Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ive Had And Attempted To Remove Loads Of Bugs(list Included In Report Cos They Wont All Fit In This Title)


  • Please log in to reply
35 replies to this topic

#1 hairyandy

hairyandy

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:wirral. uk
  • Local time:06:50 AM

Posted 30 September 2008 - 12:54 PM

Hi could you please help me with the hijackthis report and what to check fix please !!

i have had and tryed to remove these bugs

mytob.ao@mm with bingoo.exe\ mytob.i\ mytob.au\ mytob.k\ mytob.aq\ mytob.ch\ mytob.bu\ mytob.ar\ mytob.ak\ mytob.ef\ mytob.dh\mytob.hm\mytob.d\ hellbot\ hellmsn\backdoor.sdbot\ ctfmon infected with raidys trojan or spyhoaxer a or something\ kelvir\ cnyhkey exe keylogger\virtumonde sci\ mal heuri

to get this far i had to uninstall all microsoft updates(because hosts were redirected from microsoft), switch off restore on all drives, download free virus remover tools from sophos and symantec. then do a factory reset only to find the infections were still in my regestry,which i removed by hand used some virus removal tools,did another factory reset.

At first, each time i installed a program to remove virus's etc it worked untill i rebooted then appears to be switched off from the inside.they still do scans,but found nothing but the pc was acting wierd.(this was happening before i found any bugs)

i uninstalled and deleted spybot search and destroy when i reinstalled a fresh copy it found virtumonde sci and my host files had been redirected.

i found that norton internet security has been infected same day i joined bleepingcomputer.com 21 sep 08(this was a new installation) eg. c\windows\downloaded program files\symantec script runner class ~ right click properties\ dependency tab\ * damaged and * damaged (this is an active x control)

i have run atf cleaner (emptys all windows temp,current user temp,all user temp, cookies, tempory internet files, history, prefetch, java cache, recycle bin ),

all boxs ticked first time it didnt remove all the files did it again it removed the rest.
i recomend you put atf on your site!!! ( alot of probems seemed to sorted themselves out after cleaning with atf cleaner ) even though i had used disc cleaner and it had cleaned all files. atf cleaner still removed 120000kb (maybe a bug or 2 removed included)

i uninstalled all security except norton

i followed instructions on site for cleaning pc

after installing ad aware doing scan and installing spybot as advised on your site i got a conflict warning ( ad aware and spybot)........ so i uninstalled ad aware

after a scan with panda on line scanner it said it detected norton was disabled(i hadnt disabled it. Norton said it said it was switched on!!)this seems to be in

keeping with the disabling scanners/security after reboot as i have previously stated about the sympoms with security

****************************************************************************************************
I have had mal heuri d and virtumonde sci (think there the same bugs just different scanners/removers used) i have read online (phone internet)spybot doesnt fully remove virtumonde sci.

i have since tryed to run panda online scanner which wont run because files are damaged
so i ran bit defender online scanner and kaspersky free on line scanner neither found anything

windows update has stopped working even though i know of more updates that need to be installed. in the security log in either spybot or norton( sorry im not shaw which one i'd been up for 2 days trying to sort the pc out and thought i'd made notes) it said
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
i copied this on notepad the entry has since disappeared

another entry in spybot or norton( sorry im not shaw which one i'd been up for 2 days trying to sort the pc out and thought i'd made notes) was
Virtumonde.sci: [SBI $BA5DD7C5] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}
i copied this on notepad this entry has also since disappeared

i have also run a scan with macafee RootkitDetective (included after hijack report) this found ssdt hooks but i dont know whether these are just part of security or a problem. Any idea's?

my plan now is sort it out with hijackthis (getting rid of the bug remnents) and do another factory reset and start again with a clean computer and all of my security,when installed,fully working and no bits of bugs left over to start the bugs off again.

****************************************************************************************************
i have *** x p home with sp3 installed ***messenger is uninstalled***remote assistance is off***(because the infections use messanger and remote assistance)*** third party cookies are blocked***all internet settings are medium high, except restricted on high.
****************************************************************************************************
anyway heres my hijackthis report followed by the macafee RootkitDetective report

thanx.........hairy andy

****************************************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:38, on 30/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec

Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec

Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2919328843-1795645253-2491022578-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2919328843-1795645253-2491022578-1007\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User

'?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) -

https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...c8&GroupNam

e=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 7591 bytes

############################################################################################################################
############################################################################################################################

McAfee® Rootkit Detective 1.1 scan report
On 30-09-2008 at 17:56:07
OS-Version 5.1.2600
Service Pack 3.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwAlertResumeThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwAlertThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwAllocateVirtualMemory
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwConnectPort
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwCreateMutant
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwCreateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwDebugActiveProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwDeleteKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwFreeVirtualMemory
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwImpersonateAnonymousToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwImpersonateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwMapViewOfSection
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenEvent
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenProcessToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenSection
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenThreadToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwResumeThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetContextThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetInformationProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetInformationThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\WINDOWS\system32\drivers\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwSuspendProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSuspendThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwTerminateProcess
Object-Path: C:\WINDOWS\system32\drivers\CO_Mon.sys

Object-Type: SSDT-hook
Object-Name: ZwTerminateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwUnmapViewOfSection
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwWriteVirtualMemory
Object-Path: (NULL)

Object-Type: Process
Object-Name: mdm.exe
Pid: 216
Object-Path: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Status: Visible

Object-Type: Process
Object-Name: PCMService.exe
Pid: 2448
Object-Path: C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 652
Object-Path: C:\WINDOWS\system32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: TeaTimer.exe
Pid: 2636
Object-Path: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1056
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: AluSchedulerSvc
Pid: 1956
Object-Path: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 3072
Object-Path: C:\Documents and Settings\andy\Desktop\macafee rootdetective\Rootkit_Detective.exe
Status: Visible

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 624
Object-Path: C:\WINDOWS\system32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 748
Object-Path: C:\WINDOWS\system32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 996
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: File/Folder
Object-Name: 42E54DD1.TMP
Pid: n/a
Object-Path: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\42E54DD1.TMP
Status: Hidden

Object-Type: Process
Object-Name: X10nets.exe
Pid: 2920
Object-Path: C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Status: Visible

Object-Type: Process
Object-Name: jusched.exe
Pid: 2580
Object-Path: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
Status: Visible

Object-Type: File/Folder
Object-Name: catalog.wci
Pid: n/a
Object-Path: C:\System Volume Information\catalog.wci
Status: Hidden

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1744
Object-Path: C:\WINDOWS\system32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: Dit.exe
Pid: 2240
Object-Path: C:\WINDOWS\Dit.exe
Status: Visible

Object-Type: Process
Object-Name: nvsvc32.exe
Pid: 320
Object-Path: C:\WINDOWS\System32\nvsvc32.exe
Status: Visible

Object-Type: Process
Object-Name: DitExp.exe
Pid: 2552
Object-Path: C:\WINDOWS\DitExp.exe
Status: Visible

Object-Type: Process
Object-Name: mHotkey.exe
Pid: 2460
Object-Path: C:\WINDOWS\mHotkey.exe
Status: Visible

Object-Type: Process
Object-Name: symlcsvc.exe
Pid: 4072
Object-Path: C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Status: Visible

Object-Type: Process
Object-Name: netdde.exe
Pid: 1872
Object-Path: C:\WINDOWS\system32\netdde.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1160
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: notepad.exe
Pid: 948
Object-Path: C:\WINDOWS\system32\NOTEPAD.EXE
Status: Visible

Object-Type: Process
Object-Name: rundll32.exe
Pid: 2344
Object-Path: C:\WINDOWS\system32\RunDll32.exe
Status: Visible

Object-Type: Process
Object-Name: smss.exe
Pid: 548
Object-Path: C:\WINDOWS\System32\smss.exe
Status: Visible

Object-Type: Process
Object-Name: ccSvcHst.exe
Pid: 1292
Object-Path: C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 1448
Object-Path: C:\WINDOWS\Explorer.EXE
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 736
Object-Path: C:\WINDOWS\system32\services.exe
Status: Visible

Object-Type: Process
Object-Name: CNYHKey.exe
Pid: 2472
Object-Path: C:\WINDOWS\CNYHKey.exe
Status: Visible

Object-Type: Process
Object-Name: alg.exe
Pid: 2132
Object-Path: C:\WINDOWS\System32\alg.exe
Status: Visible

Object-Type: Process
Object-Name: ccSvcHst.exe
Pid: 2504
Object-Path: C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 924
Object-Path: C:\WINDOWS\system32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1204
Object-Path: C:\WINDOWS\System32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: ctfmon.exe
Pid: 2600
Object-Path: C:\WINDOWS\system32\ctfmon.exe
Status: Visible

Scan complete. Found hidden Processes and Files: 2 .
Total files scanned: 40414
hairyandy

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:50 AM

Posted 11 October 2008 - 08:56 AM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

#3 hairyandy

hairyandy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:wirral. uk
  • Local time:06:50 AM

Posted 14 October 2008 - 01:48 PM

hi just found your reply. thanx, yes i still need help, do you need a new hijack log? im a bit unformiliar with the messaging and its took me a few hours to find the reply. it doesnt seem user friendly. anyway i only have an hour or so, befor work so could you reply via email and i'll get back to you as soon as possible. email addresss is dottyandy@hotmail.co.uk :thumbsup:
hairyandy

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:50 AM

Posted 14 October 2008 - 01:54 PM

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When following the instructions please install the Windows XP Recovery Console if you are using XP.

After running ComboFix, please post the ComboFix log as well as a brand new HijackThis as a reply to this topic.

#5 hairyandy

hairyandy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:wirral. uk
  • Local time:06:50 AM

Posted 14 October 2008 - 02:39 PM

:thumbsup: this looks like it will need a lot of time as ive only got 30 mins befor work i'll have to get back to you when ive done combofix and the recovery console tommorrow thanx hairyandy
hairyandy

#6 hairyandy

hairyandy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:wirral. uk
  • Local time:06:50 AM

Posted 16 October 2008 - 03:35 AM

hi hairyandy back online sorry i didn't get back to you any earlier work,sleep,naggin wife,reading instructions on microsoft and norton on how to disable security which have no relivence to the product. anyway heres the combofix log and hijack log

ComboFix 08-10-14.03 - andy 2008-10-16 9:05:36.1 - NTFSx86
Running from: C:\Documents and Settings\andy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\andy\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.

2008-10-16 07:49 . 2008-10-16 07:49 <DIR> d-------- C:\Documents and Settings\andy\Application Data\FaxCtr
2008-10-15 19:32 . 2008-10-15 19:32 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-10-15 19:31 . 2005-07-12 10:33 32,768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-10-15 19:31 . 2005-07-12 10:33 20,480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-10-15 19:30 . 2008-10-15 19:31 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-10-15 19:30 . 2008-10-15 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-10-15 19:30 . 2003-03-11 18:26 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-10-15 19:30 . 2003-03-11 18:26 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-10-15 19:30 . 2003-03-11 18:26 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-10-15 19:30 . 2003-03-11 18:26 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-10-15 19:30 . 2003-03-11 18:26 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-10-15 19:30 . 2005-07-12 10:36 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-10-15 19:29 . 2008-10-16 08:35 <DIR> d-------- C:\Program Files\Lx_cats
2008-10-15 19:29 . 2008-10-15 19:33 22,964 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-10-15 19:28 . 2008-04-13 19:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-15 19:28 . 2008-04-13 19:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-15 19:23 . 2008-10-16 07:49 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-10-15 19:23 . 2008-10-16 07:49 <DIR> d-------- C:\Program Files\Lexmark 4300 Series
2008-10-15 17:19 . 2008-08-14 11:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 17:19 . 2008-08-14 11:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 17:19 . 2008-08-14 10:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 17:19 . 2008-08-14 10:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 17:18 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 17:17 . 2008-09-15 13:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 17:11 . 2008-10-15 17:11 116 --a------ C:\Documents and Settings\andy\Application Data\wklnhst.dat
2008-09-28 16:07 . 2008-09-28 16:07 <DIR> d-------- C:\Program Files\Sophos
2008-09-28 16:07 . 2007-08-14 08:12 5,760 --------- C:\WINDOWS\system32\1D0.tmp
2008-09-28 14:16 . 2008-09-28 14:16 <DIR> d-------- C:\WINDOWS\Sun
2008-09-28 14:15 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-28 14:14 . 2008-09-28 14:15 <DIR> d-------- C:\Program Files\Java
2008-09-28 14:09 . 2008-09-28 14:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-27 10:37 . 2008-09-27 11:31 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-09-23 15:17 . 2008-09-23 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-22 02:33 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-22 02:33 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-22 02:33 . 2008-08-26 08:24 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-22 02:33 . 2008-08-26 08:24 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-22 02:33 . 2008-08-26 08:24 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-22 02:33 . 2008-08-26 08:24 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-22 02:33 . 2008-08-26 08:24 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-22 02:33 . 2008-08-25 09:38 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-22 02:32 . 2008-10-03 18:41 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-21 22:24 . 2008-04-29 11:33 16,952 --------- C:\WINDOWS\system32\drivers\RkPavproc1.sys
2008-09-21 22:07 . 2008-09-21 22:07 <DIR> d-------- C:\Program Files\Panda Security
2008-09-21 22:07 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-21 21:11 . 2008-09-21 21:11 <DIR> d-------- C:\SAV32CLI
2008-09-21 15:08 . 2008-09-21 15:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-21 10:57 . 2003-10-08 16:35 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-09-21 10:57 . 2003-10-06 17:57 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-09-21 10:57 . 2003-10-06 16:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-09-21 10:57 . 2003-10-08 16:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-09-21 10:57 . 2008-09-21 10:57 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-20 21:10 . 2008-09-20 21:10 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-20 20:20 . 2008-09-20 20:20 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-20 20:20 . 2008-09-20 20:20 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-20 20:20 . 2008-09-20 20:20 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-20 20:20 . 2008-09-20 20:20 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-20 19:37 . 2008-04-14 01:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-09-20 19:36 . 2008-04-14 01:12 695,808 -----c--- C:\WINDOWS\system32\dllcache\drmv2clt.dll
2008-09-20 19:35 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-09-20 18:45 . 2008-09-20 18:45 <DIR> d--hs---- C:\Documents and Settings\andy\UserData
2008-09-20 14:24 . 2008-09-20 14:24 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-17 21:33 . 2008-09-27 09:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-17 21:26 . 2008-10-03 07:40 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-17 20:45 . 2008-06-13 12:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-17 20:33 . 2008-04-11 20:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-17 20:20 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-17 20:18 . 2008-05-01 15:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-17 17:34 . 2008-09-17 18:50 <DIR> d-------- C:\Program Files\Safer Networking
2008-09-17 00:16 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-09-17 00:16 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-09-16 23:35 . 2008-10-15 17:23 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-09-16 22:35 . 2008-09-16 22:35 <DIR> d-------- C:\Documents and Settings\andy\Application Data\Symantec
2008-09-16 22:32 . 2008-09-16 22:32 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-09-16 22:31 . 2008-09-16 22:34 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-09-16 22:30 . 2008-09-16 23:54 <DIR> d-------- C:\Program Files\Symantec
2008-09-16 22:30 . 2008-10-15 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-16 22:30 . 2008-09-16 23:54 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-16 22:30 . 2008-09-16 23:54 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-16 22:30 . 2008-09-16 23:54 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-16 22:30 . 2008-09-16 23:54 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-16 22:21 . 2008-10-16 09:00 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-09-16 21:33 . 2008-09-16 21:33 <DIR> d-------- C:\WINDOWS\system32\SupportApp
2008-09-16 21:33 . 2008-10-16 08:51 <DIR> d-------- C:\Program Files\ZTE Mobile Connection
2008-09-16 21:33 . 2008-01-17 16:50 100,864 --a------ C:\WINDOWS\system32\drivers\ZTEusbser6k.sys
2008-09-16 21:33 . 2008-01-17 16:50 100,864 --a------ C:\WINDOWS\system32\drivers\ZTEusbnmea.sys
2008-09-16 21:33 . 2008-01-17 16:50 100,864 --a------ C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys
2008-09-16 19:02 . 2008-04-14 01:12 59,392 --------- C:\WINDOWS\system32\logman.exe
2008-09-16 19:02 . 2008-04-14 01:12 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2008-09-16 18:59 . 2008-09-20 20:21 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-16 18:57 . 2008-04-13 18:39 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-09-16 18:56 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-16 18:56 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002313_.tmp
2008-09-16 18:54 . 2008-09-20 20:06 <DIR> d-------- C:\WINDOWS\EHome
2008-09-16 18:29 . 2003-10-08 16:35 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-09-16 18:29 . 2003-10-06 17:57 <DIR> d---s---- C:\WINDOWS\system32\config\systemprofile\UserData
2008-09-16 18:29 . 2003-10-08 16:35 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-09-16 18:29 . 2003-10-06 17:57 <DIR> d---s---- C:\Documents and Settings\Default User\UserData
2008-09-16 18:29 . 2003-10-08 16:35 <DIR> d-------- C:\Documents and Settings\andy\WINDOWS
2008-09-16 18:29 . 2003-10-06 16:13 <DIR> d-------- C:\Documents and Settings\andy\Application Data\InterTrust
2008-09-16 18:29 . 2003-10-08 16:23 <DIR> d-------- C:\Documents and Settings\andy\Application Data\CyberLink
2008-09-16 18:29 . 2008-10-13 17:00 <DIR> d-------- C:\Documents and Settings\andy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 20:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2001-09-05 08:14 40,960 -c--a-w C:\WINDOWS\inf\i386\CopyInf.exe
2001-08-22 12:15 245,760 -c--a-w C:\WINDOWS\inf\i386\viceo.dll
2001-08-22 12:13 61,440 -c--a-w C:\WINDOWS\inf\i386\gl.dll
2001-08-22 12:13 32,768 -c--a-w C:\WINDOWS\inf\i386\Pmicro.dll
2001-08-03 17:29 13,824 -c--a-w C:\WINDOWS\inf\i386\Usbscan.sys
2001-07-10 08:59 15,716 -c--a-w C:\WINDOWS\inf\i386\Pmxscan.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-05 4841472]
"PCMService"="C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" [2003-06-24 61440]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-26 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 718704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"Dit"="Dit.exe" [2002-08-28 C:\WINDOWS\Dit.exe]
"Cmaudio"="cmicnfg.cpl" [2003-09-12 C:\WINDOWS\CMICNFG.CPL]
"nwiz"="nwiz.exe" [2003-09-05 C:\WINDOWS\system32\nwiz.exe]
"CHotkey"="mHotkey.exe" [2003-06-27 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-06-27 C:\WINDOWS\CNYHKey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-26 149864]
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-06-30 23200]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 350752]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 24704]
S1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.sys [ ]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\1D0.tmp [2007-08-14 5760]

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-09-29 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - andy.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 15:05]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
O17 -: HKLM\CCS\Interface\{8158B66B-3EA9-4DC7-994B-D195F77E47B4}: NameServer = 4.2.2.3 4.2.2.4

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 09:07:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\1D0.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\HKCYDLL.dll
.
Completion time: 2008-10-16 9:08:26
ComboFix-quarantined-files.txt 2008-10-16 08:08:18

Pre-Run: 69,857,980,416 bytes free
Post-Run: 69,851,394,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

225 --- E O F --- 2008-10-15 16:23:10

the hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:11:48, on 16/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\ZTE Mobile Connection\datacard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8158B66B-3EA9-4DC7-994B-D195F77E47B4}: NameServer = 4.2.2.3 4.2.2.4
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 7297 bytes
hairyandy

#7 hairyandy

hairyandy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:wirral. uk
  • Local time:06:50 AM

Posted 16 October 2008 - 04:35 AM

going to bed another shift tonight log on again aprox 8 hours :thumbsup:
hairyandy

#8 hairyandy

hairyandy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:wirral. uk
  • Local time:06:50 AM

Posted 16 October 2008 - 01:27 PM

im online any ideas about the logs i put in :thumbsup:

#9 hairyandy

hairyandy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:wirral. uk
  • Local time:06:50 AM

Posted 16 October 2008 - 02:37 PM

:thumbsup: pc started crashing and freezing since i used combofix. :) got to get ready for work, online as soon as i can thanx
hairyandy

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:50 AM

Posted 17 October 2008 - 10:38 AM

When you say crashing what has happened? Combofix did not make any changes that would cause your computer to crash.

#11 hairyandy

hairyandy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:wirral. uk
  • Local time:06:50 AM

Posted 17 October 2008 - 10:50 AM

screen froze when i was on internet(bleeping computer)the pionter wouldnt move the keyboard would not respond had to switch it off/on for it too restart
hairyandy

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:50 AM

Posted 17 October 2008 - 11:06 AM

This happens a lot now, or just that once?

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Collect::[3]
C:\WINDOWS\HKCYDLL.dll


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#13 hairyandy

hairyandy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:wirral. uk
  • Local time:06:50 AM

Posted 17 October 2008 - 11:14 AM

im off to work again send me an email if the anything is on the logs that needs tick/fixing or you have any ideas about the crashing/freezing

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:50 AM

Posted 17 October 2008 - 05:22 PM

Read up. You may have missed a post.

#15 hairyandy

hairyandy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:wirral. uk
  • Local time:06:50 AM

Posted 18 October 2008 - 02:55 AM

just got in from work. The answer to post 12~ screen freeze/crash. This happens a lot now, or just that once? this only happened after i used combofix and WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe. after i went online post 7. it crashed/screenfroze once. seems to be alright since, but ive only used pc for bleeping computer and making a hotmail account for the wife who hasnt used it yet nothing else, heres hoping it'll be ok.

:) when i did the new combofix and CFScript i never switched off norton internet security 2008 will this make a difference. sorry i wasn't thinking ive just finished 12 hour night shift in work

#Posts~ didnt receive post12 till 10 mins after i'd sent post13.must be a time lag. or they crossed in the post. Anyway ive got it now thanx :thumbsup:

email me with anything i need to do, im going to bed i'll log on in about 8 hours. and again thanx :)

heres my new combofix log and hijackthis log

ComboFix 08-10-14.03 - andy 2008-10-18 7:50:20.2 - NTFSx86
Running from: C:\Documents and Settings\andy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\andy\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\HKCYDLL.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-18 to 2008-10-18 )))))))))))))))))))))))))))))))
.

2008-10-18 07:49 . 2008-10-18 07:49 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-10-17 16:23 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-10-17 16:23 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-10-17 16:23 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 19:50 . 2008-10-16 19:51 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-10-16 19:50 . 2008-10-16 19:50 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-10-16 19:49 . 2008-10-16 19:49 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-10-16 19:49 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-16 19:47 . 2008-10-16 19:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-16 19:39 . 2008-10-16 19:50 <DIR> d-------- C:\Program Files\Windows Live
2008-10-16 19:39 . 2008-10-16 19:41 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-16 19:39 . 2008-10-16 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-16 07:49 . 2008-10-16 07:49 <DIR> d-------- C:\Documents and Settings\andy\Application Data\FaxCtr
2008-10-15 19:32 . 2008-10-15 19:32 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-10-15 19:31 . 2005-07-12 10:33 32,768 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-10-15 19:31 . 2005-07-12 10:33 20,480 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-10-15 19:30 . 2008-10-15 19:31 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-10-15 19:30 . 2008-10-15 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-10-15 19:30 . 2003-03-11 18:26 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-10-15 19:30 . 2003-03-11 18:26 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-10-15 19:30 . 2003-03-11 18:26 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-10-15 19:30 . 2003-03-11 18:26 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-10-15 19:30 . 2003-03-11 18:26 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-10-15 19:30 . 2005-07-12 10:36 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-10-15 19:29 . 2008-10-16 08:35 <DIR> d-------- C:\Program Files\Lx_cats
2008-10-15 19:29 . 2008-10-15 19:33 22,964 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-10-15 19:28 . 2008-04-13 19:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-15 19:28 . 2008-04-13 19:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-15 19:23 . 2008-10-16 07:49 <DIR> d-------- C:\Temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2008-10-15 19:23 . 2008-10-16 07:49 <DIR> d-------- C:\Program Files\Lexmark 4300 Series
2008-10-15 17:19 . 2008-08-14 11:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 17:19 . 2008-08-14 11:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 17:19 . 2008-08-14 10:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 17:19 . 2008-08-14 10:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 17:18 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 17:17 . 2008-09-15 13:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 17:11 . 2008-10-15 17:11 116 --a------ C:\Documents and Settings\andy\Application Data\wklnhst.dat
2008-09-28 16:07 . 2008-09-28 16:07 <DIR> d-------- C:\Program Files\Sophos
2008-09-28 16:07 . 2007-08-14 08:12 5,760 --------- C:\WINDOWS\system32\1D0.tmp
2008-09-28 14:16 . 2008-09-28 14:16 <DIR> d-------- C:\WINDOWS\Sun
2008-09-28 14:15 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-28 14:14 . 2008-09-28 14:15 <DIR> d-------- C:\Program Files\Java
2008-09-28 14:09 . 2008-09-28 14:09 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-27 10:37 . 2008-09-27 11:31 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-09-23 15:17 . 2008-09-23 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-22 02:33 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-09-22 02:33 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-09-22 02:33 . 2008-08-26 08:24 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-09-22 02:33 . 2008-08-26 08:24 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-09-22 02:33 . 2008-08-26 08:24 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-09-22 02:33 . 2008-08-26 08:24 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-09-22 02:33 . 2008-08-26 08:24 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-09-22 02:33 . 2008-08-25 09:38 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-09-22 02:32 . 2008-10-03 18:41 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-21 22:24 . 2008-04-29 11:33 16,952 --------- C:\WINDOWS\system32\drivers\RkPavproc1.sys
2008-09-21 22:07 . 2008-09-21 22:07 <DIR> d-------- C:\Program Files\Panda Security
2008-09-21 22:07 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-09-21 21:11 . 2008-09-21 21:11 <DIR> d-------- C:\SAV32CLI
2008-09-21 15:08 . 2008-09-21 15:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-21 10:57 . 2003-10-08 16:35 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-09-21 10:57 . 2003-10-06 17:57 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-09-21 10:57 . 2003-10-06 16:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-09-21 10:57 . 2003-10-08 16:23 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-09-21 10:57 . 2008-09-21 10:57 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-20 21:10 . 2008-09-20 21:10 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-20 20:20 . 2008-09-20 20:20 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-20 20:20 . 2008-09-20 20:20 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-20 20:20 . 2008-09-20 20:20 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-20 20:20 . 2008-09-20 20:20 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-20 19:37 . 2008-04-14 01:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-09-20 19:36 . 2008-04-14 01:12 695,808 -----c--- C:\WINDOWS\system32\dllcache\drmv2clt.dll
2008-09-20 19:35 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-09-20 18:45 . 2008-09-20 18:45 <DIR> d--hs---- C:\Documents and Settings\andy\UserData
2008-09-20 14:24 . 2008-09-20 14:24 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 06:48 --------- d-----w C:\Program Files\ZTE Mobile Connection
2008-10-17 15:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-15 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-03 06:40 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-27 08:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-17 17:50 --------- d-----w C:\Program Files\Safer Networking
2008-09-16 22:54 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-16 22:54 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-16 22:54 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-16 22:54 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-16 22:54 --------- d-----w C:\Program Files\Symantec
2008-09-16 21:35 --------- d-----w C:\Documents and Settings\andy\Application Data\Symantec
2008-09-16 21:34 --------- d-----w C:\Program Files\Norton Internet Security
2008-09-16 21:32 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-16 20:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2001-09-05 08:14 40,960 -c--a-w C:\WINDOWS\inf\i386\CopyInf.exe
2001-08-22 12:15 245,760 -c--a-w C:\WINDOWS\inf\i386\viceo.dll
2001-08-22 12:13 61,440 -c--a-w C:\WINDOWS\inf\i386\gl.dll
2001-08-22 12:13 32,768 -c--a-w C:\WINDOWS\inf\i386\Pmicro.dll
2001-08-03 17:29 13,824 -c--a-w C:\WINDOWS\inf\i386\Usbscan.sys
2001-07-10 08:59 15,716 -c--a-w C:\WINDOWS\inf\i386\Pmxscan.sys
.

((((((((((((((((((((((((((((( snapshot@2008-10-16_ 9.08.01.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 18:44:00 86,746 ----a-r C:\WINDOWS\Installer\{184E7118-0295-43C4-B72C-1D54AA75AAF7}\wlmail.exe
+ 2008-10-16 18:49:14 125,472 ----a-r C:\WINDOWS\Installer\{257E440F-781F-459B-9A68-A0872B80C1D6}\WLXPhotoGalleryIcon.exe
+ 2008-10-16 18:47:09 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2007-10-18 10:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2006-06-05 13:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 13:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 13:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2007-10-23 16:06:08 585,728 ----a-w C:\WINDOWS\WLXPGSS.SCR
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-05 4841472]
"PCMService"="C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" [2003-06-24 61440]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-26 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 718704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LXCECATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728]
"lxcemon.exe"="C:\Program Files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512]
"EzPrint"="C:\Program Files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"Dit"="Dit.exe" [2002-08-28 C:\WINDOWS\Dit.exe]
"Cmaudio"="cmicnfg.cpl" [2003-09-12 C:\WINDOWS\CMICNFG.CPL]
"nwiz"="nwiz.exe" [2003-09-05 C:\WINDOWS\system32\nwiz.exe]
"CHotkey"="mHotkey.exe" [2003-06-27 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2003-06-27 C:\WINDOWS\CNYHKey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-26 149864]
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-06-30 23200]
R3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 350752]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 24704]
S1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.sys [ ]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\1D0.tmp [2007-08-14 5760]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-10-17 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-09-29 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - andy.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 15:05]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 07:54:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\1D0.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\lxcecoms.exe
.
**************************************************************************
.
Completion time: 2008-10-18 7:57:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-18 06:57:40
ComboFix2.txt 2008-10-16 08:08:27

Pre-Run: 69,420,122,112 bytes free
Post-Run: 69,505,757,184 bytes free

219 --- E O F --- 2008-10-17 16:27:46


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:59:50, on 18/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 8112 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users