Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various problems ( 99% CPU usage , Windows Services)


  • This topic is locked This topic is locked
2 replies to this topic

#1 surferboi

surferboi

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 24 July 2010 - 06:16 AM

I ran Combofix and got this log
The problems that i'm facing are :

1. svchost.exe shoots up to 99% CPU usage on every windows reboot ( Have tried solving through disabling Microsoft update too, If i kill this process , the CPU is stable but then the audio goes , which i have to re-enable from services.msc)
2. Itunes does not detect my Ipod Touch 2G ( Probably because of some services not properly functioning , though i've enabled all microsoft services and also related ipod services )
3. Also while installing ESSET - NOD 32 , during the installation , i get this message saying : EKRN.exe service does not have sufficient privileges although i'm logged on as the Administrator

HOPE anyone can help me sort this out.


ComboFix 10-07-23.02 - USER 07/24/2010 16:02:17.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.222 [GMT 5.5:30]
Running from: c:\documents and settings\USER.MEMBER-7760E9F5\Desktop\svchost problem\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\USER.MEMBER-7760E9F5\Recent\How High (2001).srt
c:\documents and settings\USER.MEMBER-7760E9F5\Recent\Paul VRay Mat Library.mat
c:\program files\AskSearch\bin\DeFAultsearch.dll
c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\windows\system32\_deleteme.bat
c:\windows\system32\gfbaksm.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASC3360PR
-------\Service_asc3360pr


((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 )))))))))))))))))))))))))))))))
.

2010-07-24 09:56 . 2010-07-24 09:56 -------- d-----w- c:\program files\ESET
2010-07-24 09:56 . 2010-07-24 09:56 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ESET
2010-07-23 23:12 . 2010-07-12 14:29 140288 ----a-w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\update.exe
2010-07-23 23:12 . 2010-07-12 14:29 121856 ----a-w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\uninstall.exe
2010-07-23 22:13 . 2009-05-18 08:47 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-23 22:13 . 2008-04-17 07:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-23 22:12 . 2010-07-23 22:12 -------- d-----w- c:\program files\iPod
2010-07-22 13:14 . 2010-07-22 13:14 -------- d-----w- c:\documents and settings\USER.MEMBER-7760E9F5\AppData
2010-07-22 13:13 . 2010-07-22 13:14 -------- d-----w- c:\program files\Wi-Fi Sync
2010-07-22 13:08 . 2010-07-22 13:10 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-22 13:06 . 2010-07-22 13:07 -------- d-----w- c:\program files\QuickTime
2010-07-22 13:05 . 2010-07-22 13:05 -------- d-----w- c:\program files\Apple Software Update
2010-07-22 12:30 . 2010-07-22 12:30 -------- d-----w- c:\program files\Bonjour
2010-07-12 14:29 . 2010-07-12 14:29 -------- d-----w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\Toolbar4
2010-07-12 14:29 . 2010-07-12 14:29 -------- d-----w- c:\program files\SearchPredict
2010-07-12 14:29 . 2010-07-12 14:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedBit
2010-07-12 14:29 . 2010-07-12 14:29 -------- d-----w- c:\program files\SpeedBit Video Downloader
2010-07-10 00:04 . 2010-07-10 00:04 -------- d-----w- c:\program files\uTorrent
2010-07-10 00:03 . 2010-07-10 00:03 -------- d-----w- c:\documents and settings\USER.MEMBER-7760E9F5\Local Settings\Application Data\uTorrent
2010-07-09 06:23 . 2010-07-09 06:23 -------- d-----w- c:\documents and settings\USER.MEMBER-7760E9F5\Local Settings\Application Data\WinZip
2010-07-09 06:22 . 2010-07-09 06:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip
2010-07-08 15:49 . 2010-07-08 15:49 -------- d-----w- c:\program files\Hobbyist Software
2010-07-08 12:15 . 2010-07-08 12:15 503808 ----a-w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48c464f2-n\msvcp71.dll
2010-07-08 12:15 . 2010-07-08 12:15 499712 ----a-w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48c464f2-n\jmc.dll
2010-07-08 12:15 . 2010-07-08 12:15 348160 ----a-w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-48c464f2-n\msvcr71.dll
2010-07-08 12:15 . 2010-07-08 12:15 61440 ----a-w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1e2bce1c-n\decora-sse.dll
2010-07-08 12:15 . 2010-07-08 12:15 12800 ----a-w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1e2bce1c-n\decora-d3d.dll
2010-07-08 12:14 . 2010-07-08 12:14 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 11:56 . 2005-10-24 19:48 266112 ----a-r- c:\windows\system32\drivers\smwdm.sys
2010-07-08 11:56 . 2005-10-24 19:48 400640 ----a-r- c:\windows\system32\drivers\senfilt.sys
2010-07-08 11:00 . 2010-07-08 11:00 -------- d-----w- c:\program files\C-Media 3D Audio
2010-07-08 11:00 . 2003-08-05 08:53 266240 ----a-w- c:\windows\CMIUninstall.exe
2010-07-08 11:00 . 2003-07-22 05:45 303104 ----a-w- c:\windows\CmiRmRedundDir.exe
2010-07-08 11:00 . 2002-10-18 10:26 28672 ----a-w- c:\windows\CMIRmDriver.dll
2010-07-08 10:25 . 2010-07-08 10:25 -------- d-----w- c:\program files\Realtek AC97
2010-07-08 10:22 . 2010-07-08 10:22 -------- d-----w- c:\program files\Realtek
2010-07-08 10:22 . 2009-08-05 08:10 831488 ------r- c:\windows\RtlExUpd.dll
2010-07-08 09:58 . 2010-07-08 09:58 -------- d-----w- c:\documents and settings\USER.MEMBER-7760E9F5\Local Settings\Application Data\PackageAware
2010-07-08 09:53 . 2004-07-13 09:05 36864 ----a-w- c:\windows\system32\UnAudioNT.dll
2010-07-08 09:53 . 2010-07-08 09:53 -------- d-----w- c:\program files\VIAudioi
2010-07-08 09:37 . 2010-07-08 09:37 -------- d-----w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\DeviceDoctorSoftware
2010-07-08 09:24 . 2005-05-02 15:45 36484 ----a-w- c:\windows\system32\drivers\SMBios.sys
2010-07-08 08:23 . 2010-07-08 08:23 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-08 08:21 . 2010-07-08 08:21 84480 ----a-w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-07-08 08:21 . 2010-07-08 08:21 -------- d-----w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\SystemRequirementsLab
2010-07-08 08:08 . 2010-07-08 08:08 -------- d-----w- C:\Intel Desktop Board

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-24 10:48 . 2009-09-19 20:47 -------- d-----w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\uTorrent
2010-07-24 09:48 . 2009-09-15 19:28 142784 ----a-w- c:\documents and settings\USER.MEMBER-7760E9F5\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-24 09:48 . 2009-09-14 18:18 -------- d-----w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\TeraCopy
2010-07-23 22:13 . 2009-12-02 07:23 -------- d-----w- c:\program files\iTunes
2010-07-23 22:12 . 2009-11-21 05:50 -------- d-----w- c:\program files\Common Files\Apple
2010-07-22 13:06 . 2009-10-10 18:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2010-07-13 12:41 . 2010-03-20 17:49 -------- d-----w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\vlc
2010-07-12 11:31 . 2010-02-03 19:57 -------- d-----w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\dvdcss
2010-07-10 08:25 . 2010-03-16 20:03 -------- d-----w- c:\program files\Free PDF to Word Converter
2010-07-08 16:32 . 2009-10-11 10:51 -------- d-----w- c:\program files\TeamViewer3
2010-07-08 12:14 . 2009-09-18 12:31 -------- d-----w- c:\program files\Common Files\Java
2010-07-08 11:00 . 2008-09-04 15:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-08 09:39 . 2009-10-11 10:52 -------- d-----w- c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\TeamViewer
2009-10-11 11:12 . 2009-10-11 11:12 26455326 ----a-w- c:\program files\Pocket Tanks Deluxe.zip
2007-03-14 11:26 . 2007-03-14 11:26 205 -c--a-w- c:\program files\pt.cfg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-07-12 14:29 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="f:\setups\utorrent.exe" [2009-12-19 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 131072]
"VTTrayp"="VTtrayp.exe" [2005-03-12 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-06 225280]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-06 192512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 329960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 491520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 375072]

c:\documents and settings\USER.MEMBER-7760E9F5\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-9-13 19968]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\AutorunsDisabled
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-9-13 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-8 599392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^USER.MEMBER-7760E9F5^Start Menu^Programs^Startup^Rapidown.lnk]
path=c:\documents and settings\USER.MEMBER-7760E9F5\Start Menu\Programs\Startup\Rapidown.lnk
backup=c:\windows\pss\Rapidown.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^USER.MEMBER-7760E9F5^Start Menu^Programs^Startup^Stickies.lnk]
path=c:\documents and settings\USER.MEMBER-7760E9F5\Start Menu\Programs\Startup\Stickies.lnk
backup=c:\windows\pss\Stickies.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 02:28 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3809280 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPhone PC Suite]
2009-10-15 11:54 933888 ----a-w- c:\program files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-08 15:39 375072 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 11:14 3965776 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2005-09-25 13:41 233472 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 16:23 491520 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-28 07:12 233517 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wi-Fi Sync]
2010-05-27 17:11 446976 ----a-w- c:\program files\Wi-Fi Sync\wifisync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Adobe LM Service"=3 (0x3)
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"fsssvc"=3 (0x3)
"FolderSize"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\WINDOWS\\system32\\VTTimer.exe"=
"c:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\ymsgr_tray.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"f:\\Setups\\utorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\VTtrayp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Pocket Tanks Deluxe\\Pocket Tanks Deluxe 1.3 (Including 230 weapons)\\pockettanks.exe"=
"c:\\WINDOWS\\system32\\WgaTray.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrobat.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\WordWeb\\wweb32.exe"=
"c:\\Program Files\\FolderSize\\FolderSizeSvc.exe"=
"c:\\WINDOWS\\system32\\NeroCheck.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\{755AC846-7372-4AC8-8550-C52491DAA8BD}\\x86\\DifXInstall32.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3689:TCP"= 3689:TCP:Itunes

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\documents and settings\USER.MEMBER-7760E9F5\Desktop\jh\New Folder (3)\kerneld.wnt [8/18/2005 7168]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [12/13/2009 2:00 PM 28160]
S3 V0330VID;WebCam Vista;c:\windows\system32\drivers\V0330Vid.sys [9/14/2009 2:21 AM 173632]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ASC3360PR
*NewlyCreated* - EKRN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10164&gct=&gc=1&q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {CEF899F2-CEAF-498C-9D12-83DBF05D019F} = 120.138.96.18,120.138.98.18
FF - ProfilePath - c:\documents and settings\USER.MEMBER-7760E9F5\Application Data\Mozilla\Firefox\Profiles\3h63goxs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10164&gct=&gc=1&q=
FF - component: c:\program files\SpeedBit Video Downloader\SPFireFox\components\Engine.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-PhoneDaemon - c:\documents and settings\USER.MEMBER-7760E9F5\Desktop\aasa\PhoneDaemon.exe
MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 16:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\documents and settings\USER.MEMBER-7760E9F5\Desktop\jh\New Folder (3)\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-764733703-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D62C36F0-81C0-0A63-36EF-7E3FE9D46BF6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jaffhlkkhiiojlmelfec"=hex:62,61,62,68,00,00
"jaffhlkkhiiojlmelfae"=hex:62,61,65,68,00,00
"iafaljdloflceepiko"=hex:6b,61,63,68,61,67,6c,68,68,6c,69,65,68,63,6b,61,70,61,
6b,64,61,66,00,00
"hapobjokbdgmkjom"=hex:6b,61,63,68,61,67,6c,68,68,6c,69,65,68,63,6b,61,62,62,
62,69,61,67,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2464)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\FolderSize\FolderSizeColumn.dll
c:\program files\Common Files\Ahead\lib\NeroDigitalExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\VTTimer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-07-24 16:34:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-24 11:04
ComboFix2.txt 2009-10-05 14:34
ComboFix3.txt 2009-09-18 14:33

Pre-Run: 2,428,846,080 bytes free
Post-Run: 2,620,010,496 bytes free

- - End Of File - - 470B8E9B88B5A630CA850A562D740B4F

Resolved the Itunes issue , was a problem with my Apple Mobile Device Support

Merged posts. ~ OB

Edited by Orange Blossom, 27 July 2010 - 11:15 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 31 July 2010 - 04:51 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:59 PM

Posted 04 August 2010 - 08:09 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users