2008-05-11 22:56 239,616 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2008-05-11 22:08 67,584 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-05-11 21:54 639,488 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-21 06:56 666,624 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 01:32 65536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-14 20:19 579584] "Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 11:24 73728] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 06:10 122940] "LXCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2005-09-08 11:45 73728] "lxcjmon.exe"="C:\Program Files\Lexmark 8300 Series\lxcjmon.exe" [2005-09-30 07:49 200704] "EzPrint"="C:\Program Files\Lexmark 8300 Series\ezprint.exe" [2005-08-01 05:05 94208] "TPSMain"="TPSMain.exe" [2005-05-31 22:00 282624 C:\WINDOWS\system32\TPSMain.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-11-10 12:14 15473664 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 09:52 218232] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-05-13 22:24 219136] C:\Documents and Settings\Asia Quan\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-11-04 20:20:51 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WebrootSpySweeperService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\WINDOWS\\system32\\lxcjcoms.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcjpswx.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b30623fb-6285-11dc-a670-0011f5eb80f2}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . - - - - ORPHANS REMOVED - - - - BHO-{B21E5AD3-1D64-4710-ABE7-B7CF367BAAA2} - C:\WINDOWS\system32\tuvwWMdC.dll HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKLM-Run-SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe HKU-Default-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe Notify-AtiExtEvent - (no file) ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-18 12:38:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\system32\lxcjcoms.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe . ************************************************************************** . Completion time: 2008-07-18 12:45:06 - machine was rebooted [Asia Quan] ComboFix-quarantined-files.txt 2008-07-18 19:45:00 Pre-Run: 35,846,688,768 bytes free Post-Run: 36,343,508,992 bytes free 181 --- E O F --- 2008-07-17 22:42:39 |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
07-18-2008, 02:08 PM
|
#2 (permalink) |
|
TSF Enthusiast
Join Date: Mar 2008
Posts: 2,568
OS: Windows XP Pro SP3, Kubuntu & Ubuntu 8.10
|
Re: need someone to read my combofix log!
Welcome to TSF....
There is a procedure for doing this on this forum as listed below and you will endup posting in the HijackThis Help forum. If you would care to ask to have this thread moved there and try posting just the log you have just ask a manager to do so and I am sure they will accommodate you. To get Expert Help with malware removal: I recommend that you read this article… ( "Simply, click on the links to be re-directed.) "Having problems with spyware and pop-ups? - First Steps"; http://www.techsupportforum.com/secu...oval-help.html Please follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum. http://www.techsupportforum.com/secu...this-log-help/ Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one. When carrying out The 5 Steps, http://www.techsupportforum.com/secu...oval-help.html if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed. However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to HiJackThis Log Help Forum. http://www.techsupportforum.com/secu...this-log-help/ where an Analyst will assist you with other workarounds. Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can. .
__________________
I was always taught to respect my elders, but it keeps getting harder to find one. Heaven goes by favorites, If it didn't then your dog would get in first. Amen. |
|
|
|
|
| Thread Tools | |
|
|
