Log Check PLS/THX

Status
Not open for further replies.
Abstract Hero

Abstract Hero

Hyper Techie
Messages
1,843
Location
Phoenix, AZ
This is from a friends machine if someone could please check this combofix log for me or show me what to look for. Thanks in advance.

Code: 
ComboFix 10-09-03.02 - Leon 09/04/2010   2:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.894.154 [GMT -7:00]
Running from: c:\users\Leon\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\programdata\sysReserve.ini
c:\users\Leondro\AppData\Local\Microsoft\Windows\Temporary Internet Files\55yO011O.jpg
c:\users\Leondro\AppData\Local\Microsoft\Windows\Temporary Internet Files\75oO8x.jpg
c:\users\Leondro\AppData\Local\Microsoft\Windows\Temporary Internet Files\a0By10K04.jpg
c:\users\Leondro\AppData\Local\Microsoft\Windows\Temporary Internet Files\MKKbxy4a0.jpg
c:\users\Leondro\Documents\iexplore.exe

.
(((((((((((((((((((((((((   Files Created from 2010-08-04 to 2010-09-04  )))))))))))))))))))))))))))))))
.

2010-09-04 10:08 . 2010-09-04 10:08	--------	d-----w-	c:\users\Randall\AppData\Local\temp
2010-09-04 10:08 . 2010-09-04 10:08	--------	d-----w-	c:\users\Mcx2\AppData\Local\temp
2010-09-04 10:08 . 2010-09-04 10:08	--------	d-----w-	c:\users\Mcx1\AppData\Local\temp
2010-09-04 10:08 . 2010-09-04 10:08	--------	d-----w-	c:\users\Leondro.HomePC\AppData\Local\temp
2010-09-04 10:08 . 2010-09-04 10:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-04 10:08 . 2010-09-04 10:08	--------	d-----w-	c:\users\Leondro\AppData\Local\temp
2010-09-04 10:08 . 2010-09-04 10:08	--------	d-----w-	c:\users\Leon\AppData\Local\temp
2010-09-04 10:08 . 2010-09-04 10:08	--------	d-----w-	c:\users\Clara Eskey-Begay\AppData\Local\temp
2010-08-27 04:27 . 2010-08-27 04:27	--------	d-----w-	c:\program files\SpeedFan
2010-08-12 19:59 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-12 19:59 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-12 19:59 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 19:25 . 2007-06-13 07:43	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-23 19:24 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-01 07:39 . 2010-08-01 07:39	--------	d-----w-	c:\users\Leondro.HomePC\AppData\Roaming\Unity
2010-07-12 02:54 . 2007-10-25 21:48	--------	d-----w-	c:\programdata\Yahoo! Companion
2010-07-12 02:54 . 2010-07-12 02:54	--------	d-----w-	c:\programdata\Yahoo!
2010-07-12 02:54 . 2007-06-13 07:52	--------	d-----w-	c:\program files\Yahoo!
2010-07-12 02:54 . 2010-07-12 02:54	--------	d-----w-	c:\users\Leon\AppData\Roaming\Yahoo!
2010-06-26 06:05 . 2010-08-12 20:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 20:00	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 20:00	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 20:00	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 20:00	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 20:00	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-12 20:00	274944	----a-w-	c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-12 20:00	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-12 20:00	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 20:00	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-28 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AOL Fast Start"="c:\program files\AOL 9.0c\AOL.EXE" [2006-11-10 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\Clara Eskey-Begay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Leondro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Leondro.HomePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-24 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 22:51	177440	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-04-12 21:23	42032	----a-w-	c:\program files\Common Files\aol\1190090592\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 04:52	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 23:33	141624	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-23 04:49	92704	----a-w-	c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]
2007-03-02 21:55	1441792	----a-w-	c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-22 04:25	148888	----a-w-	c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-28 02:34	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2008-12-12 19:41	157312	----a-w-	c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):be,d9,0b,fa,05,b5,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1526807371-1981235705-57704842-1003]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 19:27]

2010-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 19:27]

2010-09-04 c:\windows\Tasks\User_Feed_Synchronization-{90D6BB71-0122-484B-9132-EE6C85AC325B}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]

2010-09-04 c:\windows\Tasks\User_Feed_Synchronization-{AB3F968F-23FC-413D-AC81-3DD044BD2C11}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.phoenix.cox.net/cci/home
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Leon\AppData\Roaming\Mozilla\Firefox\Profiles\9u65ymzq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.phoenix.cox.net/
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-Acoustica Mixcraft 4.5 - c:\users\Leondro\Desktop\Unwise.exe
AddRemove-Audacity_is1 - c:\users\Leondro\Desktop\Audacity\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-04 03:11
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-04  03:20:41
ComboFix-quarantined-files.txt  2010-09-04 10:20

Pre-Run: 171,548,504,064 bytes free
Post-Run: 171,849,244,672 bytes free

- - End Of File - - 42512BFDCF34634DB53173136EBB3552
 
Where is the MBAM and HiJack Logs? I looked over the log and it looks alright to me. I didnt see anything left that worries me.
 
I didn't have the time to run all 3. (We got a little distracted into BC2.) But it fixed the issues he was having so I'm pretty sure it's taken care of but I'll have him double check it with the other 2.

Thanks for looking.
Very much appreciated Mak.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
G
Computer slow and work in background
Replies
0
Views
3K
grecycle99
G
J
Freezing up
Replies
5
Views
3K
jetsmell
J
R
Please Help
Replies
3
Views
3K
carnageX
carnageX
Back
Top Bottom