Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i got infected with something and i don't know what it is


  • Please log in to reply
1 reply to this topic

#1 crappy22

crappy22

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 15 December 2009 - 02:57 AM

So usually when i get viruses i run mbam anti malware, but when i got hit with this virus i ran anti malwarebytes and it said that the database was old. So i re-installed it and now it installs without mbam.exe to run the program. I tried getting another mbam.exe renamed it all that good stuff. then when i tried to run it it said database was old again. I ran norman malware cleaner and it deleted something and now the virus is even worse! i'm being bombared by popups and my background was changed to the ones that say you have a virus in big text.
i'll post my normal malware cleaner file then my hijackthislog file.

Normal malware cleaner log
Norman Malware Cleaner
Version 1.5.0.5
Copyright 1990 - 2009, Norman ASA. Built 2009/12/13 22:42:05

Norman Scanner Engine Version: 6.04.03
Nvcbin.def Version: 6.04.00, Date: 2009/12/13 22:42:05, Variants: 4554817

Scan started: 14/12/2009 20:39:59

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: CAMERON-835DFDE\Crappy22

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\WINDOWS\system32\winlogon86.exe" -> "C:\WINDOWS\System32\userinit.exe,"
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "c:\windows\system32\bovejuto.dll,posidiha.dll" -> ""
Removed registry value: HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000001
Removed registry value: HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoActiveDesktopChanges = 0x00000001
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoActiveDesktopChanges = 0x00000001
Removed registry value: HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop -> NoChangingWallPaper = 0x00000001
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop -> NoChangingWallPaper = 0x00000001
Changed service configuration for "wuauserv" from 0x00000004 and 0x00000001 to 0x00000002 and 0xFFFFFFFF
Started service "wuauserv"


Scanning running processes and process memory...

C:\WINDOWS\system32\Ati2evxx.exe(1108) (C:\WINDOWS\system32\msilojzb.dll!0x00BB0000) (Infected with W32/OnLineGames.LFZO)
Removed registry value: HKLM\Software\Microsoft\Windows\CurrentVersion\Run -> iinjug = "RUNDLL32.EXE C:\WINDOWS\system32\msilojzb.dll,w"
File marked for defered cleaning (reboot required)

C:\WINDOWS\system32\Ati2evxx.exe(1516) (C:\WINDOWS\system32\msilojzb.dll!0x01A90000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\WINDOWS\Explorer.EXE(1608) (C:\WINDOWS\system32\msilojzb.dll!0x02D00000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe(1700) (C:\WINDOWS\system32\msilojzb.dll!0x00EC0000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\Viewpoint\Common\ViewpointService.exe(2364) (C:\WINDOWS\system32\msilojzb.dll!0x10000000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\WINDOWS\ehome\ehtray.exe(3336) (C:\WINDOWS\system32\msilojzb.dll!0x01B20000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe(3600) (C:\WINDOWS\system32\msilojzb.dll!0x04090000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\WINDOWS\sm56hlpr.exe(3640) (C:\WINDOWS\system32\msilojzb.dll!0x01480000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(3672) (C:\WINDOWS\system32\msilojzb.dll!0x01610000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe(3724) (C:\WINDOWS\system32\msilojzb.dll!0x07520000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe(3756) (C:\WINDOWS\system32\msilojzb.dll!0x082B0000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE(3764) (C:\WINDOWS\system32\msilojzb.dll!0x01B50000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\McAfee\Common Framework\UdaterUI.exe(3784) (C:\WINDOWS\system32\msilojzb.dll!0x01B90000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\Notebook Hardware Control\nhc.exe(3948) (C:\WINDOWS\system32\msilojzb.dll!0x05740000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\WINDOWS\RTHDCPL.EXE(1092) (C:\WINDOWS\system32\msilojzb.dll!0x04CE0000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\McAfee\Common Framework\McTray.exe(1188) (C:\WINDOWS\system32\msilojzb.dll!0x01270000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\iTunes\iTunesHelper.exe(1560) (C:\WINDOWS\system32\msilojzb.dll!0x035B0000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\WINDOWS\system32\ctfmon.exe(1928) (C:\WINDOWS\system32\msilojzb.dll!0x00D70000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\Messenger\msmsgs.exe(2104) (C:\WINDOWS\system32\msilojzb.dll!0x01680000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\RocketDock\RocketDock.exe(2144) (C:\WINDOWS\system32\msilojzb.dll!0x00BC0000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\Windows Media Player\WMPNSCFG.exe(272) (C:\WINDOWS\system32\msilojzb.dll!0x01390000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe(2164) (C:\WINDOWS\system32\msilojzb.dll!0x07C30000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe(4756) (C:\WINDOWS\system32\msilojzb.dll!0x046F0000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\WINDOWS\system32\rundll32.exe(4592) (C:\WINDOWS\system32\msilojzb.dll!0x00F00000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\WINDOWS\system32\winupdate86.exe(4600) (C:\WINDOWS\system32\msilojzb.dll!0x016D0000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

C:\WINDOWS\system32\Rundll32.exe(4768) (C:\WINDOWS\system32\msilojzb.dll!0x00AD0000) (Infected with W32/OnLineGames.LFZO)
File marked for defered cleaning (reboot required)

Number of processes/threads found: 8175
Number of processes/threads scanned: 8174
Number of processes/threads not scanned: 1
Number of infected processes/threads terminated: 0
Total scanning time: 3m 54s


Scanning file system...

Scanning: C:\*.*

C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_CAMERON-835DFDE.log (Error opening file: Access denied)

C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\PrdMgr_CAMERON-835DFDE.log (Error opening file: Access denied)

C:\Documents and Settings\Crappy22\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\BACKUP4.72190 (Infected with LNK/FakeAV.N)
Deleted file


Running post-scan cleanup routine:
Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "posidiha.dll c:\windows\system32\bovejuto.dll" -> ""
Changed service configuration for "wuauserv" from 0x00000004 and 0x00000001 to 0x00000002 and 0xFFFFFFFF
Started service "wuauserv"

Number of files found: 51473
Number of archives unpacked: 357
Number of files scanned: 51456
Number of files not scanned: 17
Number of files skipped due to exclude list: 0
Number of infected files found: 1
Number of infected files repaired/deleted: 1
Number of infections removed: 1
Total scanning time: 17m 5s

Hijackthislog
-----------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:57:17 PM, on 12/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\winupdate86.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Documents and Settings\Crappy22\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Crappy22\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Crappy22\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Crappy22\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 antivirplatinum.microsoft.com
O1 - Hosts: 91.212.127.226 antivirplatinum.com
O1 - Hosts: 91.212.127.226 www.antivirplatinum.com
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {9B075F96-1B33-4EB6-9148-A0B6BBFC86D9} - C:\WINDOWS\system32\opnnnlJy.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ClockGen] C:\Documents and Settings\Crappy22\Desktop\ClockGen_1.0.5.3\ClockGen.exe -i p=0
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe
O4 - HKLM\..\Run: [notepad] rundll32.exe C:\WINDOWS\system32\notepad.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [tewipokah] Rundll32.exe "c:\windows\system32\bovejuto.dll",a
O4 - HKLM\..\Run: [iinjug] RUNDLL32.EXE C:\WINDOWS\system32\msilojzb.dll,w
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Crappy22\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [notepad] rundll32.exe C:\DOCUME~1\Crappy22\ntload.dll,_IWMPEvents@0
O4 - HKUS\S-1-5-19\..\Run: [takadoliba] Rundll32.exe "C:\WINDOWS\system32\mahogiwe.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [takadoliba] Rundll32.exe "C:\WINDOWS\system32\mahogiwe.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [notepad] rundll32.exe C:\DOCUME~1\NETWOR~1\ntload.dll,_IWMPEvents@0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [notepad] rundll32.exe C:\DOCUME~1\NETWOR~1\ntload.dll,_IWMPEvents@0 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: posidiha.dll c:\windows\system32\bovejuto.dll
O21 - SSODL: kuzutesek - {77ebff9c-dd98-4022-85fe-798364b273fe} - c:\windows\system32\bovejuto.dll
O22 - SharedTaskScheduler: kupuhivus - {77ebff9c-dd98-4022-85fe-798364b273fe} - c:\windows\system32\bovejuto.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10658 bytes

thanks in advance any help is greatly appreciated.

BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:57 AM

Posted 26 December 2009 - 03:21 PM

hi,

Your log is a few days old. If you still need help simply reply to my post.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users