|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
09-17-2009, 09:51 AM
|
#1 (permalink) |
|
Registered User
Join Date: Aug 2009
Posts: 7
OS: xp
|
Problem?
The computer these logs are from is networked to a computer that is currently being cleaned. For reference, here is the thread for it hxxp://www.techsupportforum.com/security-center/virus-trojan-spyware-help/414291-trojan-horse.html
I don't know if this computer's issues are tied in with that computer, but I've been receiving spam like no ones business for about 2 weeks now. It coincides with the issues from the computer referenced above. I've been getting hundreds of spam e-mails a day. Here are the logs. DDS (Ver_09-07-30.01) - NTFSx86 Run by DK at 7:34:46.37 on Thu 09/17/2009 Internet Explorer: 8.0.6001.18241 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.488 [GMT -7:00] AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\QuickBooks Online Backup\AgentSrv.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NDAS\System\ndassvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Online Backup\OnlineBackup.exe C:\Program Files\Photolightning\autodetect.exe C:\Program Files\NDAS\System\ndasmgmt.exe C:\Program Files\QuickBooks Online Backup\CBSysTray.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\DK\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [@BackupScheduler] c:\program files\online backup\OnlineBackup.exe mRun: [VTTimer] VTTimer.exe mRun: [VTTrayp] VTtrayp.exe mRun: [SoundMan] SOUNDMAN.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe" mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" StartupFolder: c:\docume~1\dk\startm~1\programs\startup\quickb~1.lnk - c:\program files\quickbooks online backup\OLSysTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autode~1.lnk - c:\program files\photolightning\autodetect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ndasde~1.lnk - c:\program files\ndas\system\ndasmgmt.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\quickbooks online backup\CBSysTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://ra.intuit.com/sdccommon/download/tgctlcm.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149004262859 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: NavLogon - c:\windows\system32\NavLogon.dll AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\dk\applic~1\mozilla\firefox\profiles\xw8ufebi.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll ============= SERVICES / DRIVERS =============== R0 lfsfilt;Lean File Sharing;c:\windows\system32\drivers\lfsfilt.sys [2006-8-28 140160] R0 lpx;LPX Protocol;c:\windows\system32\drivers\lpx.sys [2006-3-20 44288] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2006-5-30 11264] R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392] R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-23 1715904] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090829.007\naveng.sys [2009-8-29 84912] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090829.007\navex15.sys [2009-8-29 1323568] R3 ndasbus;NDAS Bus Driver;c:\windows\system32\drivers\ndasbus.sys [2006-3-20 59136] S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-10-2 29744] S3 ndasscsi;NDAS SCSI Miniport Driver;c:\windows\system32\drivers\ndasscsi.sys [2006-3-20 115584] S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608] =============== Created Last 30 ================ 2009-09-14 09:15 153,088 -c------ c:\windows\system32\dllcache\triedit.dll 2009-09-08 15:31 32 a------- c:\windows\__$tofn$__ 2009-09-08 15:30 <DIR> --d----- c:\program files\AdvancedDefrag 2009-09-08 13:59 <DIR> --d----- c:\docume~1\dk\applic~1\Spamihilator 2009-09-08 12:45 81,408 a------- c:\windows\system32\devcon_x64.exe 2009-09-08 12:45 55,808 a------- c:\windows\system32\devcon.exe 2009-09-08 12:45 <DIR> --d----- c:\program files\Driver Checker 2009-09-08 12:07 <DIR> --d----- c:\program files\Registry Easy ==================== Find3M ==================== 2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll ============= FINISH: 7:35:03.60 =============== |
|
     
|
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
| Thread Tools | |
|
|
