Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix Misstep, No Recovery Counsel, Still Have Dormant Virus That Will Not Leave


  • This topic is locked This topic is locked
3 replies to this topic

#1 newbreed424

newbreed424

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 16 February 2008 - 09:59 PM

I was having problems with my computer running slow (lsass.exe was using most of my CPU memory) and ran ComboFix to try to solve my problem as a last attempt. I followed the steps found in a ComboFix Thread found on this site, but it appears that after downloading RECOVERY COUNSEL FOLDER to my desktop, it failed to copy its contents into the COMBOFIX Folder (though I did drag the RC Folder over the ComboFix Folder as instructed). This is my first problem. In another thread I have been told that this is very bad, but have not received any advice on how to correctly install the RCF onto my computer. PLEASE ADVISE!!!! (Note: my computer is running smoothly since running ComboFix)

The second problem is that I have not installed or used HIJACKTHIS to create a log. It has been recommended that I install and run this program by an expert, but was unclear if I should install the RECOVERYCOUNSEL before doing so.

My third problem is that after running ComboFix, I still have the virus files "pmkhf.dll" and "pmkhf.dll.vir", and am assuming other problems as well.

I am not a Malware Removal Expert and am in dire need of help. Below is a copy of the ComboFix Output .txt file. Any help is greatly appreciated.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

I ran combofix, things appear to be working great. I do not want to turn my computer off in fear that my computer will revert to its previous state. I can still see a recognized virus file "pmkhf.dll" and "pmkhf.dll.vir" in my system32 folder. Though they do not appear to be active, I do not want to make any moves until advised by a someone with a higher knowledge. Below is my .txt output file created by combofix. Please help! NEED TO SLEEP!!!

+++++++++++++++++++++++++++++++++++++++++++++++++++

ComboFix 08-02-15.2 - Chris 2008-02-15 4:41:11.1 - NTFSx86
Running from: C:\Documents and Settings\Chris\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Chris\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Chris\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Chris\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Chris\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule12.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\trgts.gz
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\anwwljuc.ini
C:\WINDOWS\system32\btizkviu.dllbox
C:\WINDOWS\system32\bwppfdtm.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\flxsqsno.dllbox
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ohqpvixa.dllbox
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pyrpsegw.dllbox
C:\WINDOWS\system32\quheagdn.ini
C:\WINDOWS\system32\rkskjkqc.ini
C:\WINDOWS\system32\utgdnjoz.dllbox
C:\WINDOWS\system32\vMW02a
C:\WINDOWS\system32\vp4
C:\WINDOWS\system32\vwzcwopg.dllbox
C:\WINDOWS\system32\zb2
C:\WINDOWS\system32\zhvsrhzo.dllbox

.
((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-15 07:01 . 2008-02-15 07:25 233,999 --ahs---- C:\WINDOWS\system32\fhkmp.ini2
2008-02-15 06:57 . 2008-02-15 07:26 234,120 --ahs---- C:\WINDOWS\system32\fhkmp.ini
2008-02-15 06:03 . 2008-02-15 06:03 334,336 --a------ C:\WINDOWS\system32\pmkhf.dll.vir
2008-02-11 21:46 . 2008-02-13 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-02-11 21:44 . 2008-02-11 21:45 <DIR> d-------- C:\Program Files\Security Task Manager
2008-02-11 16:50 . 2008-02-11 16:45 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 16:50 . 2008-02-11 16:51 3,444 --a------ C:\WINDOWS\unins000.dat
2008-02-10 17:34 . 2008-02-10 17:34 15 --a------ C:\WINDOWS\system32\440da508
2008-02-10 01:23 . 2008-02-10 01:24 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\MailFrontier
2008-02-09 05:09 . 2008-02-09 12:33 512 --a------ C:\ScanSectorLog.dat
2008-02-09 04:51 . 2008-02-15 07:19 5,367,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-09 04:51 . 2008-02-15 06:42 72,884 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-09 04:41 . 2008-02-09 04:41 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-09 04:41 . 2007-11-14 16:05 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-09 04:41 . 2008-02-15 06:56 355,091 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-09 04:41 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-08 18:05 . 2008-02-10 01:22 1,998,259 --ahs---- C:\WINDOWS\system32\stysuywr.ini
2008-02-07 01:46 . 2008-02-07 01:46 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-06 18:02 . 2008-02-06 18:07 <DIR> d-------- C:\Program Files\Macromedia
2008-02-06 18:02 . 2008-02-06 18:11 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-02-05 01:24 . 2008-02-08 18:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-05 01:24 . 2008-02-05 01:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-04 02:26 . 2008-02-04 02:26 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-02-04 02:26 . 2008-02-04 02:26 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-02-02 03:00 . 2008-02-09 17:56 49 --a------ C:\WINDOWS\BM473e841a.xml
2008-02-02 03:00 . 2008-02-10 01:23 22 --a------ C:\WINDOWS\pskt.ini
2008-01-31 19:47 . 2008-01-31 19:47 334,336 --a------ C:\WINDOWS\system32\pmkhf.dll
2008-01-31 19:46 . 2008-01-31 19:46 <DIR> d-------- C:\Program Files\RcvSystem
2008-01-31 17:15 . 2004-12-14 11:07 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-01-31 17:15 . 2004-12-14 11:07 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-01-31 17:07 . 2004-12-14 11:07 274,432 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2008-01-31 17:07 . 2004-12-14 11:07 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-01-29 19:19 . 2008-01-29 19:20 <DIR> d-------- C:\Program Files\WinPcap
2008-01-29 18:55 . 2008-01-29 20:50 <DIR> d-------- C:\Program Files\WMR11
2008-01-29 18:09 . 2008-01-29 18:23 <DIR> d-------- C:\Program Files\GetASFStream
2008-01-28 22:41 . 2008-01-28 22:41 0 --a------ C:\Documents and Settings\Chris\reset.cmd
2008-01-28 22:38 . 2008-01-28 22:38 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-01-28 22:10 . 2008-01-11 17:39 145,408 --a------ C:\WINDOWS\system32\ZuneMTPZ.dll
2008-01-28 22:10 . 2008-01-11 17:39 70,656 --a------ C:\WINDOWS\system32\ZuneIpTransport.dll
2008-01-28 22:10 . 2008-01-11 17:39 62,464 --a------ C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-01-28 22:10 . 2008-01-11 17:39 35,840 --a------ C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-01-28 22:07 . 2008-01-28 22:22 <DIR> d-------- C:\bcaff7368770197470fc1cb5c1
2008-01-26 10:46 . 2008-01-26 10:46 270,698 --a------ C:\WINDOWS\system32\L9AF7.tmp
2008-01-26 10:46 . 2008-01-26 10:46 181,965 --a------ C:\WINDOWS\system32\L47FE.tmp
2008-01-19 05:25 . 2008-01-19 05:31 <DIR> d-------- C:\Program Files\ICOO Loader
2008-01-18 19:12 . 2008-01-18 19:12 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-01-18 18:01 . 2008-01-18 18:01 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-18 17:55 . 2008-01-18 18:02 <DIR> d-------- C:\Program Files\MSECACHE
2008-01-18 17:45 . 2008-01-28 22:10 <DIR> d-------- C:\Program Files\Zune
2008-01-18 15:01 . 2008-01-18 15:01 <DIR> d-------- C:\e48b2fd84beff9728b9bf0e9a4
2008-01-18 14:37 . 2008-01-18 14:50 <DIR> d-------- C:\Program Files\PConPoint
2008-01-18 14:33 . 2008-01-18 14:35 <DIR> d-------- C:\Program Files\WhatsRunning
2008-01-16 15:14 . 2008-01-16 15:14 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\acccore
2008-01-16 15:07 . 2008-01-16 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-16 15:00 . 2008-01-16 15:13 449 --ah----- C:\IPH.PH
2008-01-16 14:21 . 2008-02-13 22:57 3,507 --a------ C:\rollback.ini
2008-01-16 09:09 . 2008-01-16 09:09 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Uniblue
2008-01-16 08:56 . 2008-01-16 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-16 08:56 . 2008-02-15 03:04 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-01-16 08:54 . 2008-02-11 20:17 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 11:44 2,655,452 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-02-15 11:42 2,897,408 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-02-15 11:42 2,074,624 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-02-14 02:13 2,042,368 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-02-14 02:13 1,357,824 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-02-13 23:42 1,249,792 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-02-13 00:45 616,448 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-02-13 00:45 2,038,272 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-02-12 23:33 329,728 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-02-12 23:33 2,036,224 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-02-12 22:58 307,200 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-12 22:27 2,038,272 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-02-12 22:27 1,492,992 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-02-12 11:20 2,036,224 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-02-12 11:20 1,225,728 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-02-12 09:02 2,884,096 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-12 00:47 2,922,496 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-11 02:26 1,261,056 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-11 00:23 1,883,648 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-11 00:23 1,060,352 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-10 22:25 719,360 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-10 09:09 3,006,976 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-10 09:09 1,881,600 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-09 20:55 --------- d-----w C:\Program Files\UltimateBet
2008-02-09 09:10 --------- d-----w C:\Program Files\FileZilla
2008-02-09 09:10 --------- d-----w C:\Program Files\eMule
2008-02-09 09:08 --------- d-----w C:\Program Files\AIM
2008-02-09 09:08 --------- d-----w C:\Documents and Settings\Chris\Application Data\Aim
2008-02-04 21:16 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
2008-01-18 14:30 --------- d-----w C:\Program Files\palmOne
2008-01-17 19:28 --------- d-----w C:\Program Files\Lexmark X6100 Series
2008-01-16 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-16 20:12 --------- d-----w C:\Program Files\Viewpoint
2008-01-16 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-15 21:18 --------- d-----w C:\Program Files\BitComet
2008-01-13 07:45 --------- d-----w C:\Documents and Settings\Chris\Application Data\Webshots
2008-01-12 10:34 --------- d-----w C:\Documents and Settings\Chris\Application Data\Ahead
2008-01-11 22:54 61,856 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2008-01-11 22:54 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-01-11 22:39 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2008-01-10 02:33 95,312 ----a-w C:\Documents and Settings\Chris\Application Data\GDIPFONTCACHEV1.DAT
2007-12-27 10:01 --------- d-----w C:\Program Files\MSXML 6.0
2007-12-26 09:14 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-26 07:34 --------- d-----w C:\Program Files\DIFX
2007-12-26 07:33 --------- d-----w C:\Program Files\Common Files\ComponentOne
2007-12-26 06:18 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-26 06:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2007-12-26 05:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2007-12-26 04:59 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-26 04:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2007-12-26 04:56 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-26 04:52 --------- d-----w C:\Program Files\Nero
2007-12-26 04:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-17 05:27 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2007-12-17 04:23 9,655,296 ----a-w C:\WINDOWS\system32\logonuiX.exe
2007-12-16 21:06 --------- d-----w C:\Program Files\WinCustomize
2007-12-16 20:48 --------- d-----w C:\Program Files\Common Files\Stardock
2007-12-16 20:47 --------- d-----w C:\Program Files\Stardock
2007-12-15 18:42 --------- d-----w C:\Program Files\DivX
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-30 23:16 1,419,232 ----a-w C:\WINDOWS\system32\WdfCoInstaller01005.dll
2006-10-17 19:28 55,998 ----a-w C:\WINDOWS\Cursors\SNF.zip
2006-10-17 19:22 90,329 ----a-w C:\WINDOWS\Cursors\DLS\a\125643.zip
2006-10-17 19:22 8,189 ----a-w C:\WINDOWS\Cursors\DLS\a\114243.zip
2006-10-17 19:22 27,967 ----a-w C:\WINDOWS\Cursors\DLS\a\124572.zip
2006-10-17 19:21 43,153 ----a-w C:\WINDOWS\Cursors\DLS\a\116008.zip
2006-10-17 19:20 47,326 ----a-w C:\WINDOWS\Cursors\DLS\a\119805.zip
2006-10-17 19:19 56,087 ----a-w C:\WINDOWS\Cursors\DLS\a\105945.zip
2006-10-17 19:17 52,337 ----a-w C:\WINDOWS\Cursors\DLS\a\158949.zip
2006-10-17 19:17 34,366 ----a-w C:\WINDOWS\Cursors\DLS\a\104278.zip
2006-10-17 19:17 143,789 ----a-w C:\WINDOWS\Cursors\DLS\a\103645.zip
2006-10-17 19:16 55,937 ----a-w C:\WINDOWS\Cursors\DLS\a\160073.zip
2006-10-17 19:12 60,999 ----a-w C:\WINDOWS\Cursors\DLS\a\161605(2).zip
2006-10-17 19:06 60,999 ----a-w C:\WINDOWS\Cursors\DLS\a\161605.zip
2006-10-17 19:06 60,999 ----a-w C:\WINDOWS\Cursors\Copy of 161605.cur.zip
2006-10-17 19:06 60,999 ----a-w C:\WINDOWS\Cursors\161605\161605.cur.zip
2006-10-17 19:06 60,999 ----a-w C:\WINDOWS\Cursors\161605.zip
2006-10-17 19:06 60,999 ----a-w C:\WINDOWS\Cursors\161605.cur.zip
2005-10-28 00:23 27,206 ----a-w C:\WINDOWS\Cursors\124572\blackhawk.exe
2007-10-11 01:06 6,465 --sha-w C:\WINDOWS\system32\vvwxx.bak1
2007-10-24 17:03 410,596 --sha-w C:\WINDOWS\system32\vvwxx.bak2
2007-10-24 18:56 311,601 --sha-w C:\WINDOWS\system32\vvwxx.ini2
.
Files Infected - Win32.Agent.zb
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAFA9AB0-0BEC-49FB-A409-3278B1CB511B}]
2008-01-31 19:47 334336 --a------ C:\WINDOWS\system32\pmkhf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"SysRestore"="C:\DOCUME~1\Chris\LOCALS~1\Temp\tmp57.tmp.exe" [ ]
"SfKg6w"="C:\Documents and Settings\Chris\Application Data\Microsoft\Windows\antqsj.exe" [ ]
"QdrPack12"="C:\Program Files\QdrPack\QdrPack12.exe" [ ]
"QdrModule12"="C:\Program Files\QdrModule\QdrModule12.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 11:24 1694208]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-05-15 17:12 484904]
"DW4"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 10:21 153136]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 17:54 166304]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 00:40 124656]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"Lexmark_X79-55"="C:\WINDOWS\System32\lsasss.exe" [ ]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 13:54 229952]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2005-10-19 07:59 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2005-10-19 07:59 126976]
"HostManager"="C:\Program Files\Common Files\AOL\1123874687\EE\AOLHostManager.exe" [ ]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 16:14 53408]
"CARPService"="carpserv.exe" [2002-10-17 10:54 4608 C:\WINDOWS\system32\carpserv.exe]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"BM473e841a"="C:\WINDOWS\system32\iffwxfwc.dll" [ ]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [ ]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2005-04-11 09:36 83544]
"AEIWLSTA.EXE"="AEIWLSTA.exe" [2002-09-23 19:07 214016 C:\WINDOWS\system32\AEIWLSTA.exe]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"440db786"="C:\WINDOWS\system32\rwyusyts.dll" [ ]
"combofix"="C:\WINDOWS\system32\kmd.exe" [2004-08-04 02:56 388608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Win TaskLoader"="msgmr.exe" []
"sysPersonalFirewall"="msnmssgr.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01 437160]

C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-06-09 13:27:34 471040]
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe [2007-09-30 18:57:51 2367488]
Script execution time was exceeded on script "C:\ComboFix\lnkread.vbs".
Script execution was terminated.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-07-22 11:41:55 113664]
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe [2005-08-18 16:09:58 1388544]
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-02-07 04:34:10 118784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-05-15 21:14:33 24576]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 13:27:34 471040]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 13:27:34 471040]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
University at Buffalo VPN Client.lnk - C:\Program Files\UB-VPN\vpngui.exe [2005-05-18 10:16:59 1462104]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Warning homepage

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EE0DBHCJ"= {7C212A2B-2E1C-3D4B-2F29-69FB7C3261BA} - C:\WINDOWS\System32\Obbkoleb.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
"SFCDisable"=dword:00000004

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\flxsqsno]
flxsqsno.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ie4i32]
ie4i32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuuvt]
vtuuuvt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)



[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 17:06:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 11:47:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 06:57:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\fhkmp.ini2 233999 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\pmkhf.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\UB-VPN\cvpnd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
.
**************************************************************************
.
Completion time: 2008-02-15 10:35:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-15 15:23:14
.
2008-02-12 21:29:21 --- E O F ---


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Thanks to anyone that has taken the time to read through this thread in attempt to help.

BC AdBot (Login to Remove)

 


#2 newbreed424

newbreed424
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 17 February 2008 - 05:49 AM

OK, so I loaded "HIJACKTHIS" onto my computer and ran it. Below is the output.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:47 AM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\UB-VPN\cvpnd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\AEIWLSTA.EXE
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1123874687\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [BM473e841a] Rundll32.exe "C:\WINDOWS\system32\iffwxfwc.dll",s
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [440db786] rundll32.exe "C:\WINDOWS\system32\rwyusyts.dll",b
O4 - HKLM\..\RunServices: [Win TaskLoader] msgmr.exe
O4 - HKLM\..\RunServices: [sysPersonalFirewall] msnmssgr.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [QdrPack12] "C:\Program Files\QdrPack\QdrPack12.exe"
O4 - HKCU\..\Run: [QdrModule12] "C:\Program Files\QdrModule\QdrModule12.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: University at Buffalo VPN Client.lnk = C:\Program Files\UB-VPN\vpngui.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131698687204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131698675387
O17 - HKLM\System\CCS\Services\Tcpip\..\{38B364C8-1CB0-45D2-9447-0C87ABA5F76A}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0C3B5B9-BBCD-45A8-B354-5591B3DE96E7}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O20 - AppInit_DLLs:
O21 - SSODL: EE0DBHCJ - {7C212A2B-2E1C-3D4B-2F29-69FB7C3261BA} - C:\WINDOWS\System32\Obbkoleb.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UB-VPN\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: Warning homepage - C:\WINDOWS\warnhp.html

--
End of file - 12615 bytes


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Please advise on what to do next. Thank you.

#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:09:57 PM

Posted 29 February 2008 - 08:33 PM

Hello newbreed424,

Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.

Ken

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:09:57 PM

Posted 16 March 2008 - 08:50 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users