Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Services Turning Themselves Off


  • This topic is locked This topic is locked
2 replies to this topic

#1 shotguy

shotguy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:26 PM

Posted 16 June 2010 - 06:49 PM

Hi, a few months back I got infected by the "anti-malware doctor" bit. Using your site I managed to find a way to get rid of it (I think) using the rkill program and Malwarebyte's anti-malware program. Since then the occasional issue would come up where my Windows Audio service would shut itself off from time to time, and for some reason my computer would stop uploading the Windows XP theme. More recently the WebClient and DHCP client have been shutting themselves off, and AntiVir has been popping up with warnings for TR/Trash.Gen without actually deleting them. I just ran ComboFix today (I used the instructions on your website) and noticed more than a couple of files/folders deleted. I really just want my services to stop turning off automatically, and I'm wondering if it's an infection or some weird update that's causing the issue. I hope to hear back from you guys soon. Here's the ComboFix log.

ComboFix 10-06-16.02 - User 06/16/2010 18:25:46.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1637 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\0D7197D05CB1D578CF610E8936A1403C
c:\documents and settings\User\Application Data\0D7197D05CB1D578CF610E8936A1403C\enemies-names.txt
c:\documents and settings\User\Local Settings\Application Data\{90BB3993-ECA3-4C11-8C09-9B62380359FE}
c:\documents and settings\User\Local Settings\Application Data\{90BB3993-ECA3-4C11-8C09-9B62380359FE}\chrome.manifest
c:\documents and settings\User\Local Settings\Application Data\{90BB3993-ECA3-4C11-8C09-9B62380359FE}\chrome\content\_cfg.js
c:\documents and settings\User\Local Settings\Application Data\{90BB3993-ECA3-4C11-8C09-9B62380359FE}\chrome\content\overlay.xul
c:\documents and settings\User\Local Settings\Application Data\{90BB3993-ECA3-4C11-8C09-9B62380359FE}\install.rdf
c:\documents and settings\User\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\User\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\User\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\system\_sv_CMD_
c:\windows\system32\tmp.reg

c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_TCPPID
-------\Service_tcppid


((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))
.

2010-06-16 23:29 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe
2010-06-16 23:29 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-06-11 03:06 . 2010-06-11 03:06 -------- d-----w- c:\documents and settings\User\Application Data\oovooinstaller
2010-05-26 21:49 . 2010-05-26 21:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-05-24 18:18 . 2010-05-24 18:20 227 ----a-w- c:\windows\PowerReg.dat
2010-05-24 18:18 . 1999-05-29 08:08 45568 ----a-w- c:\windows\UniFish3.exe
2010-05-20 01:50 . 2010-05-20 01:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-05-20 00:15 . 2010-05-20 00:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-19 17:28 . 2010-06-01 04:20 0 ----a-w- c:\windows\Ypozoxevoko.bin
2010-05-19 17:28 . 2010-05-30 19:34 120 ----a-w- c:\windows\Ttoyuveka.dat
2010-05-19 17:27 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 17:27 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 05:11 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-19 05:11 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-19 05:11 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-19 05:11 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-19 05:11 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\Changer.sys
2010-05-19 05:10 . 2010-05-19 05:10 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 23:32 . 2010-04-30 00:16 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-06-16 23:32 . 2009-04-07 02:11 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-16 23:32 . 2009-04-07 02:11 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-06-16 21:00 . 2010-04-30 00:18 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-06-15 17:50 . 2009-04-09 01:19 -------- d-----w- c:\program files\Warcraft III
2010-06-11 03:07 . 2009-04-07 02:23 -------- d-----w- c:\program files\ooVoo
2010-06-06 18:59 . 2010-03-21 18:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-23 07:05 . 2010-02-26 22:45 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-23 07:05 . 2010-02-26 22:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-20 00:17 . 2010-05-20 00:17 4 ----a-w- c:\windows\system32\config\systemprofile\Application Data\kqyvwo.dat
2010-05-20 00:16 . 2010-05-20 00:16 8 ----a-w- c:\documents and settings\NetworkService\Application Data\kqyvwo.dat
2010-05-19 23:00 . 2007-07-27 19:10 -------- d-----w- c:\program files\Google
2010-05-19 17:27 . 2010-02-20 04:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-19 15:21 . 2010-05-19 15:21 20 ----a-w- c:\windows\system32\config\systemprofile\Application Data\wpcalv.dat
2010-05-19 05:11 . 2010-05-19 05:11 20 ----a-w- c:\documents and settings\User\Application Data\wpcalv.dat
2010-05-13 18:12 . 2009-10-18 04:12 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-05-07 20:37 . 2010-05-01 19:12 -------- d-----w- c:\program files\Garena
2010-05-05 22:37 . 2010-05-05 22:37 -------- d-----w- c:\program files\Turbine
2010-05-05 21:13 . 2010-05-05 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-05-05 19:18 . 2009-10-26 19:56 -------- d-----w- c:\program files\World of Warcraft
2010-05-05 01:25 . 2010-05-05 01:25 -------- d-----w- c:\program files\Pando Networks
2010-04-30 00:18 . 2010-04-30 00:18 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-30 00:16 . 2010-04-30 00:15 -------- d-----r- c:\program files\Skype
2010-04-30 00:16 . 2010-04-30 00:16 -------- d-----w- c:\program files\Common Files\Skype
2010-04-30 00:15 . 2010-04-30 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-03-23 04:06 . 2010-03-23 04:08 110592 ----a-w- c:\documents and settings\User\Application Data\U3\temp\cleanup.exe
2010-03-23 04:06 . 2010-03-23 04:06 3493888 ---ha-w- c:\documents and settings\User\Application Data\U3\temp\Launchpad Removal.exe
2010-03-21 18:58 . 2010-03-21 18:58 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-21 18:58 . 2010-04-19 19:44 15880 ----a-w- c:\windows\system32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-03-14 81920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-05-05 2938552]
"ooVoo.exe"="c:\program files\oovoo\oovoo.exe" [2010-06-10 18702520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 20480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

c:\documents and settings\User\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2010-5-24 189952]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\User\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 08:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 21:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 17:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-10-17 01:40 1197648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2006-12-12 16:46 19456 ----a-w- c:\windows\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-12-12 16:46 20480 ----a-w- c:\windows\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-08-24 12:51 442455 ----a-w- c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-03-14 20:48 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-12 04:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-31 21:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
caclsmgr REG_SZ c:\windows\system32\cmdtdde.dll
bootices REG_SZ c:\windows\system32\clspnet1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Warcraft III\\War3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
"58741:TCP"= 58741:TCP:Pando Media Booster
"58741:UDP"= 58741:UDP:Pando Media Booster
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/21/2010 1:59 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/21/2010 1:31 PM 108289]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/7/2007 12:12 AM 24652]
S0 jjpct;jjpct;c:\windows\system32\drivers\uyhwb.sys --> c:\windows\system32\drivers\uyhwb.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S0 veedgxn;veedgxn;c:\windows\system32\drivers\jegsee.sys --> c:\windows\system32\drivers\jegsee.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 11:42 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352320]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\adm8511.sys [2/27/2010 1:20 PM 20160]
S3 CEUSBAUD;Lambda MIDI Device;c:\windows\system32\drivers\ceusbaud.sys [11/1/2003 3:19 PM 17920]
S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\dfuusb.sys [11/27/2001 5:46 PM 10880]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 18:59]

2010-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 04:42]

2010-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 04:42]
.
.
------- Supplementary Scan -------
.
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\vh60d0rp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\User\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
HKLM-Run-Unoqonihu - c:\windows\ebonazob.dll
MSConfigStartUp-avast5 - c:\progra~1\ALWILS~1\Avast5\avastUI.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-UpdReg - c:\windows\UpdReg.EXE
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-16 18:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(8120)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-06-16 18:36:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-16 23:35

Pre-Run: 13,279,166,464 bytes free
Post-Run: 14,740,353,024 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /numproc=2

- - End Of File - - A470258D2C7275F3226F07BE39E0EA9B

EDIT: Moved from XP to more appropriate Malware Removal Logs forum ~ Hamluis.

Edited by hamluis, 16 June 2010 - 07:20 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:26 PM

Posted 21 June 2010 - 03:51 PM

Do you still desire help?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:26 PM

Posted 24 June 2010 - 06:43 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users