Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am i still infected - my gut says yes


  • This topic is locked This topic is locked
1 reply to this topic

#1 delacroix

delacroix

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 25 January 2009 - 04:50 AM

basically, i've gone through lots of reading, scanning and downloading trying to fix little things... avira keeps recognizing odd files that look related to antivirus 2008 when i research them...

would it be too assuming to just post a combofix log and hijackthis log here and get feedback? what other info should i give if this isnt enough ?

here are the logs...


ComboFix 09-01-21.04 - Jared Smith 2009-01-25 1:14:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1519 [GMT -8:00]
Running from: c:\documents and settings\Jared Smith\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated)
FW: Sygate Personal Firewall Pro *disabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))))
.

2009-01-25 00:04 . 2009-01-25 00:04 144,896 --a------ c:\windows\sch32.exe
2009-01-24 23:45 . 2009-01-25 00:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-01-24 23:32 . 2009-01-24 23:32 6,598 --ah----- C:\winhost_v354.exe
2009-01-24 23:28 . 2009-01-20 18:22 237,568 --a------ c:\windows\callsysnt.exe
2009-01-24 23:28 . 2009-01-24 23:30 6,598 --ah----- C:\windll_v354.exe
2009-01-24 14:37 . 2009-01-24 14:37 <DIR> d-------- c:\program files\NCH Software
2009-01-24 14:18 . 2009-01-24 14:18 <DIR> d-------- c:\program files\NCH Swift Sound
2009-01-24 14:18 . 2009-01-24 14:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-01-24 11:42 . 2009-01-24 11:42 <DIR> d-------- c:\program files\CCleaner
2009-01-24 11:38 . 2009-01-24 11:38 <DIR> d-------- c:\windows\LastGood
2009-01-24 00:51 . 2009-01-24 00:38 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-24 00:38 . 2009-01-24 00:38 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-24 00:35 . 2009-01-24 00:35 <DIR> d-------- c:\program files\Lavasoft
2009-01-24 00:35 . 2009-01-24 00:35 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-23 17:03 . 2009-01-23 17:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-22 20:09 . 2009-01-22 20:09 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-22 19:57 . 2008-06-24 13:45 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll
2009-01-22 19:57 . 2008-06-23 17:36 773,120 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2009-01-21 20:34 . 2009-01-21 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2009-01-21 20:27 . 2009-01-24 01:59 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-20 22:58 . 2009-01-22 20:09 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-20 22:30 . 2009-01-20 22:30 <DIR> d-------- c:\program files\WinAVI Video Converter
2009-01-20 22:07 . 2009-01-20 22:07 <DIR> d-------- c:\documents and settings\Jared Smith\Application Data\NeroDigital™
2009-01-20 21:37 . 2009-01-20 21:37 <DIR> d-------- c:\documents and settings\Jared Smith\Application Data\Nero
2009-01-20 21:33 . 2009-01-22 19:58 <DIR> d-------- c:\program files\Common Files\Nero
2009-01-20 21:33 . 2009-01-22 19:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-01-20 21:30 . 2009-01-20 21:30 <DIR> d-------- c:\program files\AskTBar
2009-01-20 19:57 . 2002-12-10 02:20 102,439 --a------ c:\windows\system32\sipr3260.dll
2009-01-20 16:57 . 2009-01-20 16:57 <DIR> d-------- c:\program files\Easy Video Joiner
2009-01-18 03:31 . 2009-01-22 23:54 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-18 03:31 . 2009-01-22 23:54 <DIR> d-------- c:\documents and settings\Jared Smith\Application Data\SUPERAntiSpyware.com
2009-01-18 03:31 . 2009-01-18 03:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-15 22:43 . 2009-01-15 22:43 <DIR> d-------- c:\windows\system32\URTTemp
2009-01-15 22:43 . 2009-01-15 22:44 <DIR> d-------- c:\program files\SuperAdBlocker.com
2009-01-15 22:43 . 2009-01-15 22:43 <DIR> d-------- c:\documents and settings\Jared Smith\Application Data\SuperAdBlocker.com
2009-01-15 22:10 . 2009-01-15 22:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 22:10 . 2009-01-15 22:10 <DIR> d-------- c:\documents and settings\Jared Smith\Application Data\Malwarebytes
2009-01-15 22:10 . 2009-01-15 22:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-15 22:10 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 22:10 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-14 23:16 . 2009-01-14 23:16 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-01-14 18:35 . 2009-01-14 18:35 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-14 18:35 . 2009-01-14 18:35 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-14 18:35 . 2009-01-14 18:35 <DIR> d-------- c:\program files\MSBuild
2009-01-14 18:34 . 2009-01-14 18:35 <DIR> d-------- C:\1eea18c5e51001fd8c694dba4211a1
2009-01-14 18:34 . 2008-07-06 04:06 1,676,288 --a------ c:\windows\system32\xpssvcs.dll
2009-01-14 18:34 . 2008-07-06 04:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-14 18:34 . 2008-07-06 02:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-14 18:34 . 2008-07-06 04:06 575,488 --a------ c:\windows\system32\xpsshhdr.dll
2009-01-14 18:34 . 2008-07-06 04:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-14 18:34 . 2008-07-06 04:06 117,760 --a------ c:\windows\system32\prntvpt.dll
2009-01-14 18:34 . 2008-07-06 04:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-14 18:29 . 2009-01-14 18:29 <DIR> d-------- c:\program files\MSXML 6.0
2009-01-14 18:23 . 2009-01-14 18:23 <DIR> dr-h----- C:\AHCache
2009-01-14 17:33 . 2009-01-15 22:32 <DIR> d-------- c:\program files\Uniblue
2009-01-14 17:22 . 2009-01-14 17:22 <DIR> d-------- c:\documents and settings\Jared Smith\Application Data\Uniblue
2009-01-06 00:41 . 2009-01-06 07:28 <DIR> d-------- c:\documents and settings\Jared Smith\.housecall6.6
2008-12-28 17:33 . 2008-12-28 17:33 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-28 17:33 . 2008-12-28 17:33 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-25 07:21 --------- d-----w c:\documents and settings\Jared Smith\Application Data\Xilisoft Corporation
2009-01-25 07:20 --------- d-----w c:\program files\Xilisoft
2009-01-25 03:36 --------- d-----w c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2009-01-24 23:22 47,360 ----a-w c:\documents and settings\Jared Smith\Application Data\pcouffin.sys
2009-01-24 23:22 --------- d-----w c:\program files\VSO
2009-01-24 23:22 --------- d-----w c:\documents and settings\Jared Smith\Application Data\Vso
2009-01-24 19:38 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-24 09:08 --------- d-----w c:\program files\Any Video Converter Professional
2009-01-24 08:33 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-24 00:54 --------- d-----w c:\documents and settings\Jared Smith\Application Data\Lavasoft
2009-01-23 09:12 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-01-23 04:08 --------- d-----w c:\program files\Java
2009-01-16 05:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-15 00:57 --------- d-----w c:\program files\PartyGaming
2009-01-06 08:43 --------- d-----w c:\program files\Maxthon
2008-12-29 02:30 --------- d-----w c:\program files\Sim City 4
2008-12-14 16:58 --------- d-----w c:\program files\TheWeatherNetwork
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-02-27 04:58 20,048 ----a-w c:\documents and settings\Jared Smith\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-01-20 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2009-01-16 4519832]
"settings"="c:\windows\callsysnt.exe" [2009-01-20 237568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-01 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 794713]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-09-27 2635472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-22 136600]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-24 507224]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"settings"="c:\windows\callsysnt.exe" [2009-01-20 237568]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-08-16 577597]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lyqdxa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9150:TCP"= 9150:TCP:BitComet 9150 TCP
"9150:UDP"= 9150:UDP:BitComet 9150 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-24 64160]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-08-22 231424]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S3 Radialpoint Security Services;TELUS eProtect;c:\windows\system32\dllhost.exe [2004-08-10 5120]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CSISCANNER
*Deregistered* - CSIScanner
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0355IH63-F7N5-8B0Y-75Y4-160E764T6PB4}]
"c:\docume~1\JAREDS~1\LOCALS~1\Temp\wowexec.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5468461G-KC11-0H37-3770-766E451UICQ4}]
"c:\windows\callsysnt.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-25 c:\windows\Tasks\Ad-Aware Update (Daily).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-24 00:38]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.ebuddy.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Jared Smith\Application Data\Mozilla\Firefox\Profiles\lu0rus0p.default\
FF - prefs.js: browser.startup.homepage - www.hotmail.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1568703&SearchSource=2&q=
FF - component: c:\documents and settings\Jared Smith\Application Data\Mozilla\Firefox\Profiles\lu0rus0p.default\extensions\{4234389d-42b7-4cf7-b83b-3d337452886a}\components\FFAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 01:15:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-25 1:17:23
ComboFix-quarantined-files.txt 2009-01-25 09:17:02
ComboFix2.txt 2009-01-25 08:07:31

Pre-Run: 47,895,265,280 bytes free
Post-Run: 49,350,881,280 bytes free

194 --- E O F --- 2009-01-16 10:17:53






----------------------------------------------------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 1:45:59 AM, on 1/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TELUS\TELUS eProtect\Fws.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jared Smith\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ebuddy.com/
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [settings] C:\WINDOWS\callsysnt.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://sts.unbc.ca/msrdp.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O20 - AppInit_DLLs: lyqdxa.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TELUS eProtect Update Service (RPSUpdaterR) - TELUS - C:\Program Files\TELUS\TELUS eProtect\rpsupdaterR.exe
O23 - Service: TELUS eProtect Firewall (RP_FWS) - TELUS - C:\Program Files\TELUS\TELUS eProtect\Fws.exe




thank you for any suggestions / feedback...

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:21 PM

Posted 25 January 2009 - 05:17 AM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

I will have a moderator close this topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users