|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
06-21-2008, 12:01 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: Vista
|
[SOLVED] Urgently need help!!
Hi guys, recently encounter some problems wif my com.
1. Google wouldnt search..just stuck at the page 2. Window explorer easily hang and restart 3. PC slow down 4. Got error show Buffer overflow ++++++ Can anyone help please?? Wondering this will help.. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:05:52 PM, on 21/6/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\schtasks.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\CtHelper.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\hp\kbd\kbd.exe C:\Windows\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe C:\Windows\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: (no name) - {6BAE9031-CF1D-4CC7-AD08-B7E6A3A4E49C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {B6ADF986-BB92-47E0-B21E-5D9927254ACA} - C:\Windows\system32\cbXQjigh.dll O2 - BHO: (no name) - {C14E6230-757D-4246-81CE-B34E2940C722} - C:\Windows\system32\pmnnNhfE.dll O2 - BHO: (no name) - {E9E847D1-1EF6-4CEC-A488-C040E53E4830} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\pmnnNhfE.dll,#1 O4 - HKLM\..\Run: [BM6b33da12] Rundll32.exe "C:\Windows\system32\miljmuny.dll",s O4 - HKLM\..\Run: [6800e98e] rundll32.exe "C:\Windows\system32\slukdmjf.dll",b O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe O13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 9111 bytes Last edited by amateur : 06-21-2008 at 04:02 AM. Reason: merged to retain 0-reply status |
|
     |
|
06-27-2008, 08:48 AM
|
#2 (permalink) | |
|
Analyst, Security Team
Join Date: Nov 2007
Location: Manchester, UK
Posts: 631
OS: W2K SP4 + XP SP2 + Vista
|
Re: Urgently need help!!
Quote:
My name is Katana and I will be helping you to remove any infection(s) that you may have. Please observe these rules while we work: 1. If you don't know, stop and ask! Don't keep going on. 2. Please reply to this thread. Do not start a new topic. 3. Please continue to respond until I give you the "All Clear" (Just because you can't see a problem doesn't mean it isn't there) If you can do those three things, everything should go smoothly :D I apologize for the delay in responding, but as you can probably see the forums are quite busy. Unfortunately there are far more people needing help than there are helpers. Please Note, your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe ---------------------------------------------------------------------------------------- If you still require help please post a fresh HJT log
__________________
   |
|
|
|
|
|
06-28-2008, 08:09 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: Vista
|
Re: Urgently need help!!
Hi Katana,
Thanks for ya help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:09:32 AM, on 29/6/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16681) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\system32\schtasks.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\CtHelper.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\hp\kbd\kbd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {B24EC031-A31B-4D7E-BBA6-EF9CD9ACFA90} - C:\Windows\system32\cbXQjigh.dll O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [6800e98e] rundll32.exe "C:\Windows\system32\rhtosccy.dll",b O4 - HKLM\..\Run: [BM6b33da12] Rundll32.exe "C:\Windows\system32\rqkeosbn.dll",s O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user') O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe O13 - Gopher Prefix: O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 8165 bytes Last edited by johnny83 : 06-28-2008 at 08:11 PM. |
|
|
|
|
06-29-2008, 07:39 AM
|
#4 (permalink) |
|
Analyst, Security Team
Join Date: Nov 2007
Location: Manchester, UK
Posts: 631
OS: W2K SP4 + XP SP2 + Vista
|
Re: Urgently need help!!
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix: Bleeping Computer ComboFix Tutorial Post the log from ComboFix when you've accomplished that, along with a new HijackThis log. A word of warning: Neither I nor sUBs are responsible for any damage you may cause your machine by running ComboFix on your own. This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper Installed Programs Please could you give me a list of the programs that are installed.
Click on save list button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into your next post.
__________________
|
|
|
|
|
07-02-2008, 04:58 AM
|
#5 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: Vista
|
Re: Urgently need help!!
erm..got prob running combofix.
when execute, it prompt that it has expired...and pls download a new update. The file auto deleted.. I try installing another time and same thing happens |
|
|
|
|
07-02-2008, 06:15 AM
|
#6 (permalink) |
|
Analyst, Security Team
Join Date: Nov 2007
Location: Manchester, UK
Posts: 631
OS: W2K SP4 + XP SP2 + Vista
|
Re: Urgently need help!!
sUBs is performing updates at the moment, so please use the following link for download
ComboFix by sUBs
__________________
|
|
|
|
|
07-05-2008, 08:32 PM
|
#7 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: Vista
|
Re: Urgently need help!!
ComboFix 08-07-05.1 - Johnny 2008-07-06 11:20:01.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.382 [GMT 8:00] Running from: C:\Users\Johnny\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\cbXQjigh.dll C:\Windows\System32\hgijQXbc.ini C:\Windows\System32\hgijQXbc.ini2 C:\Windows\system32\ltffeugs.ini C:\Windows\system32\rqkeosbn.dll C:\Windows\system32\sguefftl.dll C:\Windows\system32\yccsothr.ini C:\Windows\system32\ycwjqqlw.dll . ((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-22 01:39 --------- d-----w C:\Users\Johnny\AppData\Roaming\Malwarebytes 2008-06-22 01:39 --------- d-----w C:\ProgramData\Malwarebytes 2008-06-21 06:33 --------- d-----w C:\Program Files\Google 2008-06-21 01:13 --------- d-----w C:\Program Files\Prevx2 2008-06-13 19:35 --------- d-----w C:\Users\Johnny\AppData\Roaming\TVU Networks 2008-06-13 19:34 --------- d-----w C:\ProgramData\TVU Networks 2008-06-13 19:34 --------- d-----w C:\Program Files\TVUPlayer 2008-06-13 18:59 --------- d-----w C:\Users\Johnny\AppData\Roaming\ppstream 2008-06-11 18:54 --------- d-----w C:\Users\Johnny\AppData\Roaming\DivX 2008-06-11 18:52 --------- d-----w C:\Program Files\DivX 2008-06-11 18:52 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-06-11 04:57 --------- d-----w C:\Program Files\Windows Mail 2008-06-10 18:59 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-06-09 18:20 --------- d-----w C:\Program Files\Trend Micro 2008-06-09 17:54 --------- d-----w C:\ProgramData\Microsoft Help 2008-06-07 05:04 --------- d-----w C:\Program Files\PPStream 2008-06-03 16:07 --------- d-----w C:\Program Files\Oberon Media 2008-06-03 15:07 --------- d-----w C:\ProgramData\Trend Micro 2008-05-31 09:19 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-05-28 14:46 --------- d-----w C:\Program Files\PPLive 2008-05-12 23:51 10,752 ----a-w C:\Windows\DCEBoot.exe 2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys 2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-04-16 06:25 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe 2008-01-28 04:13 0 ----a-w C:\Users\Johnny\AppData\Roaming\wklnhst.dat 2008-01-20 02:38 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-06-21_14.36.36.30 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-21 06:33:45 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-07-06 03:25:22 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-06-13 19:35:35 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-07-01 10:16:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-13 19:35:35 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-07-01 10:16:10 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-13 19:35:35 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-07-01 10:16:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-06-21 06:34:01 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-07-06 03:25:38 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-07-06 03:25:38 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-06-21 06:34:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-07-06 03:25:38 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-07-06 03:25:38 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-06-21 05:44:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-07-06 03:19:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-21 05:44:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-07-06 03:19:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-21 05:44:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-07-06 03:19:17 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-06-21 06:25:02 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-07-06 03:19:56 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat - 2008-06-20 14:09:08 108,122 ----a-w C:\Windows\System32\perfc009.dat + 2008-07-06 03:18:12 108,122 ----a-w C:\Windows\System32\perfc009.dat - 2008-06-20 14:09:09 622,906 ----a-w C:\Windows\System32\perfh009.dat + 2008-07-06 03:18:13 622,906 ----a-w C:\Windows\System32\perfh009.dat - 2008-06-19 13:05:55 9,796 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1960132854-2443465029-718523181-1000_UserData.bin + 2008-07-06 03:14:30 10,736 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1960132854-2443465029-718523181-1000_UserData.bin - 2008-06-20 14  20 57,356 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin+ 2008-07-06 03:14:29 58,224 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-06-20 14 18 37,814 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin+ 2008-07-06 03:14:28 38,236 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 10:13 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 07:09 486856] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-02 02:37 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 23:01 65536] "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-09 00:16 65536] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 19:59 118784] "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-25 05:13 71176] "DPService"="C:\Program Files\HP\DVDPlay\DPService.exe" [2007-07-04 11:19 94208] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 18:56 54936] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 15:11 49152] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-19 22:54 185896] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-24 19:54 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-24 19:54 154136] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-24 19:54 129560] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 19:06 4669440 C:\Windows\RtHDVCpl.exe] "AsioReg"="CTASIO.DLL" [2007-04-09 12:22 79872 C:\Windows\System32\ctasio.dll] "CTHelper"="CTHELPER.EXE" [2007-04-09 12:32 19456 C:\Windows\System32\CtHelper.exe] "CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 12:32 19968 C:\Windows\System32\Ctxfihlp.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DevconDefaultDB"="C:\Windows\system32\READREG" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{54E4E9E3-4E82-48E5-8B40-3500D127037E}"= C:\Program Files\HP\DVDPlay\DVDPlay.exe:DVD Play "{2A86A794-EE3B-45AB-8C48-791813B4D67C}"= C:\Program Files\HP\DVDPlay\DPService.exe:DVD Play Resident Program "{EE128F96-FCCF-460F-BEA6-E1F85D499E6B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{21AA4B70-7E00-4A0E-82D5-92E16A0E05FA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{AE5286BE-5DA1-49C1-AB5C-E5EA33B55CC5}"= UDP:27365:BitComet 27365 TCP "{ECD685D6-BCED-4EEB-B338-F2FD1FB8C339}"= TCP:27365:BitComet 27365 UDP "{71135F12-F5FA-4DB5-A6F2-DBEFB33BEE6E}"= UDP:5721:LocalSubnet:LocalSubnet|IF={F7175F02-B42F-4914-A167-CEAD975F5D41}:@%systemroot%\WindowsMobile\wmdc.exe,-4002 "{79667694-F50C-4B68-9761-13FEC8F25B01}"= UDP:1034:LocalSubnet:LocalSubnet|IF={F7175F02-B42F-4914-A167-CEAD975F5D41}:@%systemroot%\WindowsMobile\wmdc.exe,-4003 "{25F55911-A629-4E19-B4D5-4E110294991B}"= UDP:5678:LocalSubnet:LocalSubnet|IF={F7175F02-B42F-4914-A167-CEAD975F5D41}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004 "{5039CDF3-1D39-406B-A68E-294DF928F2ED}"= UDP:999:LocalSubnet:LocalSubnet|IF={F7175F02-B42F-4914-A167-CEAD975F5D41}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005 "{0658D439-BCD6-487B-82AE-29E223EBEF87}"= UDP:26675:LocalSubnet:LocalSubnet|IF={F7175F02-B42F-4914-A167-CEAD975F5D41}:@%systemroot%\WindowsMobile\wmdc.exe,-4006 "{0C01D814-6C47-4F4F-9398-0AC34E0464DB}"= UDP:990:LocalSubnet:LocalSubnet|IF={F7175F02-B42F-4914-A167-CEAD975F5D41}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001 "{FF3E96DA-03EE-451A-90E0-8441B658CE02}"= UDP:C:\Program Files\PPLive\PPLive.exe:PPLive "{4EADEA53-E7B1-4963-B648-70AE5B57F00E}"= TCP:C:\Program Files\PPLive\PPLive.exe:PPLive "{F445DB13-C6C4-41ED-84D2-00DC7D556AF5}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{4ECB2991-0AFB-4BA6-8AAA-DB8748964C0F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{50566655-8A00-467A-ABA8-0CD5A5763D34}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{35F9F841-0FDC-46CB-92F8-12AC4898B48F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{095BA139-1645-45FA-AE56-29C30DB04CED}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{138CC3D7-935E-424A-8C96-41523209737F}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "TCP Query User{BF4BDFD0-FD57-45F5-A9B4-D213883A30A2}C:\\program files\\ppstream\\ppstream.exe"= UDP:C:\program files\ppstream\ppstream.exe:PPS???? "UDP Query User{C8C03AEA-AE90-4D0D-99A0-1D084B5EC40D}C:\\program files\\ppstream\\ppstream.exe"= TCP:C:\program files\ppstream\ppstream.exe:PPS???? "TCP Query User{7DF5C62E-CB73-4E2B-A846-BEC865C1CF4D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{E5F51D02-DBB7-41BC-9E73-30ADAE7E0903}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{F69EA063-7789-45E9-BB1A-BA2445F98F1A}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component "UDP Query User{F43FD813-64CF-425B-A242-B7D288A084C6}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\PPStream\\PPStream.exe"= C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ "C:\\Program Files\\PPStream\\PPSAP.exe"= C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cd1e576-d064-11dc-924a-806e6f6e6963}] \shell\AutoRun\command - G:\LaunchU3.exe -a . - - - - ORPHANS REMOVED - - - - HKLM-Run-6800e98e - C:\Windows\system32\sguefftl.dll HKLM-Run-BM6b33da12 - C:\Windows\system32\ycwjqqlw.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-06 11:25:58 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> ?:\Windows\system32\iertutil.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe C:\Windows\System32\audiodg.exe C:\Windows\System32\conime.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\schtasks.exe C:\Windows\System32\igfxsrvc.exe C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe C:\hp\KBD\kbd.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe C:\Windows\System32\dllhost.exe C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe . ************************************************************************** . Completion time: 2008-07-06 11:29:08 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-06 03:29:02 ComboFix2.txt 2008-06-21 06:37:22 The system cannot find message text for message number 0x2379 in the message file for Application. Post-Run: 30,687,797,248 bytes free 211 --- E O F --- 2008-07-04 12:00:32 |
|
|
|
|
07-05-2008, 08:35 PM
|
#8 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: Vista
|
Re: Urgently need help!!
Installed Programs
2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) 2007 Microsoft Office Suite Service Pack 1 (SP1) Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Reader 8.1.1 Apple Software Update BitComet 0.96 Bonjour DivX Codec DivX Converter DivX Player DivX Web Player DVD Play Enhanced Multimedia Keyboard Solution Football Manager 2008 Hardware Diagnostic Tools Hewlett-Packard Active Check for Health Check Hewlett-Packard Asset Agent for Health Check HijackThis 2.0.2 HP Active Support Library HP Active Support Library 32 bit components HP Customer Experience Enhancements HP Customer Feedback HP Easy Setup - Frontend HP On-Screen Cap/Num/Scroll Lock Indicator HP Photosmart Essential 2.01 HP Picasso Media Center Add-In HP Update Intel(R) Graphics Media Accelerator Driver Java(TM) SE Runtime Environment 6 Update 1 Logitech QuickCam MediaRing Talk Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox (2.0.0.14) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) muvee autoProducer 6.0 PPLive 1.9 PPStream Python 2.5 QuickTime RealPlayer Realtek High Definition Audio Driver Roxio Creator Audio Roxio Creator Basic v9 Roxio Creator Copy Roxio Creator Data Roxio Creator EasyArchive Roxio Creator Tools Roxio Express Labeler 3 Security Update for Excel 2007 (KB946974) Security Update for Microsoft Office system 2007 (KB951808) Security Update for Microsoft Office Word 2007 (KB950113) Security Update for Office 2007 (KB947801) Security Update for Visio 2007 (KB947590) TBS WMP Plug-in TVUPlayer 2.3.6.1 Update for Office 2007 (KB946691) Winamp Windows Live installer Windows Live Messenger Windows Live OneCare safety scanner Windows Live OneCare safety scanner Windows Media Player Firefox Plugin Windows Mobile Device Center Windows Mobile Device Center Driver Update WinRAR archiver WinZip |
|
|
|
|
07-06-2008, 04:21 AM
|
#9 (permalink) |
|
Analyst, Security Team
Join Date: Nov 2007
Location: Manchester, UK
Posts: 631
OS: W2K SP4 + XP SP2 + Vista
|
Re: Urgently need help!!
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
BitComet 0.96 I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them. Also available here. My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). Please note: you must NOT use this whilst we are cleaning your machine. Submit a File For Analysis We need to have the files below Scanned by Uploading them/it to Virus Total Please visit Virustotal Copy/paste the the following file path into the window C:\Windows\DCEBoot.exe Click Submit/Send File Please post back, to let me know the results. If Virustotal is too busy please try Jotti Kaspersky Online Scanner . Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal NOTE:- This scan is best done from IE (Internet Explorer) Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html Read the Requirements and limitations before you click Accept. Allow the ActiveX download if necessary Once the database has downloaded, click Next. Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK. Click on "My Computer" and then put the kettle on! When the scan has completed, click Save Report As... Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt) Click Save - by default the file will be saved to your Desktop, but you can change this if you wish. **Note** To optimize scanning time and produce a more sensible report for review:
Logs/Information to Post in Reply Please post the following logs/Information in your reply
Your Java and Adobe is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java and Adobe components and update. Updating Java:
Update Adobe Acrobat Reader
Now close all windows, including your browser. Double click on the Java installation that you downloaded and follow the prompts. Remove Programs Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove.
Reboot your machine.
__________________
|
|
|
|
|
07-10-2008, 05:04 AM
|
#10 (permalink) |
|
Registered User
Join Date: Jun 2008
Posts: 12
OS: Vista
|
Re: Urgently need help!!
File DCEBoot.exe received on 07.10.2008 14:02:47 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/33 (0%) Loading server information... Your file is queued in position: ___. Estimated start time is between ___ and ___ . Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2008.7.10.0 2008.07.10 - AntiVir 7.8.0.64 2008.07.10 - Authentium 5.1.0.4 2008.07.10 - Avast 4.8.1195.0 2008.07.09 - AVG 7.5.0.516 2008.07.10 - BitDefender 7.2 2008.07.10 - CAT-QuickHeal 9.50 2008.07.09 - ClamAV 0.93.1 2008.07.10 - DrWeb 4.44.0.09170 2008.07.10 - eSafe 7.0.17.0 2008.07.09 - eTrust-Vet 31.6.5942 2008.07.10 - Ewido 4.0 2008.07.10 - F-Prot 4.4.4.56 2008.07.10 - F-Secure 7.60.13501.0 2008.07.10 - Fortinet 3.14.0.0 2008.07.10 - GData 2.0.7306.1023 2008.07.10 - Ikarus T3.1.1.26.0 2008.07.10 - Kaspersky 7.0.0.125 2008.07.10 - McAfee 5335 2008.07.09 - Microsoft 1.3704 2008.07.10 - NOD32v2 3257 2008.07.10 - Norman 5.80.02 2008.07.10 - Panda 9.0.0.4 2008.07.09 - Prevx1 V2 2008.07.10 - Rising 20.52.32.00 2008.07.10 - Sophos 4.31.0 2008.07.10 - Sunbelt 3.1.1509.1 2008.07.04 - Symantec 10 2008.07.10 - TheHacker 6.2.96.374 2008.07.07 - TrendMicro 8.700.0.1004 2008.07.10 - VBA32 3.12.6.9 2008.07.10 - VirusBuster 4.5.11.0 2008.07.09 - Webwasher-Gateway 6.6.2 2008.07.10 - Additional information File size: 10752 bytes MD5...: 418b55d63e00d953a1532a831308574e SHA1..: 39bc1fe133076312f9c636b16ebc3be960208f45 SHA256: cc6e7f0ea5d161b61df80de8061b75dc892d6ca15208c5b8639b3ad1ba9e26a0 SHA512: ce9f74569e7a649132ff3c21bf5863a911cda429dce74985680d9d9f985648a9 db5b32d72643235538bae1bf66fdb6912320efd1ac087b40f3579473c64a7009 PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x100284e timedatestamp.....: 0x47383997 (Mon Nov 12 11:31:35 2007) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1cfa 0x1e00 6.17 0dff19229a2d4de5cd2fb4651c3abd4b .data 0x3000 0x519 0x600 7.11 d09c70e16152458497a14fa274af6478 .reloc 0x4000 0xfe 0x200 3.21 78039044715f3386a92b8a6584a9cd4c ( 1 imports ) > ntdll.dll: NtWriteFile, NtReadFile, NtCreateFile, NtQueryInformationFile, NtSetInformationFile, NtClose, ZwSetInformationFile, NtDeleteFile, NtOpenKey, NtQueryValueKey, NtSetValueKey, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlInitUnicodeString, RtlCreateHeap, strncpy, memset, RtlDestroyHeap, RtlFreeHeap, RtlDosPathNameToNtPathName_U, RtlAllocateHeap, NtDisplayString, _snprintf, RtlTimeToTimeFields, RtlSystemTimeToLocalTime, NtQuerySystemTime, _vsnprintf, RtlAdjustPrivilege, memmove, NtTerminateProcess ( 0 exports ) |
|
|
|
![[SOLVED] Urgently need help!!](http://www.techsupportforum.com/cwd/iconimages/resolved-hjt-threads/solved-urgently-need-help.gif)