Thread: logs from a friend's computer
View Single Post
Old 06-23-2009, 07:41 PM   #7 (permalink)
dario03
dario03's Avatar
 
Master Techie

Join Date: Feb 2005

Posts: 2,033

dario03 is on a distinguished road
Default Re: logs from a friend's computer
ComboFix 09-06-22.0E - Owner 06/23/2009 16:27.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.702.341 [GMT -7:00]
Running from: c:\documents and settings\Owner\My Documents\virus removal stuff\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090623-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.
2009-06-23 03:02 . 2009-06-23 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-23 03:02 . 2009-06-23 00:05 3015544 ----a-w- c:\documents and settings\Owner\Application Data\Simply Super Software\Trojan Remover\nbn4.exe
2009-06-23 02:43 . 2009-06-23 02:43 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-23 02:39 . 2004-08-04 12:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-06-23 02:39 . 2004-08-04 12:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-22 23:42 . 2005-08-26 08:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-06-22 23:42 . 2006-06-19 20:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-06-22 23:42 . 2006-05-25 22:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-06-22 23:42 . 2003-02-03 03:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-06-22 23:42 . 2002-03-06 08:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-06-22 23:42 . 2009-06-22 23:42 -------- d-----w- c:\program files\Trojan Remover
2009-06-22 23:42 . 2009-06-22 23:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Simply Super Software
2009-06-22 23:42 . 2009-06-22 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-06-22 23:35 . 2009-06-22 23:35 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-22 23:35 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 23:35 . 2009-06-22 23:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-22 23:35 . 2009-06-22 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-22 23:35 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-22 23:18 . 2009-06-22 23:18 -------- d-----w- c:\program files\Trend Micro
2009-06-22 23:09 . 2009-06-22 23:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Identities
2009-06-22 22:14 . 2009-06-22 22:14 -------- d-----w- c:\program files\CCleaner
2009-06-22 21:52 . 2009-06-22 21:53 -------- d-----w- c:\program files\CleanUp!
2009-06-22 21:43 . 2009-06-22 21:43 -------- d-----w- c:\program files\MSConfig CleanUp
2009-06-22 19:34 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-22 19:34 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-22 19:34 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-22 19:34 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-22 19:34 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-22 19:34 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-22 19:34 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-22 19:34 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-22 19:33 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-22 19:33 . 2009-06-22 20:27 -------- d-----w- c:\program files\Avast4
2009-06-19 23:33 . 2009-06-23 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\92789996
2009-06-19 23:33 . 2009-06-23 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\12780004
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-22 23:15 . 2005-11-05 04:09 -------- d-----w- c:\program files\Common Files\AOL
2009-06-22 23:15 . 2005-11-05 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-22 20:18 . 2009-01-19 16:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-22 19:01 . 2009-01-19 16:58 -------- d-----w- c:\program files\Norton Security Scan
2009-06-22 19:01 . 2005-11-05 02:59 -------- d-----w- c:\program files\TOSHIBA
2009-06-22 18:53 . 2005-11-05 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-05-12 03:22 . 2005-11-07 17:42 -------- d-----w- c:\program files\Google
2009-05-07 15:44 . 2005-11-05 00:52 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2005-11-05 00:53 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2005-11-05 00:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2005-11-05 00:53 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2005-11-05 00:53 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-23_02.41.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-23 20:30 . 2009-06-23 20:30 16384 c:\windows\Temp\Perflib_Perfdata_5e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-30 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-06-02 1059720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MyWebSearchService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1131163763\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Common Files\\AOL\\1131163763\\EE\\aolsoftware.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/22/2009 12:34 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [6/22/2009 12:34 PM 20560]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [11/4/2005 5:53 PM 14336]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-23 16:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(508)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1888)
c:\docume~1\Owner\LOCALS~1\Temp\catchme.dll
.
Completion time: 2009-06-23 16:31
ComboFix-quarantined-files.txt 2009-06-23 23:30
ComboFix2.txt 2009-06-23 02:44
Pre-Run: 24,042,643,456 bytes free
Post-Run: 24,024,289,280 bytes free
131 --- E O F --- 2009-06-16 19:10
__________________
"Now I lay my computer down to sleep, I pray the hard drive my files to keep, If I should lose power before I save, I pray the hard drive my backups to take"
The Techies' Bible - Dario 1:1
dario03 is offline