Virus? - Page 3
Page 3 of 3 FirstFirst 123
Results 31 to 34 of 34

Thread: Virus?

  1. June 10th, 2009, 04:06 PM #31
    bdsr80
    bdsr80 is offline Virtual Intern
    Join Date
    Mar 2009
    Posts
    108
    ComboFix 09-06-09.06 - User 06/10/2009 14:56.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.52 [GMT -6:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090609-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\windows\system32\drivers\logiflt.iad"
    "c:\windows\system32\drivers\lvuvc.hs"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\21671
    c:\21671\CF4483.exe
    c:\21671\Nircmd.com
    C:\Tools-AV
    c:\tools-av\en.txt
    c:\tools-av\fr.txt
    c:\tools-av\Load-CF.bat
    c:\tools-av\wget.com
    c:\windows\system32\drivers\logiflt.iad
    c:\windows\system32\drivers\lvuvc.hs

    .
    ((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
    .

    2009-06-10 16:13 . 2009-06-10 16:13 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
    2009-06-10 15:18 . 2009-02-05 21:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-06-10 15:18 . 2009-02-05 21:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-06-10 15:18 . 2009-02-05 21:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-06-10 15:18 . 2009-02-05 21:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-06-10 15:18 . 2009-02-05 21:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2009-06-10 15:18 . 2009-02-05 21:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-06-10 15:18 . 2009-02-05 21:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-06-10 15:18 . 2009-02-05 21:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-06-10 15:17 . 2009-02-05 21:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
    2009-06-10 15:17 . 2009-06-10 15:17 -------- d-----w- c:\program files\Alwil Software
    2009-06-05 22:00 . 2009-06-09 17:35 14 ----a-w- c:\windows\popcinfo.dat
    2009-06-05 21:50 . 2009-06-09 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
    2009-06-05 21:50 . 2009-06-05 21:50 -------- d-----w- c:\program files\Gateway Games
    2009-06-05 16:06 . 2009-06-05 16:06 -------- d-sh--w- c:\documents and settings\User\PrivacIE
    2009-06-05 16:04 . 2009-06-05 16:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-06-05 15:53 . 2009-06-05 15:53 -------- d-----w- c:\program files\iPod
    2009-06-05 15:53 . 2009-06-05 15:54 -------- d-----w- c:\program files\iTunes
    2009-06-05 15:37 . 2009-06-05 15:37 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-04 23:00 . 2009-06-04 23:00 -------- d-sh--w- c:\documents and settings\User\IECompatCache
    2009-06-04 17:37 . 2009-06-04 17:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-06-04 15:41 . 2009-06-04 15:41 -------- d-sh--w- c:\documents and settings\User\IETldCache
    2009-06-04 15:39 . 2009-06-04 15:39 -------- d-----w- c:\windows\ie8updates
    2009-06-04 15:38 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
    2009-06-04 15:36 . 2009-06-04 15:37 -------- dc-h--w- c:\windows\ie8
    2009-05-26 18:13 . 2009-05-28 03:35 -------- d-----w- c:\program files\FirefoxPortable
    2009-05-20 13:15 . 2008-04-14 11:41 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-10 20:51 . 2008-10-21 19:53 -------- d-----w- c:\documents and settings\User\Application Data\DNA
    2009-06-10 18:55 . 2009-05-01 18:18 -------- d-----w- c:\documents and settings\User\Application Data\FrostWire
    2009-06-10 15:50 . 2008-10-21 19:53 -------- d-----w- c:\program files\DNA
    2009-06-09 16:44 . 2009-03-23 17:02 117760 ----a-w- c:\documents and settings\User\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-06-08 20:17 . 2009-03-12 15:21 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-06-05 21:35 . 2009-06-08 18:54 170896 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
    2009-06-05 15:53 . 2008-06-29 06:26 -------- d-----w- c:\program files\Common Files\Apple
    2009-06-05 15:32 . 2008-07-20 14:46 -------- d-----w- c:\program files\Safari
    2009-05-27 16:20 . 2009-03-09 17:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-05-27 16:19 . 2009-03-28 20:21 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-05-26 19:20 . 2009-03-09 17:27 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-26 19:19 . 2009-03-09 17:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-05-26 01:02 . 2009-03-08 02:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2009-05-26 01:02 . 2009-03-08 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2009-05-26 01:01 . 2008-06-29 06:41 -------- d-----w- c:\program files\Google
    2009-05-20 22:21 . 2008-07-07 19:19 50920 -c--a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-20 13:25 . 2008-01-07 23:34 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-05-14 17:11 . 2009-05-01 18:17 -------- d-----w- c:\program files\FrostWire
    2009-05-11 15:27 . 2008-10-16 19:20 -------- d-----w- c:\program files\DivX
    2009-05-11 15:26 . 2009-05-11 15:25 -------- d-----w- c:\program files\Common Files\DivX Shared
    2009-05-09 23:15 . 2009-04-29 18:33 -------- d-----w- c:\program files\IrfanView
    2009-05-04 04:40 . 2009-05-04 04:40 -------- d-----w- c:\documents and settings\User\Application Data\Final Draft
    2009-05-04 04:38 . 2009-05-04 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Final Draft
    2009-05-04 04:31 . 2009-05-04 04:31 51712 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D174.exe
    2009-05-04 04:31 . 2009-05-04 04:31 51712 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D173.exe
    2009-05-04 04:31 . 2009-05-04 04:31 51712 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D172.exe
    2009-05-04 04:31 . 2009-05-04 04:31 27648 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D171.exe
    2009-05-04 04:30 . 2009-05-04 04:30 -------- d-----w- c:\program files\Final Draft Tagger
    2009-05-04 04:30 . 2009-05-04 04:30 -------- d-----w- c:\program files\Final Draft 7
    2009-05-04 04:29 . 2009-03-12 15:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-05-01 18:26 . 2009-05-01 18:26 0 ----a-w- c:\documents and settings\User\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
    2009-05-01 18:01 . 2009-05-01 18:01 -------- d-----w- c:\documents and settings\User\Application Data\Pirates of the Atlantic
    2009-05-01 17:59 . 2009-02-14 17:59 -------- d-----w- c:\program files\LimeWire
    2009-05-01 17:39 . 2008-06-29 16:42 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
    2009-04-21 21:39 . 2009-05-01 18:34 2789376 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\ClientCells.dll
    2009-04-21 21:39 . 2009-05-01 18:34 131072 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\Silverlight.Headup.Common.dll
    2009-04-21 21:39 . 2009-05-01 18:34 2359296 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\CommonCells.dll
    2009-04-21 21:39 . 2009-05-01 18:34 233472 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\Silverlight.Charm.Engine.dll
    2009-04-21 21:37 . 2009-05-01 18:34 28672 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\Silverlight.Headup.Bridge.dll
    2009-04-21 21:36 . 2009-05-01 18:34 52736 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\SmartThreadPool.dll
    2009-04-21 21:36 . 2009-05-01 18:34 209408 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\SilverlightContrib.dll
    2009-04-21 21:35 . 2009-05-01 18:34 133120 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\SilverSgmlReader.dll
    2009-04-21 21:35 . 2009-05-01 18:34 361984 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\BidiControls.dll
    2009-04-21 21:35 . 2009-05-01 18:34 200704 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\Microsoft.Windows.Controls.dll
    2009-04-21 21:35 . 2009-05-01 18:34 23040 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\extensions\[email protected]\data\dlls\Wintellect.Threading.Silverlight.dll
    2009-04-18 23:02 . 2009-04-18 23:02 -------- d-----w- c:\program files\MSXML 6.0
    2009-04-17 17:48 . 2009-04-17 17:48 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-03-31 14:57 . 2009-03-07 01:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-03-27 15:21 . 2009-03-27 15:21 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-03-19 22:32 . 2009-03-19 22:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-19 22:32 . 2008-01-29 18:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
    "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
    "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-04-24 110592]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-04-24 610304]
    "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-8-26 91440]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/10/2009 9:18 AM 114768]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 55024]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/10/2009 9:18 AM 20560]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/23/2005 7:06 AM 231424]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 7408]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/20/2008 5:18 PM 356920]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

    2009-06-10 c:\windows\Tasks\User_Feed_Synchronization-{2ADF982F-A5A8-4D3F-BD1A-B8DF057C95BF}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\j2hv1a55.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

    ---- FIREFOX POLICIES ----
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-10 14:59
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(852)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2009-06-10 15:01
    ComboFix-quarantined-files.txt 2009-06-10 21:01
    ComboFix2.txt 2009-06-10 20:29
    ComboFix3.txt 2009-06-08 19:28

    Pre-Run: 49,235,480,576 bytes free
    Post-Run: 49,222,230,016 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    220 --- E O F --- 2009-06-04 15:39
    Reply With Quote Reply With Quote
  2. June 10th, 2009, 04:06 PM #32
    bdsr80
    bdsr80 is offline Virtual Intern
    Join Date
    Mar 2009
    Posts
    108
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:02:41 PM, on 6/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - HKCU\..\Run: [Search Protection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKCU\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
    O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 9976 bytes
    Reply With Quote Reply With Quote
  3. June 10th, 2009, 04:09 PM #33
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Very well
    While I'm checking HJT log...

    Uninstall Combofix:

    Go Start > Run
    Type in:
    combofix /u
    Note the space between the "combofix" and the "/u"
    Restart computer.
    My Home Page
    Reply With Quote Reply With Quote
  4. June 10th, 2009, 04:20 PM #34
    Broni's Avatar
    Broni
    Broni is offline Friend of Site Staff
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Disable TeaTimer, as it'll interfere with the cleaning process:
    Right click Spybot's TeaTimer System Tray Icon.
    Click Exit Spybot-S&D Resident.
    TeaTimer closes.

    ==========================================================

    1. Print this post out, since you won't have an access to it, at some point.

    2. Close all windows, except for HijackThis.

    3. Put checkmarks next to the following HijackThis entries:



    4. You may also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

    - O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
    - O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    - O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    - O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    - O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
    - O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
    - O4 - Startup: FrostWire On Startup.lnk = C:\Program Files\FrostWire\FrostWire.exe
    - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    5. Click on Fix checked button.

    6. Go Start>Run (Vista users - "Start search"), type in:
    cmd
    Click OK (Vista users - hold CTRL, and SHIFT keys, press Enter).

    Command Prompt window will open.
    Type in:
    sc stop CLTNetCnService
    Press Enter.
    Wait for the service to be stopped.

    Type in:
    sc delete CLTNetCnService
    Press Enter.
    Wait for confirmation.


    7. Restart computer.

    8. Post new HijackThis log.
    My Home Page
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules