Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91734 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Livesecuritycenter problem


  • This topic is locked This topic is locked
41 replies to this topic

#16 Lammalord

Lammalord

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 08 April 2008 - 05:00 PM

Malwarebytes' Anti-Malware 1.11
Database version: 603

Scan type: Quick Scan
Objects scanned: 52242
Time elapsed: 27 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 37

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xflock (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PostInstallC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\XPdefender (Rogue.XPDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{91223de9-f8e6-4ffd-8889-be6784c18696} (Trojan.Conhook) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\T3duZXI (Malware.Trace) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\wumdafbe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebfadmuw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000090.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000070.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntnut32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\id53.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvtrpm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnnnkh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\ftpdll.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\ftpdll.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\svchost.exe.tmp (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58, on 2008-04-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XNeat Windows Manager\xnViewer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XNeat Windows Manager\XNeatWM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Spyware.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/user/Lammalord
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [XNeat Windows Manager] C:\Program Files\XNeat Windows Manager\xnViewer.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe (User '?')
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [XNeat Windows Manager] C:\Program Files\XNeat Windows Manager\xnViewer.exe /h (User '?')
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.pwnedlist...../Planet 2.jpg
O24 - Desktop Component 1: (no name) - http://www.pwnedlist.....ce Planet.jpg
O24 - Desktop Component 2: (no name) - http://www.pwnedlist.....ed Planet.jpg
O24 - Desktop Component 3: (no name) - http://www.pwnedlist...y_Lammalord.jpg
O24 - Desktop Component 4: (no name) - http://www.solarvoya...bution-1600.JPG
O24 - Desktop Component 5: (no name) - http://gallery.artof...ia_1024x768.jpg

--
End of file - 7849 bytes

    Advertisements

Register to Remove


#17 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 08 April 2008 - 05:03 PM

Do you know what these are?
O24 - Desktop Component 0: (no name) - http://www.pwnedlist...../Planet 2.jpg
O24 - Desktop Component 1: (no name) - http://www.pwnedlist.....ce Planet.jpg
O24 - Desktop Component 2: (no name) - http://www.pwnedlist.....ed Planet.jpg
O24 - Desktop Component 3: (no name) - http://www.pwnedlist...y_Lammalord.jpg
O24 - Desktop Component 4: (no name) - http://www.solarvoya...bution-1600.JPG
O24 - Desktop Component 5: (no name) - http://gallery.artof...ia_1024x768.jpg

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#18 Lammalord

Lammalord

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 08 April 2008 - 05:06 PM

yes, the pwnelist is an upload site my friend created and solarvoyager is a thead on space art, the last one is i belive a picture of a skull.. when my desktop does funny things to a picture when i set it as my backround i set it as a desktop icon rather than the backround. apperntly the 024 still appears on HijackThis even after the file has been removed from sight (in most cases a virus/problem with the computer did that, not me removing them) they can be removed if you want me to, but i also know they wont create any problems.

Edited by Lammalord, 08 April 2008 - 05:08 PM.


#19 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 08 April 2008 - 05:10 PM

I only see one item to fix.

Click Start > Run and type these commands hitting enter after each one:

sc stop SNDSrvc

sc delete SNDSrvc



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)

Close ALL windows and browsers except HijackThis and click "Fix checked"



Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#20 Lammalord

Lammalord

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 08 April 2008 - 05:14 PM

i dont see it.

#21 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 08 April 2008 - 05:15 PM

i dont see it.

OK. Just fix the 023 then.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#22 Lammalord

Lammalord

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 08 April 2008 - 05:16 PM

thats what i meant, i dont see the 023

#23 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 08 April 2008 - 05:18 PM

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#24 Lammalord

Lammalord

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 08 April 2008 - 05:31 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25, on 2008-04-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XNeat Windows Manager\xnViewer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XNeat Windows Manager\XNeatWM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\Spyware.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/user/Lammalord
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [XNeat Windows Manager] C:\Program Files\XNeat Windows Manager\xnViewer.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe (User '?')
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [XNeat Windows Manager] C:\Program Files\XNeat Windows Manager\xnViewer.exe /h (User '?')
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O24 - Desktop Component 0: (no name) - http://www.pwnedlist...../Planet 2.jpg
O24 - Desktop Component 1: (no name) - http://www.pwnedlist.....ce Planet.jpg
O24 - Desktop Component 2: (no name) - http://www.pwnedlist.....ed Planet.jpg
O24 - Desktop Component 3: (no name) - http://www.pwnedlist...y_Lammalord.jpg
O24 - Desktop Component 4: (no name) - http://www.solarvoya...bution-1600.JPG
O24 - Desktop Component 5: (no name) - http://gallery.artof...ia_1024x768.jpg

--
End of file - 7640 bytes


And i dont see any problems at the moment with my computer, thouse folders didn't re-appear (yay!) and i got to go to work. bye! and thanks a ton for the help.

#25 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 08 April 2008 - 05:34 PM

I think this is a infection.

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

C:\WINDOWS\system32\drivers\spools.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.


If Jotti is too busy you can try these.

http://www.kaspersky...anforvirus.html


http://www.virustota.../en/indexf.html

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#26 Lammalord

Lammalord

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 08 April 2008 - 05:43 PM

i thought that was.. most of these problems now are remiments of previous viruses/malware.. ill fix it when i get off work late tonight oh and for the reccord i belive it was Spy Doctor Trial that removed the initial problem of Livesecuritycenter.

#27 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 08 April 2008 - 05:44 PM

i thought that was..

most of these problems now are remiments of previous viruses/malware..

ill fix it when i get off work late tonight

oh and for the reccord i belive it was Spy Doctor Trial that removed the initial problem of Livesecuritycenter.

OK. We'll find out for sure. Have a good night.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#28 Lammalord

Lammalord

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 09 April 2008 - 12:24 AM

im geussing spools must be a problem, although it states its located in the drivers folder it is apperently not there... i tried a full search of my computer and came up with: C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe C:\WINDOWS\system32\spoolss.dll C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dllcache\spoolss.dll C:\WINDOWS\system32\dllcache\spoolsv.exe C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

Edited by Lammalord, 09 April 2008 - 12:31 AM.


#29 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 09 April 2008 - 05:38 AM

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.

Now see if you can see it there.


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a checkmark/tick in the box on the left side on these:

O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')

Close ALL windows and browsers except HijackThis and click "Fix checked"


Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#30 Lammalord

Lammalord

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 09 April 2008 - 07:31 AM

yes it still wasnt there..

the only other thing i could possible notice (in which has nothing to do with a virus) is that everytime i boot my computer i get an error saying "HP Assistant is not supported on this machine"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:28, on 2008-04-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\XNeat Windows Manager\xnViewer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XNeat Windows Manager\XNeatWM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\Spyware.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/user/Lammalord
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [XNeat Windows Manager] C:\Program Files\XNeat Windows Manager\xnViewer.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe (User '?')
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (User '?')
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [XNeat Windows Manager] C:\Program Files\XNeat Windows Manager\xnViewer.exe /h (User '?')
O4 - HKUS\S-1-5-21-861567501-413027322-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O24 - Desktop Component 0: (no name) - http://www.pwnedlist...../Planet 2.jpg
O24 - Desktop Component 1: (no name) - http://www.pwnedlist.....ce Planet.jpg
O24 - Desktop Component 2: (no name) - http://www.pwnedlist.....ed Planet.jpg
O24 - Desktop Component 3: (no name) - http://www.pwnedlist...y_Lammalord.jpg
O24 - Desktop Component 4: (no name) - http://www.solarvoya...bution-1600.JPG
O24 - Desktop Component 5: (no name) - http://gallery.artof...ia_1024x768.jpg

--
End of file - 7727 bytes

Edited by Lammalord, 09 April 2008 - 07:43 AM.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users