Jump to content
Sign in to follow this  
thehulk18

Combofix Log

Recommended Posts

Need to know if all is ok...

ComboFix 10-05-22.03 - HB 05/23/2010 13:05:14.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1245 [GMT -4:00]

Running from: i:\program files\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))

.

 

2010-05-23 16:16 . 2010-05-23 16:16 -------- d-----w- c:\program files\Belarc

2010-05-23 16:16 . 2008-03-06 15:51 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys

2010-05-23 15:41 . 2010-05-23 16:06 -------- d-----w- c:\program files\RegCleaner

2010-05-23 02:21 . 2008-04-13 16:44 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

2010-05-23 02:21 . 2010-05-23 02:21 -------- d-----w- C:\USMT.TMP

2010-05-22 19:27 . 2010-05-22 19:27 -------- d-----w- c:\documents and settings\HB\Application Data\Malwarebytes

2010-05-22 19:27 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-22 19:27 . 2010-05-22 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-22 19:27 . 2010-05-22 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-22 19:27 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-22 17:56 . 2010-05-22 17:56 -------- d-----w- c:\program files\IObit

2010-05-22 17:56 . 2010-05-22 17:56 -------- d-----w- c:\documents and settings\HB\Application Data\IObit

2010-05-21 04:16 . 2010-03-11 12:38 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-05-21 04:16 . 2010-03-11 12:38 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-05-21 04:16 . 2010-03-11 12:38 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-05-21 04:16 . 2010-03-11 12:38 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-05-21 04:16 . 2010-03-11 12:38 63488 -c----w- c:\windows\system32\dllcache\icardie.dll

2010-05-21 04:16 . 2010-03-11 12:38 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll

2010-05-21 04:16 . 2010-03-10 13:18 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe

2010-05-21 04:16 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat

2010-05-20 22:32 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll

2010-05-20 15:53 . 2010-05-20 15:53 -------- d-----w- c:\windows\system32\scripting

2010-05-20 15:53 . 2010-05-20 15:53 -------- d-----w- c:\windows\system32\en

2010-05-20 15:53 . 2010-05-20 15:53 -------- d-----w- c:\windows\system32\bits

2010-05-20 15:53 . 2010-05-20 15:53 -------- d-----w- c:\windows\l2schemas

2010-05-20 15:47 . 2010-05-20 15:47 -------- d-----w- c:\windows\EHome

2010-05-20 11:11 . 2010-05-20 11:11 -------- d-----w- c:\program files\CleanUp!

2010-05-20 11:10 . 2010-05-20 11:10 -------- d-----w- c:\documents and settings\HB\Application Data\Auslogics

2010-05-20 11:10 . 2010-05-20 11:10 -------- d-----w- c:\program files\Auslogics

2010-05-20 11:03 . 2010-05-20 11:03 -------- d-----w- c:\windows\system32\XPSViewer

2010-05-20 11:03 . 2010-05-20 11:03 -------- d-----w- c:\program files\MSBuild

2010-05-20 11:03 . 2010-05-20 11:03 -------- d-----w- c:\program files\Reference Assemblies

2010-05-20 11:02 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-05-20 11:02 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-05-20 11:02 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-05-20 11:02 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-05-20 11:02 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-05-20 11:02 . 2010-05-20 11:03 -------- d-----w- C:\b2487a92a33ec8f59d2145

2010-05-20 11:02 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-05-20 11:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-05-20 11:02 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-05-20 11:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-05-20 11:01 . 2010-05-20 11:01 -------- d-----w- c:\program files\MSXML 6.0

2010-05-20 10:16 . 2004-08-04 04:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys

2010-05-20 10:10 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-05-20 10:10 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-05-20 10:10 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys

2010-05-20 10:10 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll

2010-05-20 10:10 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

2010-05-20 10:09 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-05-20 10:09 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-05-20 10:06 . 2010-05-22 04:14 -------- d--h--w- c:\windows\$hf_mig$

2010-05-20 09:58 . 2010-05-20 09:58 -------- d-s---w- c:\documents and settings\HB\UserData

2010-05-20 09:51 . 2010-05-20 09:51 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-05-20 09:51 . 2010-05-20 09:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-05-20 09:51 . 2010-05-20 09:51 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-20 09:51 . 2010-05-20 09:51 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-05-20 09:51 . 2010-05-22 23:46 -------- d-----w- c:\windows\system32\drivers\Avg

2010-05-20 09:51 . 2010-05-20 09:51 -------- d-----w- c:\program files\AVG

2010-05-20 09:51 . 2010-05-20 09:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-05-20 09:43 . 2010-05-20 09:43 0 ----a-w- c:\windows\ativpsrm.bin

2010-05-20 09:40 . 2009-07-31 05:27 311296 ----a-r- c:\windows\system32\atiiiexx.dll

2010-05-20 09:40 . 2009-07-31 05:42 446464 ----a-r- c:\windows\system32\ATIDEMGX.dll

2010-05-20 09:40 . 2009-07-31 05:02 887724 ----a-r- c:\windows\system32\ativva6x.dat

2010-05-20 09:40 . 2009-07-31 05:02 3 ----a-r- c:\windows\system32\ativva5x.dat

2010-05-20 09:40 . 2009-06-11 16:54 197655 ----a-r- c:\windows\system32\atiicdxx.dat

2010-05-20 09:40 . 2010-05-20 09:40 -------- d-----w- c:\program files\ATI Technologies

2010-05-20 09:40 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys

2010-05-20 09:40 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys

2010-05-20 09:40 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys

2010-05-20 09:37 . 2010-03-08 14:41 220112 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys

2010-05-20 09:37 . 2010-01-12 09:35 80416 ----a-w- c:\windows\system32\RtNicProp32.dll

2010-05-20 09:37 . 2010-05-20 09:37 -------- d-----w- c:\program files\Realtek

2010-05-20 09:37 . 2010-05-20 09:40 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-20 09:36 . 2004-08-13 18:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys

2010-05-20 09:36 . 2009-04-03 12:30 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-20 15:55 . 2010-05-20 08:59 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-05-20 09:39 . 2010-05-20 09:38 -------- d-----w- c:\program files\Common Files\InstallShield

2010-05-20 09:39 . 2010-05-20 09:39 -------- d-----w- c:\program files\VIA

2010-05-20 08:59 . 2010-05-20 08:59 -------- d-----w- c:\program files\microsoft frontpage

2010-05-20 08:57 . 2010-05-20 08:57 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2010-03-11 12:38 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll

2010-03-11 12:38 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-03-11 12:38 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2010-03-09 11:09 . 2004-08-04 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-02-24 13:11 . 2004-08-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2009-08-28 33673216]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-05-20 09:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/20/2010 5:51 AM 216200]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/20/2010 5:51 AM 242896]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [5/20/2010 5:51 AM 916760]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/20/2010 5:51 AM 308064]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [5/20/2010 5:39 AM 1390976]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.cfnews13.com/

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-23 13:06

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(660)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'explorer.exe'(3868)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2010-05-23 13:07:21

ComboFix-quarantined-files.txt 2010-05-23 17:07

 

Pre-Run: 301,078,396,928 bytes free

Post-Run: 301,097,476,096 bytes free

 

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

- - End Of File - - 6FA5A3BCD704D1951BAC4BAAE32254F6

Share this post


Link to post
Share on other sites

Hulk, looks OK.

 

Have you tried any online scans?

 

Whats the machine doing?

Share this post


Link to post
Share on other sites

Hey Jules....I haven't done any on line scans because usually it won't stay on for a full scan. I lucked out with this one.

This is still the same machine that starts and stops randomly.

 

A quick historic synopsis if I may:

 

Brought to me because it started up in the middle of the night, and shut down when it felt like it.

 

Replaced broken Power switch

Replaced motherboard, CPU,heatsind, and fan.

Replaced RAM

Replaced Power Supply

Added extra case fan for cooling.

Removed Vista from SATA HD and installed XP Home

Malware Bytes finds nothing wrong

AVG also comes up clean

Now Combofix looks good also

Completely isolated everything from the case on my workbench, and it ran perfectly for about 15 hours.

Installed everything in an older case, and it ran perfectly for a number of hours also.

I made an insulating gasket of sorts from a new clear back seat floor mat to prevent any arcing from mobo solder points.

The board is a combo board, so last night I removed SATA drive and replaced with IDE drive and installed Windows XP Home.

 

All of this and many hours of troubleshooting and it is doing the same thing as the day it was brought to me, while it is in the original case.

It shutdown this morning while doing Windows updates on the newly installed IDE drive with fresh XP Home

 

Running out of ideas other than getting a new case, so ran Combofix for a fresh perspective.

 

Every suggestion people make to solve this headbuster is negated by the fact that the hardware is all NEW and tested, and the fact that every action

is a repeat of what was happening when it was first brought to me.

I've done the piece by piece in and out of the case one at a time, etc, ad naseum, and like I said Jules, I'm about out of ideas.

 

Sorry...didn't mean to ramble on, you know how us Northerners are when ya get us ta yakkin...lol

Share this post


Link to post
Share on other sites

Replaced broken Power switch

Hush, your not rambling just as confused as I am.

The above sounds interesting and it makes me wonder if something else associated with the power switch could be broke?, as it went deeper into the computer somehow.

I have not heard of any new malware lately that causes a machine to turn off and turn on back on. We have seen in the past one that could cause computers to lock up and turn off but......can't turn back on if it's unplugged eh?, can't do much computer work that way either.

You may have a machine that hits the record books....

Share this post


Link to post
Share on other sites

Maybe I can find a Poltergeist remover on Ebay.

LOL!

 

Bob, you've got a one of a kind machine here.

Somethings damaged and I don't think it's malware related at all. I know you've replaced everything under the hood and so sorry that I've been no help :blushing:

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×