Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Logs HJT


  • This topic is locked This topic is locked
2 replies to this topic

#1 gogogojojojo

gogogojojojo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 18 March 2009 - 08:25 PM

I had 2 virus show up when I ran malwarebytes, it said that it would remove one, and remove the other upon start up, but it just keeps coming back.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Administrator at 21:13:55.31 on Wed 03/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.99 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-8cb0-ab60bb9aae22} - c:\progra~1\vol_to~1\VOL_TO~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Verizon Broadband Toolbar: {4e7bd74f-2b8d-469e-8cb0-ab60bb9aae22} - c:\progra~1\vol_to~1\VOL_TO~1.DLL
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\kwudjn7o.default\

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2008-2-14 87936]
S0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2006-9-24 204800]
S0 megasas;DELL PERC RAID Driver;c:\windows\system32\drivers\megasas.sys [2006-9-24 17664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-2-25 16512]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2008-6-30 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2008-6-30 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2008-6-30 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2008-6-30 59520]
S4 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2006-9-24 218112]
S4 aac;PERC 320/DC SCSI RAID Miniport Driver;c:\windows\system32\drivers\aac.sys [2006-9-24 48140]
S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-9-24 11029]

=============== Created Last 30 ================

2009-03-18 11:18 <DIR> --d----- c:\program files\Trend Micro
2009-03-18 01:47 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-03-18 01:35 <DIR> --d----- c:\program files\ericsde
2009-03-18 00:23 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-18 00:23 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 00:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 00:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-17 01:50 <DIR> --d----- c:\program files\WinPcap
2009-03-17 01:49 <DIR> --dsh--- c:\windows\system32\lowsec
2009-02-27 23:19 <DIR> --d----- c:\windows\pss
2009-02-26 09:48 <DIR> --d----- c:\documents and settings\administrator\.dvdcss
2009-02-26 09:47 <DIR> --d----- c:\program files\FormatFactory
2009-02-25 22:19 45,056 a------- c:\windows\system32\WNASPI32.DLL
2009-02-25 22:19 16,512 a------- c:\windows\system32\drivers\ASPI32.SYS
2009-02-25 22:19 5,600 a------- c:\windows\system\WINASPI.DLL
2009-02-25 22:19 4,672 a------- c:\windows\system\WOWPOST.EXE
2009-02-25 22:19 641,021 a------- c:\windows\unins000.exe
2009-02-25 22:19 200,192 a------- c:\windows\system32\LameACM.acm
2009-02-25 22:19 187,904 a------- c:\windows\system32\Lame.exe
2009-02-25 22:19 166,912 a------- c:\windows\system32\Lame_enc.dll
2009-02-25 22:19 1,680 a------- c:\windows\unins000.dat
2009-02-25 22:19 414 a------- c:\windows\system32\Lame_acm.xml
2009-02-25 21:53 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-02-25 21:52 <DIR> --d----- c:\program files\Roxio
2009-02-25 21:51 256 a------- c:\windows\system32\pool.bin
2009-02-25 21:51 <DIR> --d----- c:\docume~1\admini~1\applic~1\Research In Motion
2009-02-25 21:47 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys
2009-02-25 21:45 <DIR> --d----- c:\program files\common files\Research In Motion
2009-02-25 21:45 <DIR> --d----- c:\program files\Research In Motion
2009-02-25 21:41 <DIR> --dsh--- c:\windows\ftpcache

==================== Find3M ====================

2009-03-17 02:44 195,622 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll
2008-08-15 23:21 6,691,624 a------- c:\program files\eteraser_licensed.exe
2008-08-15 22:11 2,248,545 a------- c:\program files\Argente - Disk Cleaner.exe
2008-08-04 11:27 19,153,264 a------- c:\program files\aaw2008.exe
2008-02-15 16:18 2,400,784 a------- c:\program files\WLinstaller.exe
2008-08-16 13:10 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081620080817\index.dat
2008-05-24 19:11 76,288 -c-shr-- c:\windows\system32\dllcache\jucheck.exe

============= FINISH: 21:15:06.96 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gogogojojojo

gogogojojojo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 20 March 2009 - 12:49 PM

Repaired. You may Close. Fixed by reading other posts and running Combofix in conjunction with Malwarebytes. Thanks!

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:11 AM

Posted 20 March 2009 - 12:52 PM

Thanks for informing us.
Sorry you had to walk alone.
We are extremely busy in the HJT.
Good luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users