Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How To Get Rid Of Possible Trojandownloader.xs/webhancer


  • This topic is locked This topic is locked
1 reply to this topic

#1 Grc733

Grc733

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 06 April 2008 - 08:37 PM

Hello.
My dilemma is this my computer has gotten infected with something I don't know, the wallpaper has turned to blue with a message that "Warning:Spyware threat has been detected on your PC. Your computer has several fatal errors due to spyware activity....etc" Looks something like this :Posted Image
Also on the taskbar yellow triangles with an exclamation mark appear saying my computer is running slow because of spyware that i should click on the link to remove them....
When I do Ctrl Alt Delete it says it has been disabled by Administrator.....
I keep getting windows popping up saying I have TrojanDownloader.xs, stcloader.exe, wmlo.exe, seekmohook.dll in my computer
Now I tried SmitfraudFix and nothing I don't know what else to do so I ran a Combofix and so hoping someone could help me I've attached the log below I hope someone can help.

ComboFix 08-04-06.1 - Owner 2008-04-06 21:03:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.501 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Desktopblackbird.jpg
C:\Documents and Settings\Owner\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Owner\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Owner\Desktopfilemanagerclient.exe
C:\Documents and Settings\Owner\Desktopfkwp1.5.exe
C:\Documents and Settings\Owner\Desktopfkwp2.0.exe
C:\Documents and Settings\Owner\Desktopfwebd.exe
C:\Documents and Settings\Owner\DesktopFWebdEditor.exe
C:\Documents and Settings\Owner\DesktopTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Owner\Desktopvirii
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mrofinu1720.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssecu.exe
C:\WINDOWS\mssvr.exe
C:\WINDOWS\PerfInfo
C:\WINDOWS\PerfInfo\MSv0OMOZyuwp.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\voiceip.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-07 to 2008-04-07 )))))))))))))))))))))))))))))))
.

2008-04-06 21:10 . 2008-04-06 21:10 98,304 --a------ C:\WINDOWS\system32\tapcjadk.exe
2008-04-06 21:06 . 2008-04-06 21:16 <DIR> d-------- C:\Program Files\seekmo
2008-04-06 18:18 . 2008-04-06 18:18 <DIR> d-------- C:\Program Files\PC-Cleaner
2008-04-06 17:19 . 2008-04-06 17:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 17:19 . 2008-04-06 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 16:49 . 2008-04-06 16:49 <DIR> d-------- C:\Program Files\stc
2008-04-06 16:49 . 2008-04-06 16:49 <DIR> d-------- C:\Program Files\180solutions
2008-04-06 16:49 . 2008-04-06 16:49 <DIR> d-------- C:\Program Files\180searchassistant
2008-04-06 16:49 . 2008-04-06 16:49 <DIR> d-------- C:\Program Files\180search assistant
2008-04-06 16:33 . 2008-04-06 16:33 <DIR> d-------- C:\Program Files\Sysmnt
2008-04-06 16:31 . 2008-04-06 16:31 <DIR> d-------- C:\Program Files\zango
2008-04-06 16:00 . 2008-04-06 16:00 8,192 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-06 15:46 . 2008-04-06 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-06 15:30 . 2008-04-06 15:30 <DIR> d-------- C:\WINDOWS\uprjiefj
2008-04-06 15:30 . 2008-04-06 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vaninufq
2008-04-06 15:30 . 2008-04-06 15:30 182,784 --a------ C:\WINDOWS\ypuvkjcl.dll
2008-04-06 15:30 . 2008-04-06 15:30 114,688 --a------ C:\WINDOWS\system32\zwrwvwdk.exe
2008-04-06 15:30 . 2008-04-06 15:30 67,584 --a------ C:\WINDOWS\tkhmlcbs.dll
2008-04-06 15:30 . 2008-04-06 15:30 67,584 --a------ C:\Documents and Settings\All Users\Application Data\fghkjczs.dll
2008-04-06 15:29 . 2008-04-06 16:31 <DIR> d-------- C:\Program Files\Bat
2008-04-06 15:29 . 2008-04-06 15:29 91,561 --a------ C:\WINDOWS\system32\wmsdkns.exe
2008-03-30 17:58 . 2008-03-30 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-30 17:41 . 2008-03-30 17:41 <DIR> d-------- C:\Program Files\Bonjour
2008-03-30 17:27 . 2008-03-30 17:27 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-03-19 12:38 . 2008-03-19 12:38 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-03-19 12:38 . 2008-03-19 12:38 <DIR> d-------- C:\Program Files\Comcast
2008-03-19 12:38 . 2008-03-19 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-03-19 09:21 . 2008-03-19 09:21 <DIR> d-------- C:\Program Files\iPod
2008-03-16 18:59 . 2008-03-16 18:59 1,348 --a------ C:\WINDOWS\mozver.dat
2008-03-16 18:57 . 2008-03-16 19:04 <DIR> d-------- C:\Documents and Settings\Owner\dwhelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 01:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-06 20:50 75,592 ----a-w C:\smitfrau.reg
2008-04-06 20:50 6,164 ----a-w C:\smitfra.reg
2008-04-06 19:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-04-06 19:14 --------- d-----w C:\Program Files\Common Files\Ahead
2008-04-02 04:04 1,112 ----a-w C:\Documents and Settings\Owner\Application Data\ViewerApp.dat
2008-03-31 00:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-25 01:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-19 20:01 --------- d-----w C:\Program Files\Flock
2008-03-19 20:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\Flock
2008-03-19 13:22 --------- d-----w C:\Program Files\iTunes
2008-03-19 13:20 --------- d-----w C:\Program Files\QuickTime
2008-03-18 02:30 --------- d-----w C:\Program Files\Google
2008-03-16 01:56 --------- d-----w C:\Program Files\Java
2008-03-07 01:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-05 03:36 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-03 06:02 --------- d-----w C:\Program Files\Windows Live
2008-03-03 06:01 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-29 06:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 05:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\PopCap
2008-02-12 15:44 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-12 15:44 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-12 15:44 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-12 15:44 --------- d-----w C:\Program Files\Symantec
2006-12-03 00:27 138 ----a-w C:\Program Files\INSTALL.LOG
2006-02-14 04:16 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F7460B-C831-4142-A4AA-5EC303EC4343}]
C:\Program Files\Bat\Bat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b1f03258-1dd1-11b2-844a-d95ac99666f6}]
2008-04-06 15:30 67584 --a------ C:\WINDOWS\tkhmlcbs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 09:56 15360]
"NetSP - restore settings on power failure"="C:\Program Files\AT&T Global Network Client\NetSP.exe" [ ]
"EPSON Stylus CX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.exe" [2007-01-25 07:00 179200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-03 09:54 486856]
"bfndfyqp"="C:\WINDOWS\system32\zwrwvwdk.exe" [2008-04-06 15:30 114688]
"pxpmmkul"="C:\WINDOWS\system32\tapcjadk.exe" [2008-04-06 21:10 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tweak UI"="TWEAKUI.CPL" [2000-06-18 15:03 106544 C:\WINDOWS\system32\TWEAKUI.CPL]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 17:57 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 17:59 77824]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 21:22 26248]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-12 09:58 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2003-07-16 16:22 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-07-16 16:23 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-07-16 16:23 455168]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ClubBox"="" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21 198184]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 17:51:54 45568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"MSv0OMOZyu"= C:\Documents and Settings\All Users\Application Data\vaninufq\zqdqbqvs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"msacm.enc"= ITIG726.acm
"MSVideo"= vfwwdm32.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S3 agnfilt;AGN Filter Interface;C:\WINDOWS\system32\DRIVERS\agnfilt.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [1997-12-22 21:02]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 21:00:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-08 06:48:36 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 21:16:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-04-06 21:19:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-07 01:19:35
Pre-Run: 4,090,454,016 bytes free
Post-Run: 6,772,236,288 bytes free
.
2008-03-13 03:17:02 --- E O F ---

Edited by Grc733, 06 April 2008 - 08:48 PM.


BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:57 PM

Posted 06 April 2008 - 09:04 PM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users