Windows 7 Support
Become a Fan of PCHF on Facebook!
 User Reviews - Add Yours!
The PCHF Lounge
Go Back   PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs
Reload this Page Solved: My other computer's logs
Register for a Free Account

[Fixed] Hijackthis! Logs - My other computer's logs posted in the Security & Safety forums; Hey, I was here before, with the logs of my desk computer. I thought of doing a new thread for my laptop. It's okay for the first half hours or ...

Advertisement
Advertisement

Reply
Scan your PC for Errors
Page 1 of 3 1 23
Old 04-03-2009   #1
Bronze Member
 
Join Date: Jul 2008
Posts: 34
PC Experience: Some Experience
Default My other computer's logs
Hey, I was here before, with the logs of my desk computer.
I thought of doing a new thread for my laptop. It's okay for the first half hours or so, but then it becomes a pain.
I hope that there actually is some kind of infection, cause it would mean the computer can be better
Here are the logs:

03/04/2009 05:46:06 p.m.
mbam-log-2009-04-03 (17-46-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 216746
Time elapsed: 1 hour(s), 48 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:51:03 p.m., on 03/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\ARCHIV~1\Intel\Wireless\Bin\1XConfig.exe
C:\Archivos de programa\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Archivos de programa\Blue Coat K9 Web Protection\k9filter.exe
C:\Archivos de programa\Bonjour\mDNSResponder.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe
C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Archivos de programa\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\NDSTray.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFSServ.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Sonera\InternetAvustaja\bin\sprtcmd.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\Archivos de programa\Java\jre6\bin\jusched.exe
C:\Archivos de programa\Sonera\InternetAvustaja\bin\sprtsvc.exe
C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\********\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
C:\Archivos de programa\OpenOffice.org 2.2\program\soffice.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Archivos de programa\OpenOffice.org 2.2\program\soffice.BIN
C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\tme3srv.exe
C:\Archivos de programa\Canon\CAL\CALMAIN.exe
C:\Archivos de programa\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Documents and Settings\********\Escritorio\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com
O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com
O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com
O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com
O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com
O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com
O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com
O1 - Hosts: 62.189.6.84 _sip._tls.abcd.winnerip.com
O1 - Hosts: 62.189.6.84 _sip._ssl.abcd.winnerip.com
O1 - Hosts: 62.189.6.81 _sip._tls.efgh.winnerip.com
O1 - Hosts: 62.189.6.81 _sip._ssl.efgh.winnerip.com
O1 - Hosts: 62.189.6.83 _sip._tls.ijkl.winnerip.com
O1 - Hosts: 62.189.6.83 _sip._ssl.ijkl.winnerip.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aplicación auxiliar de vínculos de Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Archivos de programa\Archivos comunes\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {627BC714-99D7-8813-FD76-535AAA548B64} - C:\DOCUME~1\Samanel\DATOSD~1\knobwarn\Pure Body.exe (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.0.926.3450 \swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.5000.1021\es-la\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dl l
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\01.02.5000.1021\es-la\msntb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Norton-työkalurivi - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Archivos de programa\Archivos comunes\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\ARCHIV~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Archivos de programa\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [THotkey] C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Archivos de programa\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LtMoh] C:\Archivos de programa\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Archivos de programa\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelWireless] C:\Archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sonera] "C:\Archivos de programa\Sonera\InternetAvustaja\bin\sprtcmd.exe" /P Sonera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [TOSCDSPD] C:\Archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\********\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Archivos de programa\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibalatino.com
O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Archivos de programa\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://******.myphotoalbum.com/EasyUploadTool.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: wbsys.dll MsgPlusLoader.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Unknown owner - C:\Archivos de programa\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Archivos de programa\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Archivos de programa\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (sonera) (sprtsvc_sonera) - SupportSoft, Inc. - C:\Archivos de programa\Sonera\InternetAvustaja\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Archivos de programa\Archivos comunes\SupportSoft\bin\ssrc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Archivos de programa\Archivos comunes\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TME3SRV - IEC - C:\Archivos de programa\TOSHIBA\TOSHIBA Applet\tme3srv.exe

--
End of file - 17802 bytes
Elve is offline   Reply With Quote
Old 04-03-2009   #2
Tech Support Team
 
Crush's Avatar
 
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,666
PC Experience: Always Learning New Things
Default Re: My other computer's logs
Elve,

You have a fair bit of nasties to clean up.

Some things to keep in mind before we begin

1. This could turn out to be a long process if your system is very infected so please be patient with me
2. These instructions have been specifically custom tailored for your PC and your PC alone. Anyone else following these instructions risks damaging their PC.

There are a few steps we must complete before we can begin running some programs to get these nasty viruses off your PC.

Please do the following to begin with your disinfection:

Read this before moving on:
http://www.pchelpforum.com/new-hijac...tructions.html

After that:
Please follow these instructions in order, and thoroughly,
in order for our Security Team to assist you more quickly

Please note: It is common for a computer to appear free from malware even when the malware has not been completely removed. Even if your computer appears to be clean after following the PreWork, to avoid further problems, or even reinfection, please post the requested logs in order to have a Security Staff member verify that all traces are removed. Thank you for your cooperation.

First: read the following article, and follow suggestions/instructions if required

Warnings Regarding P2P Sharing Sites

Next Please Do the Following:


1. Set System and Hidden files and folders to show:

For Vista:
  • Click the (Vista Icon) and click on Computer.
  • Click Organize and click on Folder and Search Options.
  • Click on the View tab.
  • Un-check the Hide Protected Operating System Files (Recommended) box.
  • Under Hidden files and folders, click Show hidden files and folders.
  • If you see a warning message, click Yes.
  • Click Apply.
  • Click OK.
For XP:
  • Right-Click My Computer choose Explore, click on Tools, Folder Options.
  • Click the View tab.
  • Place a tick next to Display content of System folders, (answer OK to warnings)
  • Under Hidden files and folders, click Show hidden files and folders.
  • If you see a warning message, click Yes.
  • Click Apply.
  • Click OK.
For 98/2000/ME:
  • Double-click the My Computer icon
  • Click on the View menu, click Folder Options
  • Advanced Settings box, under the "Hidden files" folder, click Show all files.
  • If you see a warning message, click Yes.
  • Click Apply.
  • Click OK.


2. Disable System Restore to prevent re-infection.
(If you have/use it.)

Vista:
  • Click the (Vista Icon) and right click on Computer and select Properties.
  • Click on System Protection (click OK if you are prompted with a warning).
  • Un-check all of the boxes in the list of Available Disks for Automatic Restore Points.
  • Click Apply.
  • Click OK.
WinXP.
  • Click the Start button.
  • Right-click My Computer, and then click Properties.
  • On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
WinME.
  • Click Start > Settings > Control Panel.
  • Double-click the System icon.
  • If the System icon is not visible, click View all Control Panel options to display it.
  • On the Performance tab, click File System.
  • On the Troubleshooting tab check Disable System Restore.
  • Click OK. Click Yes when you are prompted to restart Windows.

Please do not follow any instructions from any user or staff member other than those listed in the Please Read Before Following Advice thread.
Also note as stated above, that we do not support the use of illegal software. If you have any type of illegal or cracked software installed, please un-install them as soon as possible. In the case of your operating system, please obtain a valid licensed copy. Read more here.

We have an excellent Security Team, and will take the time and effort to assist you according to your technical abilities. Please feel free to ask for any clarification, guidance or information that you may need. That's what we're here for.

After all that is done please follow up with the following:

Next, lets download ComboFix.exe. This will give me a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include C:\ComboFix.txt, and HJT log after running everything in your next reply.

After reading all that should you have any questions feel free to post back.
__________________
Crush aka Chris
[Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate]
I am in fact, quite cool. My graphing calculator confirms this
Crush is offline   Reply With Quote
Old 04-03-2009   #3
Bronze Member
 
Join Date: Jul 2008
Posts: 34
PC Experience: Some Experience
Default Re: My other computer's logs
Something really weird happened with the ComboFix. It gave some kind of error message (can't recall, it was in spanish and I only managed to read it once really fast), and the computer shut down.

It also said before it started scanning something like, "OS not compatible. Only compatible with 2000/XP".

Should I try again?

Elve
Elve is offline   Reply With Quote
Old 04-03-2009   #4
Tech Support Team
 
Crush's Avatar
 
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,666
PC Experience: Always Learning New Things
Default Re: My other computer's logs
Please try again, yes.
__________________
Crush aka Chris
[Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate]
I am in fact, quite cool. My graphing calculator confirms this
Crush is offline   Reply With Quote
Old 04-03-2009   #5
Bronze Member
 
Join Date: Jul 2008
Posts: 34
PC Experience: Some Experience
Default Re: My other computer's logs
When it restarted, it had the ComboFix running, and saying it'll give the logs soon.
So I'll be back with either the logs, or having to run another scan

Elve
Elve is offline   Reply With Quote
Old 04-03-2009   #6
Tech Support Team
 
Crush's Avatar
 
Join Date: Sep 2008
Location: Caldwell, New Jersey
Posts: 10,666
PC Experience: Always Learning New Things
Default Re: My other computer's logs
Great. Glad it's working now. Hopefully it will come up clean for you.
__________________
Crush aka Chris
[Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate]
I am in fact, quite cool. My graphing calculator confirms this
Crush is offline   Reply With Quote
Old 04-03-2009   #7
Bronze Member
 
Join Date: Jul 2008
Posts: 34
PC Experience: Some Experience
Default Re: My other computer's logs
Here it is:
ComboFix 09-04-01.01 - ******** 2009-04-03 21:20:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.3082.18.511.86 [GMT 3:00]
Running from: c:\documents and settings\********\Escritorio\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Datos de programa\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\********\err.log
c:\documents and settings\********\err.log
c:\windows\system32\stera.log

----- BITS: Possible infected sites -----

hxxp://sync.avustaja.sonera.fi
.
((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.

2009-04-03 21:17 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-03 15:46 . 2009-04-03 15:46 <DIR> d-------- c:\documents and settings\********\Datos de programa\Malwarebytes
2009-04-03 15:46 . 2009-04-03 15:46 <DIR> d-------- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2009-04-03 15:46 . 2009-04-03 15:46 <DIR> d-------- c:\archivos de programa\Malwarebytes' Anti-Malware
2009-04-03 15:46 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-03 15:46 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-25 20:22 . 2009-03-25 20:25 <DIR> d-------- c:\windows\.jagex_cache_32
2009-03-25 20:22 . 2009-03-25 20:25 34 --a------ c:\documents and settings\********\jagex_runescape_preferences.dat
2009-03-22 11:38 . 2009-03-22 11:49 <DIR> d-------- c:\documents and settings\All Users\Datos de programa\Knowledge Adventure
2009-03-22 11:37 . 2009-03-22 11:37 92 --a------ c:\windows\ka.ini
2009-03-22 11:36 . 2009-03-22 11:36 <DIR> d-------- c:\archivos de programa\Elävät Kirjat
2009-03-22 11:36 . 2009-03-22 11:36 <DIR> d-------- c:\archivos de programa\Archivos comunes\Knowledge Adventure
2009-03-14 21:21 . 2009-04-03 21:31 <DIR> d-------- c:\archivos de programa\Blue Coat K9 Web Protection
2009-03-14 02:48 . 2009-04-03 20:40 <DIR> d-------- c:\documents and settings\********\Tracing
2009-03-14 02:43 . 2009-02-06 19:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-03-14 02:29 . 2009-03-14 02:29 <DIR> d-------- c:\archivos de programa\Microsoft Sync Framework
2009-03-14 02:26 . 2006-11-29 14:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-03-14 02:25 . 2009-03-14 02:25 <DIR> d-------- c:\archivos de programa\Microsoft SQL Server Compact Edition
2009-03-14 02:18 . 2009-03-14 02:18 <DIR> d-------- c:\archivos de programa\Microsoft
2009-03-14 02:17 . 2009-03-14 02:17 <DIR> d-------- c:\archivos de programa\Windows Live SkyDrive
2009-03-13 16:02 . 2009-03-13 16:02 <DIR> d-------- c:\archivos de programa\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-04-03 18:33 --------- d-----w c:\documents and settings\********\Datos de programa\OpenOffice.org2
2009-04-03 18:31 --------- d-----w c:\archivos de programa\Archivos comunes\Symantec Shared
2009-04-03 15:00 --------- d-----w c:\archivos de programa\Norton Security Scan
2009-04-03 12:38 --------- d-----w c:\archivos de programa\LimeWire
2009-04-01 18:18 --------- d-----w c:\documents and settings\All Users\Datos de programa\Symantec
2009-04-01 08:48 --------- d-----w c:\archivos de programa\Java
2009-03-29 21:31 --------- d-----w c:\documents and settings\All Users\Datos de programa\DriverCure
2009-03-17 13:53 --------- d-----w c:\documents and settings\********\Datos de programa\Skype
2009-03-17 09:52 --------- d-----w c:\documents and settings\********\Datos de programa\skypePM
2009-03-14 17:46 --------- d-----w c:\archivos de programa\Archivos comunes\Adobe
2009-03-13 23:43 --------- d-----w c:\archivos de programa\Windows Live
2009-03-13 13:08 --------- d-----w c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2009-03-03 06:38 --------- d-----w c:\documents and settings\********\Datos de programa\ErrorFix
2009-02-26 14:07 --------- d-----w c:\archivos de programa\Microsoft Silverlight
2009-02-23 19:20 --------- d-----w c:\documents and settings\********\Datos de programa\DriverCure
2009-02-23 19:10 --------- d-----w c:\documents and settings\All Users\Datos de programa\ParetoLogic
2009-02-23 19:10 --------- d-----w c:\archivos de programa\ParetoLogic
2009-02-23 19:10 --------- d-----w c:\archivos de programa\Archivos comunes\ParetoLogic
2009-02-19 11:11 --------- d-----w c:\archivos de programa\Google
2009-02-07 17:36 --------- d--h--r c:\documents and settings\********\Datos de programa\SecuROM
2009-02-07 17:35 --------- d--h--w c:\archivos de programa\InstallShield Installation Information
2009-02-07 17:05 --------- d-----w c:\archivos de programa\KONAMI
2009-02-06 17:34 308,616 ----a-w c:\windows\WLXPGSS.SCR
2008-09-29 12:04 186 ----a-w c:\documents and settings\********\Datos de programa\wklnhst.dat
2008-01-10 19:20 32 ----a-w c:\documents and settings\All Users\Datos de programa\ezsid.dat
2007-10-14 12:51 198 ----a-w c:\documents and settings\********\Datos de programa\wklnhst.dat
2006-04-28 10:32 32 ----a-r c:\documents and settings\All Users\hash.dat
2006-04-24 10:01 334 ----a-w c:\documents and settings\********\Datos de programa\wklnhst.dat
2008-10-03 13:20 32,768 --sha-w c:\windows\system32\config\systemprofile\Configura ción local\Historial\History.IE5\MSHist0120081003200810 04\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TOSCDSPD"="c:\archivos de programa\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"MSMSGS"="c:\archivos de programa\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolba rNotifier.exe" [2007-10-31 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\********\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" [2008-11-13 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="c:\archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-15 344064]
"THotkey"="c:\archivos de programa\Toshiba\Toshiba Applet\thotkey.exe" [2005-08-10 356352]
"SoundMAXPnP"="c:\archivos de programa\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"LtMoh"="c:\archivos de programa\ltmoh\Ltmoh.exe" [2005-04-13 184320]
"SynTPLpr"="c:\archivos de programa\Synaptics\SynTP\SynTPLpr.exe" [2004-10-15 98394]
"SynTPEnh"="c:\archivos de programa\Synaptics\SynTP\SynTPEnh.exe" [2004-10-15 688218]
"SmoothView"="c:\archivos de programa\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 118784]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelWireless"="c:\archivos de programa\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"MessengerPlus3"="c:\archivos de programa\MessengerPlus! 3\MsgPlus.exe" [2006-05-04 190024]
"IVPServiceMgr"="c:\toshiba\ivp\ism\ivpsvmgr.e xe" [2003-10-20 475136]
"ccApp"="c:\archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="c:\archivos de programa\Archivos comunes\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Sonera"="c:\archivos de programa\Sonera\InternetAvustaja\bin\sprtcmd.exe" [2008-10-16 201976]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\archivos de programa\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\archivos de programa\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\archiv~1\ARCHIV~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\********\Men£ Inicio\Programas\Inicio\
OpenOffice.org 2.2.lnk - c:\archivos de programa\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

c:\documents and settings\********\Men£ Inicio\Programas\Inicio\
OpenOffice.org 2.2.lnk - c:\archivos de programa\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 22:27 110592 c:\archivos de programa\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 10:34 24576 c:\archiv~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Archivos de programa\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Archivos de programa\\Callserve\\Teléfono por Internet\\CS_Phone.exe"=
"c:\\Archivos de programa\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Archivos de programa\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\********\\Configuración local\\Datos de programa\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\********\\Configuración local\\Datos de programa\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Archivos de programa\\iTunes\\iTunes.exe"=
"c:\\Archivos de programa\\Bonjour\\mDNSResponder.exe"=
"c:\\Archivos de programa\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Archivos de programa\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Archivos de programa\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\Skype\\Phone\\Skype.exe"=

R2 OMSCAN;OMSCAN; [x]
R3 fsssvc;Windows Live Protección Infantil;c:\archivos de programa\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 mdxgthkn;mdxgthkn; [x]
S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-01-14 72992]
S2 bckwfs;Blue Coat K9 Web Protection;c:\archivos de programa\Blue Coat K9 Web Protection\k9filter.exe [2009-01-14 1078560]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssflt r_tdi.sys [2009-02-06 55152]
S2 SeaPort;SeaPort;c:\archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 sprtsvc_sonera;SupportSoft Sprocket Service (sonera);c:\archivos de programa\Sonera\InternetAvustaja\bin\sprtsvc.exe [2008-10-16 202016]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\archivo s de programa\Archivos comunes\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 101936]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - Arp1394
*Deregistered* - Ati HotKey Poller
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Automatic LiveUpdate Scheduler
*Deregistered* - bckd
*Deregistered* - bckwfs
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - CCALib8
*Deregistered* - ccEvtMgr
*Deregistered* - ccSetMgr
*Deregistered* - CFSvcs
*Deregistered* - CLTNetCnService
*Deregistered* - comHost
*Deregistered* - Compbatt
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - drvnddm
*Deregistered* - DVD-RAM_Service
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - EvtEng
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - fssfltr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - IntelIde
*Deregistered* - IpNat
*Deregistered* - iPod Service
*Deregistered* - IPSec
*Deregistered* - IWCA
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LiveUpdate Notice Ex
*Deregistered* - LiveUpdate Notice Service
*Deregistered* - LmHosts
*Deregistered* - meiudf
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netdevio
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NWCWorkstation
*Deregistered* - NwlnkIpx
*Deregistered* - NwlnkNb
*Deregistered* - NwlnkSpx
*Deregistered* - NWRDR
*Deregistered* - PartMgr
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RegSrvc
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - S24EventMonitor
*Deregistered* - s24trans
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - SeaPort
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - Spooler
*Deregistered* - sprtsvc_sonera
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - SRTSP
*Deregistered* - SRTSPX
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - ssrtln
*Deregistered* - stisvc
*Deregistered* - SupportSoft RemoteAssist
*Deregistered* - swenum
*Deregistered* - Swupdtmr
*Deregistered* - SYMDNS
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMIDSCO
*Deregistered* - SYMNDIS
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
*Deregistered* - TapiSrv
*Deregistered* - TAPPSRV
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - tfsnboio
*Deregistered* - tfsncofs
*Deregistered* - tfsndrct
*Deregistered* - tfsndres
*Deregistered* - tfsnifs
*Deregistered* - tfsnopio
*Deregistered* - tfsnpool
*Deregistered* - tfsnudf
*Deregistered* - tfsnudfa
*Deregistered* - Themes
*Deregistered* - tmcomm
*Deregistered* - TME3SRV
*Deregistered* - TrkWks
*Deregistered* - TVALD
*Deregistered* - Udfs
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{484058c0-13ea-11da-8126-806d6172696f}]
\Shell\AutoRun\command - D:\INSTALL.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8012a2e0-58ed-11dd-a045-0013ce4d6ba8}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8012a2e3-58ed-11dd-a045-0013ce4d6ba8}]
\Shell\AutoRun\command - E:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-03 c:\windows\Tasks\ABCD20809186DF40.job
- c:\docume~1\samanel\datosd~1\scrdas~1\DoesTimeBags .exe []

2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-29 c:\windows\Tasks\DriverCure.job
- c:\archivos de programa\ParetoLogic\DriverCure\DriverCure.exe [2009-01-21 08:38]

2009-04-01 c:\windows\Tasks\ErrorFix Scan.job
- c:\archivos de programa\ErrorFix\ErrorFix.exe []

2009-04-01 c:\windows\Tasks\ErrorFix Scan.job
- c:\archivos de programa\ErrorFix []

2009-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3828502506-700317707-656568747-1008.job
- c:\documents and settings\********\Configuraci []

2009-04-03 c:\windows\Tasks\Norton Security Scan for ********.job
- c:\archivos de programa\Norton Security Scan\Nss.exe [2008-09-19 05:18]

2009-04-03 c:\windows\Tasks\ParetoLogic Registration.job
- c:\archivos de programa\Archivos comunes\ParetoLogic\UUS2\UUS.dll [2009-01-21 08:36]

2009-03-29 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\archivos de programa\Archivos comunes\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 08:36]
.
- - - - ORPHANS REMOVED - - - -

BHO-{627BC714-99D7-8813-FD76-535AAA548B64} - c:\docume~1\Samanel\DATOSD~1\knobwarn\Pure Body.exe


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} - hxxp://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} - hxxp://********.myphotoalbum.com/EasyUploadTool.cab
FF - ProfilePath - c:\documents and settings\********\Datos de programa\Mozilla\Firefox\Profiles\cyi6fjmg.default \
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - component: c:\archivos de programa\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\archivos de programa\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\documents and settings\********\Datos de programa\Mozilla\plugins\npgoogletalk.dll
.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 21:32:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\O MSCAN]
"ImagePath"="\Sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
c:\archiv~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l
c:\archivos de programa\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\archivos de programa\Intel\Wireless\Bin\EvtEng.exe
c:\archivos de programa\Intel\Wireless\Bin\S24EvMon.exe
c:\archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe
c:\archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\archivos de programa\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\archivos de programa\Bonjour\mDNSResponder.exe
c:\archivos de programa\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Intel\Wireless\Bin\RegSrvc.exe
c:\archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\archivos de programa\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\archivos de programa\TOSHIBA\TOSHIBA Applet\tme3srv.exe
c:\archivos de programa\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\archivos de programa\Intel\Wireless\Bin\ZCfgSvc.exe
c:\archiv~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\ati2evxx.exe
c:\archivos de programa\TOSHIBA\ConfigFree\NDSTray.exe
c:\archivos de programa\OpenOffice.org 2.2\program\soffice.exe
c:\archivos de programa\OpenOffice.org 2.2\program\soffice.bin
c:\archivos de programa\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2009-04-03 21:40:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-03 18:40:23

Pre-Run: 21,358,907,392 bytes libres
Post-Run: 24,430,579,712 bytes libres

423 --- E O F --- 2009-03-12 18:05:11
Elve
Last edited by Elve; 04-03-2009 at 06:48 PM.
Elve is offline   Reply With Quote

Reply
Page 1 of 3 1 23

Bookmarks

Tags
computer, Fixed:, logs, [Fixed]
Similar discussions...
Thread Thread Starter Forum Replies Last Post
Computer's Datas!! Elit Memory 3 10-04-2008 05:58 AM
My computer's infected. Niblett [Fixed] Hijackthis! Logs 6 08-24-2008 01:50 AM
Pending: Changing computer's name... tuneguy Windows XP/2000 1 05-17-2008 02:46 PM
[Resolved] My computer's dying! BadWithComputers [Fixed] Hijackthis! Logs 10 11-25-2006 04:09 AM
[Fixed] #6 Work computer's HJT Log. Koshikat [Fixed] Hijackthis! Logs 7 01-10-2006 09:27 PM

« Weird amount of processes in TM | Laptop # 2 ... the neice's laptop... »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


Site Map - Top

All times are GMT. The time now is 09:22 AM.
Powered by vBulletin
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2