|
| ||
| Red X on C: and POS.file night mare 5 Attachment(s) Real PC amateur... Need help with virus on PC. I've read the diagnositics on forum and completed scans and logs as requested. Could really use help in trying to rid myself of these nasties. First I have a Red X next to my C: Drive, Next when I log on i get 2 pops. C:/windoows/system32/lxcowlfy.dll and / or C:/windows/system32/spsaykqh.dll and in my documents. I have hundreds of POS. files . Can someone help me remove ? please review the attached logs hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:42:48 PM, on 8/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\UStorSrv.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Internet Explorer\orz.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\system32\dlcccoms.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Internet Explorer\flashupdate20080416.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\realplayerupdate20080811.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {049B9FF0-9159-47EB-ADB2-6F53D7786F51} - C:\WINDOWS\system32\mljji.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {26F36617-35CC-487E-AFFE-800CCBE16815} - C:\WINDOWS\system32\mljji.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: GloveBHO - {9782d730-5648-4eb0-ab4e-fe82f580485a} - C:\Program Files\Glove\Glove.dll (file missing) O2 - BHO: (no name) - {99EA4FC4-63CD-44B9-BB5A-EFDD451A7572} - C:\WINDOWS\system32\mlJYrpPF.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {C8DC3782-A647-86E1-1795-A48F05562999} - C:\WINDOWS\system32\odo.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [a426f2d8] rundll32.exe "C:\WINDOWS\system32\lxcowlfy.dll",b O4 - HKLM\..\Run: [GoogleUpdate] C:\Program Files\Internet Explorer\orz.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM') O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Logan Z\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/G...luginIEWin.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL O20 - Winlogon Notify: jyqemblz - jyqemblz.dll (file missing) O20 - Winlogon Notify: pmnnmmn - pmnnmmn.dll (file missing) O20 - Winlogon Notify: rqRLfDvS - rqRLfDvS.dll (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe -- End of file - 12024 bytes |
| ||
| Re: Red X on C: and POS.file night mare download ComboFix When you begin the download you may see a security warning. Click Save and save it to the desktop. Once Combofix appears on the desktop then FIRST do the following; Close all open Windows including this one. Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. Once you click that Combofix Icon you may get another security warning Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue. The scan will take awhile so be patient. Be sure NOT to touch the computer until the program has completed it's scan. If you see your Windows desktop disappear, do not worry or the clock change time. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. When ComboFix has finished, it will automatically close the program and change your clock back to its original format. NOTE; Remember DO NOT TOUCH the computer, keyboard or mouse while the program is running as it will interfere with the proper running of the program. Once it is complete come back here and post that combofix log. |
| ||
| Re: Red X on C: and POS.file night mare thanks and sorry for late reply combofix log ComboFix 08-08-12.01 - Gregg Z 2008-08-13 12:36:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.470 [GMT -4:00] Running from: C:\Documents and Settings\Gregg Z\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Gregg Z\Application Data\macromedia\Flash Player\#SharedObjects\75MPPBJ7\interclick.com C:\Documents and Settings\Gregg Z\Application Data\macromedia\Flash Player\#SharedObjects\75MPPBJ7\interclick.com\ud.sol C:\Documents and Settings\Gregg Z\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Gregg Z\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Laurie Z\Application Data\FunWebProducts C:\Documents and Settings\Laurie Z\Application Data\FunWebProducts\Data\Laurie Z\avatar.dat C:\Documents and Settings\Laurie Z\Application Data\FunWebProducts\Data\Laurie Z\zbucks.dat C:\Documents and Settings\Laurie Z\Application Data\macromedia\Flash Player\#SharedObjects\RYCGABJ7\interclick.com C:\Documents and Settings\Laurie Z\Application Data\macromedia\Flash Player\#SharedObjects\RYCGABJ7\interclick.com\ud.sol C:\Documents and Settings\Laurie Z\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Laurie Z\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Taylor Z\Application Data\FNTS~1 C:\Documents and Settings\Taylor Z\Application Data\FunWebProducts C:\Documents and Settings\Taylor Z\Application Data\FunWebProducts\Data\Taylor Z\avatar.dat C:\Documents and Settings\Taylor Z\Application Data\FunWebProducts\Data\Taylor Z\register.dat C:\Documents and Settings\Taylor Z\Application Data\FunWebProducts\Data\Taylor Z\zbucks.dat C:\Documents and Settings\Taylor Z\Application Data\install.dat C:\Documents and Settings\Taylor Z\Application Data\macromedia\Flash Player\#SharedObjects\6QR3FXV3\interclick.com C:\Documents and Settings\Taylor Z\Application Data\macromedia\Flash Player\#SharedObjects\6QR3FXV3\interclick.com\ud.sol C:\Documents and Settings\Taylor Z\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Taylor Z\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\Taylor Z\Application Data\PPPATC~1 C:\Documents and Settings\Taylor Z\My Documents\SSTEM~1 C:\Documents and Settings\Taylor Z\My Documents\SSTEM~1\s?stem\ C:\Documents and Settings\Taylor Z\My Documents\YMBOLS~1 C:\Documents and Settings\Z Family\Application Data\FunWebProducts C:\Documents and Settings\Z Family\Application Data\FunWebProducts\Data\Z Family\avatar.dat C:\Documents and Settings\Z Family\Application Data\FunWebProducts\Data\Z Family\register.dat C:\Documents and Settings\Z Family\Application Data\FunWebProducts\Data\Z Family\zbucks.dat C:\Documents and Settings\Z Family\Application Data\macromedia\Flash Player\#SharedObjects\YPKEWGNL\interclick.com C:\Documents and Settings\Z Family\Application Data\macromedia\Flash Player\#SharedObjects\YPKEWGNL\interclick.com\ud.sol C:\Documents and Settings\Z Family\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\Z Family\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Program Files\Common Files\dobe~1 C:\Program Files\Common Files\sks~1 C:\Program Files\Drmupgds C:\Program Files\ecurit~1 C:\Program Files\racle~1 C:\temp\iee C:\Temp\isgTi19 C:\WINDOWS\ecurit~1 C:\WINDOWS\system32\absftiuv.ini C:\WINDOWS\system32\agvhiyar.ini C:\WINDOWS\system32\asks~1 C:\WINDOWS\system32\attfpuyh.ini C:\WINDOWS\system32\BHNUvGgh.ini C:\WINDOWS\system32\BHNUvGgh.ini2 C:\WINDOWS\system32\bhxvujxx.ini C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\cnvrkqak.ini C:\WINDOWS\system32\cqklpwpk.ini C:\WINDOWS\system32\cvpwmryl.ini C:\WINDOWS\system32\dcucarka.ini C:\WINDOWS\system32\dhfqsbih.ini C:\WINDOWS\system32\dpuuadsa.ini C:\WINDOWS\system32\efttyljx.ini C:\WINDOWS\system32\ewjarpmt.ini C:\WINDOWS\system32\fcylxhnm.ini C:\WINDOWS\system32\ffloyurk.ini C:\WINDOWS\system32\fgqnpeop.ini C:\WINDOWS\system32\FPprYJlm.ini C:\WINDOWS\system32\FPprYJlm.ini2 C:\WINDOWS\system32\gesqtskk.ini C:\WINDOWS\system32\gfhrcppf.ini C:\WINDOWS\system32\gicruxym.ini C:\WINDOWS\system32\hbftkaqr.ini C:\WINDOWS\system32\hbsfwsea.ini C:\WINDOWS\system32\hdkgdprc.ini C:\WINDOWS\system32\hyngkjlh.ini C:\WINDOWS\system32\idwyankp.ini C:\WINDOWS\system32\IhRqAcdd.ini C:\WINDOWS\system32\IhRqAcdd.ini2 C:\WINDOWS\system32\iiygfniy.ini C:\WINDOWS\system32\ijjlm.ini C:\WINDOWS\system32\ijjlm.ini2 C:\WINDOWS\system32\imahecii.ini C:\WINDOWS\system32\iuxfyhol.ini C:\WINDOWS\system32\ivetlpme.ini C:\WINDOWS\system32\jipwfoih.ini C:\WINDOWS\system32\jjPrAcdd.ini C:\WINDOWS\system32\jjPrAcdd.ini2 C:\WINDOWS\system32\jvrgbmak.ini C:\WINDOWS\system32\kbigkfbu.ini C:\WINDOWS\system32\khuyxcwc.ini C:\WINDOWS\system32\kuirwsjh.ini C:\WINDOWS\system32\laewkabv.ini C:\WINDOWS\system32\lhkqfkpg.ini C:\WINDOWS\system32\lqgacexk.ini C:\WINDOWS\system32\lxorutni.ini C:\WINDOWS\system32\masltafp.ini C:\WINDOWS\system32\mcqslspu.ini C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\mtvsuwph.ini C:\WINDOWS\system32\mxfufkxr.ini C:\WINDOWS\system32\mximximf.ini C:\WINDOWS\system32\newqibke.ini C:\WINDOWS\system32\nmdntdsc.ini C:\WINDOWS\system32\nrlmkxry.ini C:\WINDOWS\system32\nxtcijgu.ini C:\WINDOWS\system32\o02PrEz C:\WINDOWS\system32\offhnibf.ini C:\WINDOWS\system32\ogdupvpe.ini C:\WINDOWS\system32\orjflgek.ini C:\WINDOWS\system32\ourvvxyp.ini C:\WINDOWS\system32\owdotjuk.ini C:\WINDOWS\system32\pbcwqcbu.ini C:\WINDOWS\system32\prvegbxa.ini C:\WINDOWS\system32\PXEhRXyb.ini C:\WINDOWS\system32\PXEhRXyb.ini2 C:\WINDOWS\system32\qdigvsfm.ini C:\WINDOWS\system32\qeyvoeob.ini C:\WINDOWS\system32\qlwcwrgh.ini C:\WINDOWS\system32\qnnlotlp.ini C:\WINDOWS\system32\qrqxvbis.ini C:\WINDOWS\system32\rrobjcff.ini C:\WINDOWS\system32\sausmxbg.ini C:\WINDOWS\system32\sbgjuhxt.ini C:\WINDOWS\system32\sdkfslmv.ini C:\WINDOWS\system32\sjasicuq.ini C:\WINDOWS\system32\sjyvvyvc.ini C:\WINDOWS\system32\sqkfvjfg.ini C:\WINDOWS\system32\stem32~1 C:\WINDOWS\system32\tfrgrnmj.ini C:\WINDOWS\system32\tpxgqdau.ini C:\WINDOWS\system32\tvdshxri.ini C:\WINDOWS\system32\twagyhdq.ini C:\WINDOWS\system32\uaynswnt.ini C:\WINDOWS\system32\uyupgxsm.ini C:\WINDOWS\system32\vatraggg.ini C:\WINDOWS\system32\vgsvhoiq.ini C:\WINDOWS\system32\vkenfyhq.ini C:\WINDOWS\system32\vlcaedsi.ini C:\WINDOWS\system32\wjjdhunn.ini C:\WINDOWS\system32\wkqxrttp.ini C:\WINDOWS\system32\wnsxs~1 C:\WINDOWS\system32\xjohtpes.ini C:\WINDOWS\system32\xjpnhfuc.ini C:\WINDOWS\system32\xoesieub.ini C:\WINDOWS\system32\yeoedqrd.ini C:\WINDOWS\system32\yflwocxl.ini C:\WINDOWS\system32\yfyjqdqb.ini C:\WINDOWS\system32\ymbols~1 C:\WINDOWS\system32\ymryiyvo.ini C:\WINDOWS\system32\yshdewnl.ini C:\WINDOWS\system32\yxytbmkx.ini C:\WINDOWS\system32\yyklupiy.ini C:\xcrashdump.dat . ((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 ))))))))))))))))))))))))))))))) . 2008-08-11 15:24 . 2008-08-11 15:24 <DIR> d-------- C:\Deckard 2008-08-11 14:01 . 2008-08-11 15:10 <DIR> d-------- C:\Program Files\EsetOnlineScanner 2008-08-10 21:57 . 2008-08-10 21:57 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-10 21:57 . 2008-08-10 21:57 <DIR> d-------- C:\Documents and Settings\Gregg Z\Application Data\Malwarebytes 2008-08-10 21:57 . 2008-08-10 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-10 21:57 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-10 21:57 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-10 19:20 . 2008-08-10 19:20 <DIR> d-------- C:\Documents and Settings\Laurie Z\Application Data\Symantec 2008-08-10 18:29 . 2008-08-10 18:29 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-08 23:04 . 2008-08-08 23:04 <DIR> d-------- C:\Documents and Settings\Taylor Z\Application Data\Symantec 2008-08-07 23:23 . 2008-08-07 23:23 <DIR> d-------- C:\Program Files\Windows Sidebar 2008-08-07 23:22 . 2008-08-07 23:49 <DIR> d-------- C:\Program Files\Norton 360 2008-08-07 23:21 . 2008-08-07 23:34 <DIR> d-------- C:\Program Files\Symantec 2008-08-07 23:21 . 2008-08-08 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-08-07 23:21 . 2008-08-07 23:34 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-08-07 23:21 . 2008-08-07 23:34 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-08-07 23:21 . 2008-08-07 23:34 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-08-07 23:21 . 2008-08-07 23:34 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-08-07 23:14 . 2008-08-13 12:42 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-08-07 23:10 . 2008-08-07 23:27 <DIR> d-------- C:\Documents and Settings\Gregg Z\Application Data\Symantec 2008-08-07 21:04 . 2008-08-07 21:04 37 --a------ C:\WINDOWS\marscam.ini 2008-08-07 14:35 . 2008-08-07 14:37 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-08-07 11:17 . 2008-08-07 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files 2008-08-06 23:38 . 2008-08-06 23:38 <DIR> d-------- C:\Program Files\VnrBlock 2008-07-16 04:01 . 2008-07-16 04:01 2,340 --a------ C:\links.html 2008-07-15 22:02 . 2008-07-16 14:42 2,174 ---hs---- C:\WINDOWS\system32\oxhyrwes.ini 2008-07-15 21:57 . 2008-07-15 21:57 1,590 ---hs---- C:\WINDOWS\system32\htpqnagr.ini 2008-07-14 22:41 . 2008-07-25 14:56 <DIR> d-------- C:\WINDOWS\system32\olixds01 2008-07-13 16:00 . 2008-07-13 16:00 <DIR> d--h----- C:\WINDOWS\msdownld.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-12 23:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-08-08 02:00 --------- d-----w C:\Program Files\Yahoo! 2008-08-08 01:55 --------- d-----w C:\Documents and Settings\Gregg Z\Application Data\Yahoo! 2008-08-08 01:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-08-08 01:54 --------- d-----w C:\Program Files\Viewpoint 2008-08-08 01:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-08-08 01:51 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-08 01:50 --------- d-----w C:\Program Files\GameSpy Arcade 2008-08-08 01:49 --------- d-----w C:\Program Files\GemMaster 2008-08-07 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8 2008-08-04 03:35 --------- d-----w C:\Program Files\LimeWire 2008-07-30 21:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-07-30 21:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-07-30 21:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat 2008-07-30 19:32 --------- d-----w C:\Program Files\Google 2008-07-18 03:05 --------- d-----w C:\Documents and Settings\Gregg Z\Application Data\AVGTOOLBAR 2008-07-16 13:49 --------- d-----w C:\Documents and Settings\Laurie Z\Application Data\AVGTOOLBAR 2008-07-09 05:27 --------- d-----w C:\Documents and Settings\Taylor Z\Application Data\Apple Computer 2008-06-28 23:49 --------- d-----w C:\Documents and Settings\Z Family\Application Data\Apple Computer 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-13 18:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys 2008-06-13 18:14 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat 2008-06-13 18:14 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf 2008-06-13 18:13 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2008-06-13 18:13 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys 2008-06-13 18:13 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2008-06-13 18:13 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2008-06-13 18:13 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2008-06-13 18:13 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2008-06-13 18:13 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-02-17 17:49 774,144 -c--a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded] @="{4433A54A-1AC8-432F-90FC-85F045CF383C}" [HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}] 2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending] @="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" [HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}] 2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected] @="{476D0EA3-80F9-48B5-B70B-05E677C9C148}" [HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}] 2008-02-26 04:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 05:04 59392] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 04:48 36975] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 09:50 139264] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 22:05 339968] "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184] "CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 17:19 53248] "MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 09:50 131072] "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 09:50 53248] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-10-01 09:40 26112] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920] "DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 14:38 69632] "dlccmon.exe"="C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 15:03 425984] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-26 21:15 29744] "GoogleUpdate"="C:\Program Files\Internet Explorer\orz.EXE" [2008-08-03 19:51 176128] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 15:37 51048] "osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 10:50 988512] "P17Helper"="P17.dll" [2004-06-10 17:51 60928 C:\WINDOWS\system32\P17.dll] C:\Documents and Settings\Gregg Z\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-01-15 14:29:57 147456] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-14 14:13:05 125624] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 12:59:36 806912] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.MJPG"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 15:37] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42] S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-26 21:15] S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-11-02 16:12] S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-10 06:00] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder 2008-08-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [] . - - - - ORPHANS REMOVED - - - - BHO-{049B9FF0-9159-47EB-ADB2-6F53D7786F51} - C:\WINDOWS\system32\mljji.dll BHO-{26F36617-35CC-487E-AFFE-800CCBE16815} - C:\WINDOWS\system32\mljji.dll BHO-{9782d730-5648-4eb0-ab4e-fe82f580485a} - C:\Program Files\Glove\Glove.dll BHO-{99EA4FC4-63CD-44B9-BB5A-EFDD451A7572} - C:\WINDOWS\system32\mlJYrpPF.dll BHO-{C8DC3782-A647-86E1-1795-A48F05562999} - C:\WINDOWS\system32\odo.dll HKLM-Run-a426f2d8 - C:\WINDOWS\system32\lxcowlfy.dll Notify-jyqemblz - jyqemblz.dll Notify-pmnnmmn - pmnnmmn.dll Notify-rqRLfDvS - rqRLfDvS.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://my.att.net/ R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html O8 -: &Search O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Logan Z\Start Menu\Programs\IMVU\Run IMVU.lnk O16 -: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab C:\WINDOWS\Downloaded Program Files\install.inf C:\WINDOWS\Downloaded Program Files\GoogleGadgetPluginIEWin.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 12:45:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run GoogleUpdate = C:\Program Files\Internet Explorer\orz.EXE??????????????X9??????(????????????????????????????????=???????????????????????@@@?????????????A??(? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\ehome\ehRecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\WINDOWS\system32\dlcccoms.exe C:\Program Files\Internet Explorer\javaupdate20080409.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\visualbasicupdate20080409.exe C:\Program Files\Internet Explorer\acdseeupdate20080415.exe C:\Program Files\Internet Explorer\flashupdate20080416.exe C:\Program Files\Internet Explorer\realplayerupdate20080811.exe . ************************************************************************** . Completion time: 2008-08-13 12:49:12 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-13 16:49:06 Pre-Run: 119,296,086,016 bytes free Post-Run: 119,208,882,176 bytes free 375 --- E O F --- 2008-08-10 07:06:01 |
| ||
| Re: Red X on C: and POS.file night mare Run the ESET Online Scanner again and have it FIX anything found. Then run a new HiJackThis scan please and post that new log and the ESET Scanner log? |
| ||
| Re: Red X on C: and POS.file night mare Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:19:48 PM, on 8/14/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UStorSrv.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Internet Explorer\orz.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\dlcccoms.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [GoogleUpdate] C:\Program Files\Internet Explorer\orz.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Logan Z\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/G...luginIEWin.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe -- End of file - 10738 bytes |
| ||
| Re: Red X on C: and POS.file night mare Where is the ESET Scanner log? |
| All times are GMT -4. The time now is 1:45 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC