Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Magecart Attacks Grow Rampant in September

Featured Deal: Get 92% off The Complete Cisco Network Certification Training Bundle

i did the combo fix

Started by Sram427 , Aug 30 2009 11:53 AM

This topic is locked

1 reply to this topic

#1 Sram427

Members
1 posts
OFFLINE

Local time:11:17 PM

Posted 30 August 2009 - 11:53 AM

ComboFix 09-08-29.01 - Administrator 08/30/2009 11:41.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.133 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\combo-fix.exe
AV: avast! antivirus 4.8.1351 [VPS 090829-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-13 21:37 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 20:10 . 2009-08-05 20:10 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 20:01 . 2009-08-03 20:01 -------- d-----w- c:\program files\Common Files\Logitech
2009-08-03 20:01 . 2009-08-03 20:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 15:51 . 2009-05-25 14:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-08-30 15:47 . 2009-05-26 18:30 -------- d-----w- c:\program files\PeerGuardian2
2009-08-30 15:36 . 2009-05-25 14:03 -------- d-----w- c:\program files\uTorrent
2009-08-29 23:59 . 2009-04-02 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-17 16:10 . 2008-10-04 15:24 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-10-04 15:24 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-10-04 15:24 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-10-04 15:24 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-10-04 15:24 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-10-04 15:24 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-10-04 15:24 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-10-04 15:24 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-10-04 15:24 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 20:12 . 2004-05-11 10:32 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2008-10-28 17:17 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 19:36 . 2007-05-30 02:33 76424 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-29 19:28 . 2007-06-08 17:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-07-29 19:26 . 2009-07-29 18:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2009-07-29 19:11 . 2009-07-29 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-29 18:38 . 2009-07-29 18:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\OfficeUpdate12
2009-07-25 09:23 . 2009-01-06 17:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 22:34 . 2009-07-22 22:34 80384 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{CC4C261A-B915-4F23-BD23-7E1AE5713B4E}\Icon6FDEE4821.exe
2009-07-20 16:29 . 2009-07-29 18:38 264704 ------w- c:\documents and settings\Administrator\Application Data\OfficeUpdate12\oudetect.dll
2009-07-20 16:29 . 2009-07-20 16:29 524288 ----a-w- c:\windows\opuc.dll
2009-07-18 10:22 . 2009-07-15 01:16 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-07-18 10:22 . 2009-07-15 01:16 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-07-17 19:01 . 2008-10-28 17:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 03:13 . 2009-07-15 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-07-16 03:03 . 2009-07-16 03:03 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-15 01:16 . 2009-07-15 01:13 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-07-15 01:15 . 2009-07-15 01:15 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-07-15 01:15 . 2009-07-15 01:13 -------- d-----w- c:\program files\Logitech
2009-07-15 01:15 . 2004-05-11 12:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 01:15 . 2004-05-11 12:26 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-15 01:13 . 2009-07-15 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-07-13 14:08 . 2008-10-28 17:19 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-06-23 15:33 915456 ------w- c:\windows\system32\wininet.dll
2009-06-21 23:06 . 2009-06-21 23:06 390664 ----a-w- c:\documents and settings\Administrator\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-16 14:36 . 2008-10-28 17:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-10-28 17:17 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2008-10-28 17:18 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2008-10-28 17:17 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-11 20:48 . 2009-06-11 20:48 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 14:13 . 2008-10-28 17:18 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2008-10-28 17:19 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2008-10-28 17:17 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2008-10-28 17:17 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 15:50 . 2009-07-13 22:30 77312 ----a-w- c:\windows\DEVCON.EXE
.

((((((((((((((((((((((((((((( SnapShot@2009-08-29_23.25.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-30 15:53 . 2009-08-30 15:53 16384 c:\windows\Temp\Perflib_Perfdata_7fc.dat
+ 2009-08-30 15:52 . 2009-08-30 15:52 16384 c:\windows\Temp\Perflib_Perfdata_4b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-03 68856]
"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 335872]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-03 198160]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-7-14 66864]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10/4/2008 11:24 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/4/2008 11:24 AM 20560]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder

2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-08-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-27 17:38]

2009-08-30 c:\windows\Tasks\User_Feed_Synchronization-{6FFF2421-1FFD-43F9-9567-D8FBC5312E1C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 11:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1535055319-1614008057-1882566775-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,14,ef,c4,ab,1f,04,45,ac,51,7b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,14,ef,c4,ab,1f,04,45,ac,51,7b,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,05,14,ef,c4,ab,1f,04,45,ac,51,7b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1328)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehsched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\eHome\ehrec.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-30 12:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-30 16:01
ComboFix2.txt 2009-08-29 23:29

Pre-Run: 68,379,840,512 bytes free
Post-Run: 68,328,595,456 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=,1,2,3,4,5
206 --- E O F --- 2009-08-26 03:01

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Guest_The weatherman_*

Guests
OFFLINE

Posted 30 August 2009 - 12:13 PM

Hello Sram427,

Welcome to Bleeping Computer.

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff