Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Lazer482u2

9 Posts

762

February 6th, 2008 09:00

hijack this report needs reviewed please help

Red X Vundo virus hijack this report needs reviewed please help. Thank you in advance to helping me resolve this virus and the slow responce to my laptop. 
                   Laptop is a Dell Inspiron 1000   windows Xp
Thanks
 Peter


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:43 AM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Eryn Rusta\Desktop\VundoFix.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {41531C00-81C4-E55D-90DB-878AD9A0FCC3} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {40531C03-81B2-952F-90AD-F28AAFABFCC3} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: {089037f2-95e5-22c9-a534-b81a0edbf972} - {279fbde0-a18b-435a-9c22-5e592f730980} - (no file)
O2 - BHO: (no name) - {31E6234A-EDA7-FE6D-80FF-C76942F389CF} - (no file)
O2 - BHO: (no name) - {76988D20-15CE-5B5E-EB61-6E2365C4C7CE} - (no file)
O2 - BHO: (no name) - {7A2AF0BB-3F25-52E7-72C6-66D4FC71C1CD} - (no file)
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {DA0235BA-B163-E1DA-03D2-85B3CB547AA1} - (no file)
O2 - BHO: (no name) - {EB2F05B9-9C53-D799-2EE6-B69E8D6D5791} - (no file)
O2 - BHO: (no name) - {F5C19EA8-0360-39F4-6043-0B6244CF1E9E} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Vogykerb] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190766095775
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
O20 - Winlogon Notify: hggefcc - hggefcc.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9341 bytes

Lazer482u2

9 Posts

February 6th, 2008 10:00

Updated hijack files:

I deleted items from original list that I thought were un needed or had no files at the end.

Still have the red X on drive C:

Last scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:43 AM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Vogykerb] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 2563 bytes



bamajim

10.4K Posts

February 6th, 2008 12:00

Lazer482u2

Please download Combofix and save to your desktop:
  • Note: It is important that it is saved directly to your desktop
    Close any open browsers.
    Double click on combofix.exe and follow the prompts.
    When it's finished it will produce a log.
    Post the contents of the C:\ComboFix.txt into your next reply.
    Note: Do not mouseclick combofix's window whilst it's running.
    That may cause the program to freeze/hang.














Microsoft MVP Consumer-Security

 


"The world is what you make of it"




Lazer482u2

9 Posts

February 6th, 2008 23:00

THAnks for responding to me with this computer issue. Below is the log file you requested from Combofix .
Below that is a log file from Hijack this after I ran combo Fix  I seperated them with several space to clearly indicate two logs.    

Thanks again
Peter


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:43 AM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Vogykerb] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 2563 bytes
















Hijack log below   looks like Combofix log ???????????????????????????????





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:47 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Vogykerb] C:\WINDOWS\System32\??chost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 2766 bytes




bamajim

10.4K Posts

February 7th, 2008 12:00

Lazer482u2

 

You posted the Hijackthis log twice. The Combofix log can be found at C:\Combofix.txt or inside the C:\Combofix folder.

 




 

Microsoft MVP Consumer-Security

 


"The world is what you make of it"


Lazer482u2

9 Posts

February 7th, 2008 20:00

ComboFix 08-02.05.3 - Eryn Rusta 2008-02-07  7:17:03.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.163 [GMT -5:00]
Running from: C:\Documents and Settings\Eryn Rusta\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-01-07 to 2008-02-07  )))))))))))))))))))))))))))))))
.

2008-02-06 19:33 . 2004-08-03 23:56    388,608    --a------    C:\kmd.exe
2008-02-06 05:36 . 2008-02-06 05:36        d--------    C:\Program Files\Trend Micro
2008-02-03 21:09 . 2008-02-03 22:26        d--------    C:\VundoFix Backups
2008-02-03 20:27 . 2008-02-03 20:27        d--------    C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-02-03 17:12 . 2008-02-03 17:16        d--------    C:\N360_BACKUP
2008-02-03 15:32 . 2008-02-03 15:32        d--------    C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-03 15:32 . 2004-07-14 11:48        d--------    C:\Documents and Settings\Administrator\WINDOWS
2008-02-03 15:32 . 2004-07-14 12:01        d--------    C:\Documents and Settings\Administrator\Application Data\Sonic
2008-02-03 15:32 . 2004-07-14 11:52        d--------    C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-02-03 15:32 . 2008-01-20 11:46        d--------    C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-30 02:28 . 2008-01-12 18:32    23,904    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys
2008-01-30 02:28 . 2008-01-15 09:54    10,537    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.cat
2008-01-30 02:28 . 2008-01-15 05:28    706    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.inf
2008-01-21 15:06 . 2008-01-21 15:06        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\vlc
2008-01-21 14:58 . 2008-01-21 14:58        d--------    C:\Program Files\VideoLAN
2008-01-21 14:52 . 2008-01-21 14:52        d--------    C:\VLC Media Player
2008-01-21 14:52 . 2008-01-21 14:52        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Share-to-Web Upload Folder
2008-01-21 07:55 . 2008-01-21 07:55        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Symantec
2008-01-20 15:47 . 2007-03-21 20:39    1,060,864    --a------    C:\WINDOWS\SYSTEM32\MFC71.DL1
2008-01-20 14:39 . 2008-01-20 18:33    16    --a------    C:\WINDOWS\SYSTEM32\coh.cache
2008-01-20 08:27 . 2008-01-20 08:27        d--------    C:\Symantec
2008-01-19 22:40 . 2008-01-19 22:40        d--------    C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-19 22:40 . 2008-01-04 20:34    163,696    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-01-19 22:40 . 2008-01-04 20:34    23,920    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-01-19 22:40 . 2008-01-04 20:34    21,872    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-01-19 22:40 . 2008-01-04 20:34    20,336    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-01-19 22:39 . 2008-01-19 22:39        d--------    C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-19 22:39 . 2008-01-04 20:56    1,526,640    --a------    C:\WINDOWS\WRSetup.dll
2008-01-19 22:37 . 2008-01-19 22:37    164    --a------    C:\install.dat
2008-01-19 22:14 . 2005-07-27 16:12    102,912    --a------    C:\WINDOWS\SYSTEM32\islzma.dll
2008-01-19 22:13 . 2008-01-19 22:13        d--------    C:\Program Files\Webroot
2008-01-19 22:13 . 2008-01-19 22:13        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Webroot
2008-01-19 16:46 . 2008-01-19 16:46        d--------    C:\Updater
2008-01-19 16:36 . 2008-02-06 19:48        d--------    C:\tmp
2008-01-14 00:44 . 2008-02-03 11:48        d--------    C:\Program Files\Norton 360
2008-01-14 00:40 . 2008-01-20 18:07    123,952    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-01-14 00:40 . 2008-01-20 18:07    60,800    --a------    C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-01-14 00:40 . 2008-01-20 18:07    10,740    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-01-14 00:40 . 2008-01-20 18:07    805    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-01-14 00:38 . 2008-01-20 18:08        d--------    C:\Program Files\Symantec
2008-01-14 00:38 . 2008-02-03 23:12        d--------    C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-14 00:34 . 2008-02-03 23:12        d--------    C:\Program Files\Common Files\Symantec Shared
2008-01-13 18:57 . 2008-01-13 19:17        d--------    C:\Program Files\RegistryFix
2008-01-13 17:53 . 2008-01-19 22:08        d--------    C:\Program Files\RcvSystem

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 11:52    ---------    d-----w    C:\Documents and Settings\Eryn Rusta\Application Data\AdobeUM
2008-02-03 21:31    ---------    d-----w    C:\Program Files\Common Files\AOL
2008-02-03 21:31    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\AOL
2008-01-20 18:21    ---------    d-----w    C:\Program Files\LimeWire
2008-01-14 02:32    ---------    d-----w    C:\Program Files\Incomplete
2007-12-15 05:18    ---------    d-----w    C:\Program Files\Viewpoint
2007-12-15 05:18    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-15 05:14    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-15 04:52    ---------    d-----w    C:\Program Files\XCopyPSP
2007-12-15 04:51    ---------    d-----w    C:\Program Files\Bradbury
2007-12-15 04:49    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2007-11-07 09:26    721,920    ----a-w    C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26    721,920    ------w    C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2006-09-02 04:21    5,632    -csha-w    C:\Program Files\Thumbs.db
2005-01-14 03:45    4,466,776    -c--a-w    C:\Program Files\Install_AIM.exe
2004-07-27 14:05    46,568    -c--a-w    C:\Program Files\splash copy.bmp
2004-07-27 14:03    17,734    -c--a-w    C:\Program Files\splash.jpg
2004-05-18 14:10    15,637,039    -c--a-w    C:\Program Files\VS 7.1 - On Campus.zip
2003-09-29 11:10    892    -c--a-w    C:\Program Files\example.sms
2003-09-29 11:10    7,510,370    -c--a-w    C:\Program Files\Setup.exe
2003-09-29 11:10    5,645    -c--a-w    C:\Program Files\SignLic.Txt
2003-09-29 11:10    400    -c--a-w    C:\Program Files\MCAVSCV.scv
2003-09-29 11:10    4,166    -c--a-w    C:\Program Files\Packing.lst
2003-09-29 11:10    29,078    -c--a-w    C:\Program Files\ReadMe.Txt
2003-09-29 11:10    29,060    -c--a-w    C:\Program Files\VS710Det.mcs
2003-09-29 11:10    281,514    -c--a-w    C:\Program Files\VSE710.Nap
2003-09-29 11:10    187    -c--a-w    C:\Program Files\Install.Pkg
2003-09-29 11:10    11,115    -c--a-w    C:\Program Files\Contact.Txt
2003-09-29 11:10    106,612    -c--a-w    C:\Program Files\CMU311.Nap
2003-09-29 11:10    1,292    -c--a-w    C:\Program Files\PkgCatalog.z
2004-09-21 06:06    848    -csha-w    C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2005-08-17 02:31    475    -csha-w    C:\WINDOWS\SYSTEM32\wdnd.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vogykerb"="C:\WINDOWS\System32\??chost.exe" [2004-08-03 23:56 14336]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ 009b5092]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 17:58 856064 C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 09:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2007-08-12 21:17 136768 C:\Program Files\Network Associates\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 18:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SPTISRV"=3 (0x3)
"Netlogon"=3 (0x3)
"McAfeeFramework"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPod Service"=3 (0x3)
"Fax"=2 (0x2)
"seclogon"=2 (0x2)
"SCardSvr"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"mnmsrvc"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"HTTPFilter"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"CryptSvc"=3 (0x3)
"COMSysApp"=3 (0x3)
"comHost"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"ALG"=3 (0x3)
"Alerter"=2 (0x2)

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

*Newly Created Service* - ADOBE_LM_SERVICE
*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 07:21:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-07  7:23:44
ComboFix-quarantined-files.txt  2008-02-07 12:23:12
ComboFix2.txt  2008-02-07 00:45:35
.
2008-02-03 23:09:29    --- E O F --- 

bamajim

10.4K Posts

February 8th, 2008 14:00

Lazer482u2

 

Good work, tell me what's going on with your PC now.

 




 

Microsoft MVP Consumer-Security

 


"The world is what you make of it"


 

Lazer482u2

9 Posts

February 9th, 2008 00:00

Thanks again for your help.       The red X is still on Drive C:         The system is runing with a little drag but not  asslow as it was before combo fix.        I ran combo fix again  but still Red X on C:

Can I delete some of these lines that point to AIM, AOL and others that have no file to help clean up boot time ???

Combo fix  latest log file below.




ComboFix 08-02.05.3 - Eryn Rusta 2008-02-08 20:54:43.3 - NTFSx86
Running from: C:\Documents and Settings\Eryn Rusta\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-01-09 to 2008-02-09  )))))))))))))))))))))))))))))))
.

2008-02-07 07:15 . 2004-08-03 23:56    388,608    --a------    C:\kmd.exe
2008-02-06 05:36 . 2008-02-06 05:36        d--------    C:\Program Files\Trend Micro
2008-02-03 21:09 . 2008-02-03 22:26        d--------    C:\VundoFix Backups
2008-02-03 20:27 . 2008-02-03 20:27        d--------    C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-02-03 17:12 . 2008-02-03 17:16        d--------    C:\N360_BACKUP
2008-02-03 15:32 . 2008-02-03 15:32        d--------    C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-03 15:32 . 2004-07-14 11:48        d--------    C:\Documents and Settings\Administrator\WINDOWS
2008-02-03 15:32 . 2004-07-14 12:01        d--------    C:\Documents and Settings\Administrator\Application Data\Sonic
2008-02-03 15:32 . 2004-07-14 11:52        d--------    C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-02-03 15:32 . 2008-01-20 11:46        d--------    C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-30 02:28 . 2008-01-12 18:32    23,904    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys
2008-01-30 02:28 . 2008-01-15 09:54    10,537    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.cat
2008-01-30 02:28 . 2008-01-15 05:28    706    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.inf
2008-01-21 15:06 . 2008-01-21 15:06        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\vlc
2008-01-21 14:58 . 2008-01-21 14:58        d--------    C:\Program Files\VideoLAN
2008-01-21 14:52 . 2008-01-21 14:52        d--------    C:\VLC Media Player
2008-01-21 14:52 . 2008-01-21 14:52        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Share-to-Web Upload Folder
2008-01-21 07:55 . 2008-01-21 07:55        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Symantec
2008-01-20 15:47 . 2007-03-21 20:39    1,060,864    --a------    C:\WINDOWS\SYSTEM32\MFC71.DL1
2008-01-20 14:39 . 2008-01-20 18:33    16    --a------    C:\WINDOWS\SYSTEM32\coh.cache
2008-01-20 08:27 . 2008-01-20 08:27        d--------    C:\Symantec
2008-01-19 22:40 . 2008-01-19 22:40        d--------    C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-19 22:40 . 2008-01-04 20:34    163,696    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-01-19 22:40 . 2008-01-04 20:34    23,920    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-01-19 22:40 . 2008-01-04 20:34    21,872    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-01-19 22:40 . 2008-01-04 20:34    20,336    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-01-19 22:39 . 2008-01-19 22:39        d--------    C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-19 22:39 . 2008-01-04 20:56    1,526,640    --a------    C:\WINDOWS\WRSetup.dll
2008-01-19 22:37 . 2008-01-19 22:37    164    --a------    C:\install.dat
2008-01-19 22:14 . 2005-07-27 16:12    102,912    --a------    C:\WINDOWS\SYSTEM32\islzma.dll
2008-01-19 22:13 . 2008-01-19 22:13        d--------    C:\Program Files\Webroot
2008-01-19 22:13 . 2008-01-19 22:13        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Webroot
2008-01-19 16:46 . 2008-01-19 16:46        d--------    C:\Updater
2008-01-19 16:36 . 2008-02-06 19:48        d--------    C:\tmp
2008-01-14 00:44 . 2008-02-03 11:48        d--------    C:\Program Files\Norton 360
2008-01-14 00:40 . 2008-01-20 18:07    123,952    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-01-14 00:40 . 2008-01-20 18:07    60,800    --a------    C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-01-14 00:40 . 2008-01-20 18:07    10,740    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-01-14 00:40 . 2008-01-20 18:07    805    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-01-14 00:38 . 2008-01-20 18:08        d--------    C:\Program Files\Symantec
2008-01-14 00:38 . 2008-02-03 23:12        d--------    C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-14 00:34 . 2008-02-03 23:12        d--------    C:\Program Files\Common Files\Symantec Shared
2008-01-13 18:57 . 2008-01-13 19:17        d--------    C:\Program Files\RegistryFix
2008-01-13 17:53 . 2008-01-19 22:08        d--------    C:\Program Files\RcvSystem

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 11:52    ---------    d-----w    C:\Documents and Settings\Eryn Rusta\Application Data\AdobeUM
2008-02-03 21:31    ---------    d-----w    C:\Program Files\Common Files\AOL
2008-02-03 21:31    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\AOL
2008-01-20 18:21    ---------    d-----w    C:\Program Files\LimeWire
2008-01-14 02:32    ---------    d-----w    C:\Program Files\Incomplete
2007-12-15 05:18    ---------    d-----w    C:\Program Files\Viewpoint
2007-12-15 05:18    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-15 05:14    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-15 04:52    ---------    d-----w    C:\Program Files\XCopyPSP
2007-12-15 04:51    ---------    d-----w    C:\Program Files\Bradbury
2007-12-15 04:49    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2006-09-02 04:21    5,632    -csha-w    C:\Program Files\Thumbs.db
2005-01-14 03:45    4,466,776    -c--a-w    C:\Program Files\Install_AIM.exe
2004-07-27 14:05    46,568    -c--a-w    C:\Program Files\splash copy.bmp
2004-07-27 14:03    17,734    -c--a-w    C:\Program Files\splash.jpg
2004-05-18 14:10    15,637,039    -c--a-w    C:\Program Files\VS 7.1 - On Campus.zip
2003-09-29 11:10    892    -c--a-w    C:\Program Files\example.sms
2003-09-29 11:10    7,510,370    -c--a-w    C:\Program Files\Setup.exe
2003-09-29 11:10    5,645    -c--a-w    C:\Program Files\SignLic.Txt
2003-09-29 11:10    400    -c--a-w    C:\Program Files\MCAVSCV.scv
2003-09-29 11:10    4,166    -c--a-w    C:\Program Files\Packing.lst
2003-09-29 11:10    29,078    -c--a-w    C:\Program Files\ReadMe.Txt
2003-09-29 11:10    29,060    -c--a-w    C:\Program Files\VS710Det.mcs
2003-09-29 11:10    281,514    -c--a-w    C:\Program Files\VSE710.Nap
2003-09-29 11:10    187    -c--a-w    C:\Program Files\Install.Pkg
2003-09-29 11:10    11,115    -c--a-w    C:\Program Files\Contact.Txt
2003-09-29 11:10    106,612    -c--a-w    C:\Program Files\CMU311.Nap
2003-09-29 11:10    1,292    -c--a-w    C:\Program Files\PkgCatalog.z
2004-09-21 06:06    848    -csha-w    C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2005-08-17 02:31    475    -csha-w    C:\WINDOWS\SYSTEM32\wdnd.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vogykerb"="C:\WINDOWS\System32\??chost.exe" [2004-08-03 23:56 14336]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2007-08-12 21:17 136768]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58 856064]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ 009b5092]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 21:01:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-08 21:05:10
ComboFix-quarantined-files.txt  2008-02-09 02:05:02
ComboFix2.txt  2008-02-07 12:23:45
ComboFix3.txt  2008-02-07 00:45:35
.
2008-02-03 23:09:29    --- E O F --- 



bamajim

10.4K Posts

February 11th, 2008 12:00

Lazer482u2

1. Open NotePad (not wordpad). Copy and paste the following into Notepad


File::
C:\WINDOWS\System32\??chost.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vogykerb"=-
"ctfmon.exe"=-

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

user posted image
  • You will be prompted to run Combofix again, Do so
    Following the same rules as indicated in my first post
    Then post the contents of the C:\ComboFix.txt log in your reply


2. Rerun Hijackthis and post a fresh Hijackthis log as well



Microsoft MVP Consumer-Security

 


"The world is what you make of it"

Lazer482u2

9 Posts

February 11th, 2008 21:00

ComboFix 08-02.05.3 - Eryn Rusta 2008-02-11 17:42:34.6 - NTFSx86
Running from: C:\Documents and Settings\Eryn Rusta\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((   Files Created from 2008-01-11 to 2008-02-11  )))))))))))))))))))))))))))))))
.

2008-02-11 13:28 . 2004-08-03 23:56    388,608    --a------    C:\kmd.exe
2008-02-11 07:00 . 2008-01-12 18:32    23,904    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys
2008-02-11 07:00 . 2008-01-15 09:54    10,537    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.cat
2008-02-11 07:00 . 2008-01-15 05:28    706    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.inf
2008-02-10 16:36 . 2008-02-10 16:37        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\HP
2008-02-10 16:32 . 2008-02-10 16:32        d--------    C:\Program Files\Common Files\Sonic Shared
2008-02-10 16:32 . 2008-02-10 16:32        d--------    C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-10 16:28 . 2008-02-10 16:29        d--------    C:\Program Files\Common Files\HP
2008-02-10 16:23 . 2008-02-10 16:23        d--------    C:\WINDOWS\SYSTEM32\URTTEMP
2008-02-10 16:13 . 2008-02-10 16:13        d--------    C:\Documents and Settings\All Users\Application Data\HP
2008-02-10 16:07 . 2005-03-08 07:52    51,120    -ra------    C:\WINDOWS\SYSTEM32\DRIVERS\HPZid412.sys
2008-02-10 16:07 . 2005-03-08 07:52    16,496    -ra------    C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
2008-02-10 16:05 . 2004-09-29 12:12    278,584    --a------    C:\WINDOWS\SYSTEM32\HPZidr12.dll
2008-02-10 16:05 . 2004-09-29 12:15    204,800    --a------    C:\WINDOWS\SYSTEM32\HPZipr12.dll
2008-02-10 16:05 . 2004-09-29 12:09    94,208    --a------    C:\WINDOWS\SYSTEM32\HPZipt12.dll
2008-02-10 16:05 . 2004-09-29 12:14    69,632    --a------    C:\WINDOWS\SYSTEM32\HPZipm12.exe
2008-02-10 16:05 . 2004-09-29 12:08    61,440    --a------    C:\WINDOWS\SYSTEM32\HPZinw12.exe
2008-02-10 16:05 . 2004-09-29 12:09    57,344    --a------    C:\WINDOWS\SYSTEM32\HPZisn12.dll
2008-02-10 16:04 . 2008-02-10 16:05        d--------    C:\Program Files\HP
2008-02-10 15:42 . 2008-02-10 16:35    79,322    --a------    C:\WINDOWS\hpfins05.dat
2008-02-10 15:42 . 2005-05-27 06:36    1,547    ---------    C:\WINDOWS\hpfmdl05.dat
2008-02-10 15:41 . 2005-04-27 13:37    77,824    -ra------    C:\WINDOWS\SYSTEM32\hpzids01.dll
2008-02-10 15:41 . 2005-05-10 20:49    37,376    --a------    C:\WINDOWS\SYSTEM32\hpz3l3xu.dll
2008-02-10 15:34 . 2004-08-03 23:08    31,616    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2008-02-10 15:34 . 2004-08-03 23:08    31,616    --a------    C:\WINDOWS\SYSTEM32\DLLCACHE\usbccgp.sys
2008-02-10 09:48 . 2008-02-11 16:35        d--------    C:\Program Files\Norton 360
2008-02-10 09:47 . 2008-02-10 14:11    123,952    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-02-10 09:47 . 2008-02-10 14:11    60,800    --a------    C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-02-10 09:46 . 2008-02-10 14:11        d--------    C:\Program Files\Symantec
2008-02-10 09:46 . 2008-02-11 07:00        d--------    C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-10 08:38 . 2008-02-10 14:11    10,740    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-02-10 08:38 . 2008-02-10 14:11    805    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-02-09 10:33 . 2008-02-10 10:23    16    --a------    C:\WINDOWS\SYSTEM32\coh.cache
2008-02-06 05:36 . 2008-02-06 05:36        d--------    C:\Program Files\Trend Micro
2008-02-03 21:09 . 2008-02-03 22:26        d--------    C:\VundoFix Backups
2008-02-03 20:27 . 2008-02-03 20:27        d--------    C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-02-03 17:12 . 2008-02-03 17:16        d--------    C:\N360_BACKUP
2008-02-03 15:32 . 2008-02-03 15:32        d--------    C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-02-03 15:32 . 2004-07-14 11:48        d--------    C:\Documents and Settings\Administrator\WINDOWS
2008-02-03 15:32 . 2004-07-14 12:01        d--------    C:\Documents and Settings\Administrator\Application Data\Sonic
2008-02-03 15:32 . 2004-07-14 11:52        d--------    C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-02-03 15:32 . 2008-01-20 11:46        d--------    C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-21 15:06 . 2008-01-21 15:06        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\vlc
2008-01-21 14:58 . 2008-01-21 14:58        d--------    C:\Program Files\VideoLAN
2008-01-21 14:52 . 2008-01-21 14:52        d--------    C:\VLC Media Player
2008-01-21 14:52 . 2008-01-21 14:52        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Share-to-Web Upload Folder
2008-01-20 15:47 . 2007-03-21 20:39    1,060,864    --a------    C:\WINDOWS\SYSTEM32\MFC71.DL1
2008-01-20 08:27 . 2008-01-20 08:27        d--------    C:\Symantec
2008-01-19 22:40 . 2008-01-19 22:40        d--------    C:\Documents and Settings\LocalService\Application Data\Webroot
2008-01-19 22:40 . 2008-01-04 20:34    163,696    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys
2008-01-19 22:40 . 2008-01-04 20:34    23,920    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2008-01-19 22:40 . 2008-01-04 20:34    21,872    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys
2008-01-19 22:40 . 2008-01-04 20:34    20,336    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys
2008-01-19 22:39 . 2008-01-19 22:39        d--------    C:\Documents and Settings\All Users\Application Data\Webroot
2008-01-19 22:39 . 2008-01-04 20:56    1,526,640    --a------    C:\WINDOWS\WRSetup.dll
2008-01-19 22:37 . 2008-01-19 22:37    164    --a------    C:\install.dat
2008-01-19 22:14 . 2005-07-27 16:12    102,912    --a------    C:\WINDOWS\SYSTEM32\islzma.dll
2008-01-19 22:13 . 2008-01-19 22:13        d--------    C:\Program Files\Webroot
2008-01-19 22:13 . 2008-01-19 22:13        d--------    C:\Documents and Settings\Eryn Rusta\Application Data\Webroot
2008-01-19 16:46 . 2008-01-19 16:46        d--------    C:\Updater
2008-01-19 16:36 . 2008-02-06 19:48        d--------    C:\tmp
2008-01-14 00:34 . 2008-02-11 16:34        d--------    C:\Program Files\Common Files\Symantec Shared
2008-01-13 18:57 . 2008-01-13 19:17        d--------    C:\Program Files\RegistryFix
2008-01-13 17:53 . 2008-01-19 22:08        d--------    C:\Program Files\RcvSystem

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 21:15    ---------    d-----w    C:\Program Files\Hewlett-Packard
2008-02-04 11:52    ---------    d-----w    C:\Documents and Settings\Eryn Rusta\Application Data\AdobeUM
2008-02-03 21:31    ---------    d-----w    C:\Program Files\Common Files\AOL
2008-02-03 21:31    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\AOL
2008-01-20 18:21    ---------    d-----w    C:\Program Files\LimeWire
2008-01-14 02:32    ---------    d-----w    C:\Program Files\Incomplete
2007-12-15 05:18    ---------    d-----w    C:\Program Files\Viewpoint
2007-12-15 05:18    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-15 05:14    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-15 04:52    ---------    d-----w    C:\Program Files\XCopyPSP
2007-12-15 04:51    ---------    d-----w    C:\Program Files\Bradbury
2007-12-15 04:49    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2006-09-02 04:21    5,632    -csha-w    C:\Program Files\Thumbs.db
2005-05-12 04:36    12,288    ----a-w    C:\WINDOWS\Fonts\RandFont.dll
2005-01-14 03:45    4,466,776    -c--a-w    C:\Program Files\Install_AIM.exe
2004-07-27 14:05    46,568    -c--a-w    C:\Program Files\splash copy.bmp
2004-07-27 14:03    17,734    -c--a-w    C:\Program Files\splash.jpg
2004-05-18 14:10    15,637,039    -c--a-w    C:\Program Files\VS 7.1 - On Campus.zip
2003-09-29 11:10    892    -c--a-w    C:\Program Files\example.sms
2003-09-29 11:10    7,510,370    -c--a-w    C:\Program Files\Setup.exe
2003-09-29 11:10    5,645    -c--a-w    C:\Program Files\SignLic.Txt
2003-09-29 11:10    400    -c--a-w    C:\Program Files\MCAVSCV.scv
2003-09-29 11:10    4,166    -c--a-w    C:\Program Files\Packing.lst
2003-09-29 11:10    29,078    -c--a-w    C:\Program Files\ReadMe.Txt
2003-09-29 11:10    29,060    -c--a-w    C:\Program Files\VS710Det.mcs
2003-09-29 11:10    281,514    -c--a-w    C:\Program Files\VSE710.Nap
2003-09-29 11:10    187    -c--a-w    C:\Program Files\Install.Pkg
2003-09-29 11:10    11,115    -c--a-w    C:\Program Files\Contact.Txt
2003-09-29 11:10    106,612    -c--a-w    C:\Program Files\CMU311.Nap
2003-09-29 11:10    1,292    -c--a-w    C:\Program Files\PkgCatalog.z
2004-09-21 06:06    848    -csha-w    C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2005-08-17 02:31    475    -csha-w    C:\WINDOWS\SYSTEM32\wdnd.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2007-08-12 21:17 136768]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58 856064]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ 009b5092]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 17:51:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-11 17:55:36
ComboFix-quarantined-files.txt  2008-02-11 22:55:24
ComboFix2.txt  2008-02-11 18:42:18
ComboFix3.txt  2008-02-11 18:16:11
ComboFix4.txt  2008-02-09 02:05:11
ComboFix5.txt  2008-02-07 12:23:45
.
2008-02-03 23:09:29    --- E O F --- 

bamajim

10.4K Posts

February 12th, 2008 11:00

Lazer482u2

Post a fresh Hijackthis log and include an update on how your PC is running now.



 

Microsoft MVP Consumer-Security

 


"The world is what you make of it"


Lazer482u2

9 Posts

February 13th, 2008 16:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:24 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5309 bytes

bamajim

10.4K Posts

February 13th, 2008 17:00

Lazer482u2

 

And how's your PC running now?

 




 

Microsoft MVP Consumer-Security

 


"The world is what you make of it"


Lazer482u2

9 Posts

February 13th, 2008 22:00

very slow responce and red X on drive C:

bamajim

10.4K Posts

February 14th, 2008 12:00

Lazer482u2

O.k.

Go HERE and Download System Repair Engineer by smallfrogs
Select local download1 or 2
  • Save it to your Desktop
    Rt Click sreng2.zip->>Extract all->>Extract it to your desktop
    Open the sreng folder
    Double click SREngPS.exe->>Click Run
    At the main Window, in the left Pane,Select Smart Scan
    At the next window make sure all of the boxes are checked and Select Scan
    When the scan is complete Select Save reports
    Save it to your desktop and Close the tool
    Double Click SREngLog.txt copy and paste that log as a reply to this thread









Do not run any other options with this tool unless instructed to do so.

You may have to post the results in more than one reply













Microsoft MVP Consumer-Security

 


"The world is what you make of it"




Was this post helpful?

View All

0 events found

No Events found!

Top