Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt & Combofix Logs


  • This topic is locked This topic is locked
2 replies to this topic

#1 TheHelp

TheHelp

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 16 April 2008 - 05:52 AM

Hi everyone,

A friend asked me to take a look at her laptop (Windows Vista Home) as it was running rather slow, i ran the usual tools, Spybot 1.5, Lavasoft Adaware, SuperAntiSpyware, AVG. I have also installed Comodo on it as ZoneAlarm seems to crash the system when TrueVector starts up.

As well as the above i also ran A HijackThis report (log below) - could you please help me check if something is still there?

also i can ComboFix and i noticed a couple of things. During the scan it was counting up 1, 2, 3 etc until it got to 8 and then 8A, after this is continued counting until it got to 11, 11A, 11B etc until it completed. What is the A and B for???

Also during the scan a file was created on the desktop called CatchMe, when the scan completed it was removed. any ideas what this was?

Thanks,

LOGS


***********COMBOFIX***********

ComboFix 08-04-14.2 - Robyn 2008-04-15 23:19:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.94 [GMT 1:00]
Running from: C:\Users\Robyn\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-15 22:03 . 2008-04-15 22:03 280 --a------ C:\Windows\System32\PDBootState
2008-04-15 21:07 . 2008-04-15 21:07 185 --a------ C:\Windows\wininit.ini
2008-04-15 19:59 . 2008-04-15 19:59 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-04-15 19:59 . 2008-04-15 19:59 <DIR> d-------- C:\ProgramData\Raxco
2008-04-15 19:59 . 2008-01-09 22:00 68,624 -ra------ C:\Windows\System32\drivers\DefragFS.sys
2008-04-15 19:57 . 2008-04-15 19:59 <DIR> d-------- C:\Program Files\Raxco
2008-04-15 19:56 . 2008-04-15 19:56 <DIR> d-------- C:\Program Files\CCleaner
2008-04-15 19:50 . 2008-04-15 19:50 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-04-15 19:49 . 2008-04-15 19:49 <DIR> d-------- C:\Users\Robyn\AppData\Roaming\SUPERAntiSpyware.com
2008-04-15 19:49 . 2008-04-15 22:12 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-15 19:42 . 2008-04-15 19:42 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 19:30 . 2008-04-15 19:40 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-15 19:30 . 2008-04-15 19:31 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-10 01:37 . 2008-02-29 05:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-10 01:37 . 2008-02-15 00:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-10 01:37 . 2008-02-19 06:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-10 01:37 . 2008-02-29 07:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-10 01:37 . 2008-02-29 07:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-10 01:37 . 2008-02-21 05:43 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-10 01:37 . 2008-02-29 07:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-10 01:37 . 2008-02-29 07:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-10 01:37 . 2008-02-29 07:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-10 01:37 . 2008-02-29 07:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-10 01:36 . 2008-02-29 07:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-10 01:34 . 2008-02-21 01:53 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-04-10 01:34 . 2008-02-21 05:43 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-04-10 01:34 . 2008-02-21 05:43 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-03-27 01:43 . 2008-03-27 01:43 54,156 --ah----- C:\Windows\QTFont.qfn
2008-03-27 01:43 . 2008-03-27 01:43 1,409 --a------ C:\Windows\QTFont.for
2008-03-27 01:41 . 2008-03-27 01:41 <DIR> d-------- C:\Users\Robyn\AppData\Roaming\Apple Computer
2008-03-27 01:39 . 2008-03-27 01:39 <DIR> d-------- C:\Program Files\iPod
2008-03-27 01:38 . 2008-03-27 01:39 <DIR> d-------- C:\Program Files\iTunes
2008-03-27 01:36 . 2008-03-27 01:38 <DIR> d-------- C:\ProgramData\Apple Computer
2008-03-27 01:36 . 2008-03-27 01:37 <DIR> d-------- C:\Program Files\QuickTime
2008-03-22 15:44 . 2008-03-22 15:44 376 --a------ C:\Windows\ODBC.INI
2008-03-22 15:43 . 2003-06-18 18:31 17,920 --a------ C:\Windows\System32\mdimon.dll
2008-03-22 15:39 . 2008-03-22 15:39 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-03-22 15:38 . 2008-03-22 15:38 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-03-22 15:37 . 2008-03-22 15:37 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-22 15:35 . 2008-03-22 15:39 <DIR> d-------- C:\Windows\SHELLNEW
2008-03-22 15:35 . 2008-03-22 15:35 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-22 15:13 . 2008-03-22 15:13 <DIR> d-------- C:\Users\Robyn\AppData\Roaming\Comodo
2008-03-22 15:13 . 2008-03-22 15:22 <DIR> d-------- C:\ProgramData\comodo
2008-03-22 15:13 . 2008-03-22 15:13 <DIR> d-------- C:\Program Files\COMODO
2008-03-22 15:13 . 2008-03-22 15:13 139,008 --a------ C:\Windows\System32\guard32.dll
2008-03-22 15:13 . 2008-04-11 03:44 83,960 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-03-22 15:13 . 2008-03-22 15:13 25,080 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-03-17 22:50 . 2008-03-17 22:50 <DIR> d-------- C:\ProgramData\Messenger Plus!
2008-03-17 22:48 . 2008-03-17 22:49 <DIR> d-------- C:\Program Files\Messenger Plus! Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 21:09 --------- d-----w C:\Program Files\Google
2008-04-10 12:43 --------- d-----w C:\Program Files\Windows Mail
2008-03-23 20:47 --------- d-----w C:\Program Files\Java
2008-03-22 14:47 --------- d-----w C:\Program Files\Yahoo!
2008-03-13 22:33 --------- d-----w C:\ProgramData\avg7
2008-03-13 10:39 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-17 23:52 --------- d-----w C:\Users\Robyn\AppData\Roaming\AVG7
2008-02-16 11:23 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-16 11:23 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-16 11:23 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-16 11:23 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-16 11:23 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-16 11:23 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-16 11:23 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-15 21:41 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 21:30 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 21:30 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 21:30 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-15 21:30 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 21:30 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 21:29 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 21:29 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 21:28 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 21:28 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 21:28 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-15 21:28 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 21:28 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-12-27 00:09 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 13:11 4489216 C:\Windows\RtHDVCpl.exe]
"UpdateP2GShortCut"="C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2007-07-26 22:07 202024]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-25 10:56 579072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 18:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 18:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 18:07 133656]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-03-22 15:13 1503488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-19 21:16 219136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-19 21:16 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\Windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-05-21 08:37 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E3C82F83-F304-40CC-83EB-525ACC2701DF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{EDB6940E-253C-437C-86F3-36FCAB90DD7F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7974AEC9-6C41-40F0-838B-575169301735}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{19DAAA2F-E1FA-40C0-BFB4-69CB3719A3E0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A39F4D9D-6E95-4E9C-B7B2-1898B38E3FFB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-04-11 03:44]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-03-22 15:13]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 11:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-07-27 17:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 23:24:35
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\guard32.dll

PROCESS: C:\Windows\system32\lsass.exe
-> C:\Windows\system32\guard32.dll
.
Completion time: 2008-04-15 23:26:14
ComboFix-quarantined-files.txt 2008-04-15 22:26:00

Pre-Run: 58,254,688,256 bytes free
Post-Run: 58,227,929,088 bytes free
.
2008-04-15 18:33:23 --- E O F ---



***************HIJACKTHIS***********
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:45, on 15/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Robyn\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.thetechguys.com/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UpdateP2GShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe "C:\Program Files\CyberLink\Power2Go" update "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://webgames.d.tmsrv.com/c=48537adc3d54...gamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

--
End of file - 5612 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:37 PM

Posted 28 April 2008 - 06:13 PM

Hello TheHelp. :thumbsup: to BleepingComputer.com

Hello fellow trainee!

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :blink:
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
See you soon,
Billy3

Edited by Billy O'Neal, 28 April 2008 - 06:13 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 TheHelp

TheHelp
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 29 April 2008 - 03:48 AM

Hi Billy,

Thank you for taking the time to look at these log reports. I have since returned the laptop to my friend who is currently doing her exams so i would assume she is using it daily for he work would that cause any problems becuase you said not to change anything on it until you have given your advice. I will get the laptop back from her when you say so. I doubt however that she would have installed any aditional softwares since as i had told her not to. Thanks again for your help and your time Billy much appreciated :thumbsup: .

Thanks,




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users