Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojans still on computer after using ComboFix


  • Please log in to reply

#1
AudreyS

AudreyS

    New Member

  • Member
  • Pip
  • 1 posts
The last time I had trouble with my PC I was told to use ComboFix which worked. Unfortunately, this time it removed the AntiVirus 2009, but my Avira AntiVir is still detecting trojans. Also, my main hard drive (Local Disk C) keeps getting toward low memory (like a little over 100 MB which is making it run slower). I noticed my camera will freeze when I try to put the pictures on the computer as well, not the C drive but another more spacious drive.

Here's the ComboFix logfile


ComboFix 09-07-22.01 - audrey 07/22/2009 18:07.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.635 [GMT -4:00]
Running from: c:\documents and settings\audrey\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Installer\3d380e.msi
c:\windows\Installer\3d380f.msp
c:\windows\Installer\3d3810.msp
c:\windows\Installer\3d3811.msp
c:\windows\Installer\3d3812.msp
c:\windows\Installer\3d3813.msp
c:\windows\Installer\3d3814.msp
c:\windows\Installer\3d3815.msp
c:\windows\Installer\3d3816.msp
c:\windows\Installer\3d3817.msp
c:\windows\syssvc.exe
c:\windows\system32\comrepl.exe
c:\windows\system32\iehelper.dll
c:\windows\system32\lsp.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISEXENG
-------\Legacy_ZESOFT


((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.

2009-07-22 21:16 . 2009-07-22 21:23 -------- d-----w- c:\documents and settings\audrey\Application Data\Reg Tool
2009-07-22 21:15 . 2009-07-22 21:15 -------- d-----w- c:\program files\Downloaded Installers
2009-07-22 20:49 . 2009-07-22 20:49 -------- d-----w- c:\program files\mmkbmj
2009-07-17 01:13 . 2009-07-17 01:16 -------- d-----w- c:\documents and settings\audrey\Local Settings\Application Data\Graboid
2009-07-17 01:12 . 2009-07-17 01:12 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
2009-07-13 03:30 . 2009-07-13 03:30 -------- d-----w- c:\documents and settings\audrey\Application Data\ZoomBrowser EX
2009-07-13 03:30 . 2009-07-13 03:30 -------- d-----w- c:\program files\CONEXANT
2009-07-12 17:25 . 2009-04-30 22:57 199192 ----a-w- c:\windows\system32\lvci1201278.dll
2009-07-10 01:10 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\audrey\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-10 01:10 . 2009-07-10 01:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-10 01:08 . 2009-07-10 01:08 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-04 21:07 . 2009-07-04 21:07 -------- d-----w- c:\program files\Common Files\Logitech
2009-07-04 21:07 . 2009-07-04 21:07 -------- d-----w- c:\documents and settings\audrey\Local Settings\Application Data\Downloaded Installations
2009-06-29 22:05 . 2009-06-29 22:11 -------- d-----w- c:\documents and settings\audrey\Application Data\MSN6
2009-06-23 15:24 . 2009-06-23 15:24 -------- d-----w- c:\documents and settings\audrey\Local Settings\Application Data\CANON_INC
2009-06-23 01:28 . 2009-06-23 01:28 -------- dc----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-06-23 01:24 . 2009-06-23 01:24 -------- d-----w- c:\program files\Common Files\Canon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 22:19 . 2009-05-01 00:53 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-07-22 22:19 . 2009-05-01 00:52 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-07-22 22:12 . 2009-05-01 01:15 -------- d-----w- c:\documents and settings\audrey\Application Data\Skype
2009-07-22 21:12 . 2009-05-01 01:17 -------- d-----w- c:\documents and settings\audrey\Application Data\skypePM
2009-07-13 03:35 . 2009-05-01 01:15 -------- d-----r- c:\program files\Skype
2009-07-13 03:27 . 2008-05-18 17:33 -------- d-----w- c:\program files\Google
2009-07-12 17:27 . 2009-05-01 00:55 -------- d-----w- c:\program files\Logitech
2009-07-12 17:26 . 2009-05-01 00:50 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-07-12 17:22 . 2009-05-01 00:55 -------- dc----w- c:\documents and settings\All Users\Application Data\Logishrd
2009-07-10 02:42 . 2009-04-06 23:17 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-10 02:42 . 2009-04-06 23:17 -------- d-----w- c:\program files\NOS
2009-07-10 01:13 . 2004-12-06 00:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-07 01:09 . 2008-11-09 22:42 1915520 -c--a-w- c:\documents and settings\audrey\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-01 17:08 . 2008-01-23 21:02 -------- d-----w- c:\program files\LimeWire
2009-07-01 16:53 . 2007-04-09 16:07 -------- d-----w- c:\documents and settings\audrey\Application Data\LimeWire
2009-06-23 01:31 . 2006-01-09 22:50 -------- d-----w- c:\program files\Canon
2009-06-16 14:55 . 2002-08-29 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2002-08-29 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-09 18:03 . 2009-05-09 20:00 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-03 19:27 . 2003-05-30 14:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 23:30 . 2008-06-19 20:42 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-14 21:28 . 2009-05-14 21:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 22:28 . 2009-05-13 22:28 152576 -c--a-w- c:\documents and settings\marie\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-09 22:48 . 2004-05-19 18:31 75128 -c--a-w- c:\documents and settings\audrey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 14:39 . 2009-05-08 14:39 296208 -c--a-w- c:\documents and settings\All Users\Application Data\Logishrd\LQCVFX\Filters\VMSEF.dll
2009-05-08 14:36 . 2009-05-08 14:36 6781200 -c--a-w- c:\documents and settings\All Users\Application Data\Logishrd\LQCVFX\Filters\MMSEF.dll
2009-05-08 14:13 . 2009-05-08 14:13 13584 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2009-05-07 15:44 . 2002-08-29 10:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-05-01 01:17 . 2009-05-01 01:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-01 01:00 . 2009-05-01 01:00 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-04-30 23:03 . 2009-05-01 00:51 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2009-04-30 23:03 . 2009-05-01 00:53 6754712 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2009-04-30 23:02 . 2009-05-01 00:53 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2009-04-30 23:02 . 2009-05-01 00:53 539160 ----a-w- c:\windows\system32\LVUI2.dll
2009-04-30 23:01 . 2009-05-01 00:52 265496 ----a-w- c:\windows\system32\drivers\lvrs.sys
2009-04-30 22:57 . 2009-05-01 00:53 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2009-04-30 22:39 . 2009-05-01 00:52 34068 ----a-w- c:\windows\system32\Repository.reg
2009-04-30 20:00 . 2009-04-30 20:00 25624 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2009-04-29 04:56 . 2004-02-06 22:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2007-08-06 23:22 . 2007-08-06 23:22 559856 -c--a-w- c:\program files\WindowsXP-KB906569-v2-x86-ENU.exe
2005-01-15 16:19 . 2005-01-15 16:19 6427630 -c--a-w- c:\program files\photoshop_album_SE_2_0_1_E.zip
2007-01-16 22:10 . 2007-01-14 23:16 88 --sh--r- c:\windows\SYSTEM32\CF10A48B1D.sys
2007-01-16 22:34 . 2007-01-14 23:16 2828 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"Reg Tool"="E:\Reg Tool.exe" [2009-07-21 37491976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 135168]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 53248]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-14 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

c:\documents and settings\audrey\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-9-15 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-4-30 66864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/1/2008 1:00 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
Contents of the 'Scheduled Tasks' folder

2009-07-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2004-05-19 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 07:56]

2009-07-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-07-22 c:\windows\Tasks\Reg Tool Scan.job
- E:\Reg Tool.exe [2009-07-21 19:22]
.
- - - - ORPHANS REMOVED - - - -

BHO-{9FA4F5A4-CBC6-454a-A170-82D954252EF6} - c:\windows\system32\iehelper.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &Search - ?p=ZJxdm090YYUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to White List - c:\program files\ADVANCED SEARCHBAR\addtolist.js
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Delete from White List - c:\program files\ADVANCED SEARCHBAR\delfromlist.js
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 18:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000003671297561615DA370

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2312)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\SYSTEM32\PSIService.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-07-22 18:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-22 22:36
ComboFix2.txt 2008-06-26 19:19

Pre-Run: 191,795,200 bytes free
Post-Run: 455,344,128 bytes free

223 --- E O F --- 2009-07-22 21:41





Can someone please tell me what to do next? Fast response is much appreciated.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP