| Fish Tank Clan :: Forums :: General Forums :: Tech Support |
|
« Previous topic | Next topic » |
| ComboFix Log | ||
| Author | Post | ||
| Zero |
|
||
I want to fuck your hand.
Registered Member #571
Joined: Thu Feb 15 2007, 09:59PMPosts: 2809 |
Sorry I took so long, it's running like shit as I've said... thanks for being patient Cha Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:24:53, on 9/22/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C: \WINDOWS\system32\winlogon.exe C: \WINDOWS\system32\services.exe C: \WINDOWS\system32\lsass.exe C: \WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C: \WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C: \Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = -[link]- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = -[link]- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = -[link]- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = -[link]- R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = -[link]- O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: {2fdfa168-1d09-c42b-3074-a55d017fe51e} - {e15ef710-d55a-4703-b24c-90d1861afdf2} - C:\WINDOWS\system32\eyhexz.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [BMa7c417fb] Rundll32.exe "C:\WINDOWS\system32\rguydesl.dll",s O4 - HKLM\..\Run: [a4f72467] rundll32.exe "C:\WINDOWS\system32\wtrrigyp.dll",b O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [infoappapl] C:\WINDOWS\system32\dofyfmhg.exe O4 - HKCU\..\RunOnce: [SpybotDeletingB4626] command /c del "C:\WINDOWS\system32\rguydesl.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD8404] cmd /c del "C:\WINDOWS\system32\rguydesl.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB1921] command /c del "C:\Documents and Settings\Justin\Local Settings\Temp\x.ico" O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O8 - Extra context menu item: E&xport to Microsoft Excel - -[link]- O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: ssqPjkLb - C:\WINDOWS\ O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- End of file - 5803 bytes |
||
| Back to top |
|
||
| b4ndito |
|
||
b4ndito
Registered Member #958
Joined: Fri Jan 04 2008, 06:59AMPosts: 3385 |
Tl;Dr | ||
| Back to top |
|
||
| Cha Siew Bao |
|
||
Registered Member #133
Joined: Sat Jan 21 2006, 09:03PMPosts: 198 |
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = -[link]- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = -[link]- R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = -[link]- O2 - BHO: {2fdfa168-1d09-c42b-3074-a55d017fe51e} - {e15ef710-d55a-4703-b24c-90d1861afdf2} - C:\WINDOWS\system32\eyhexz.dll O4 - HKLM\..\Run: [BMa7c417fb] Rundll32.exe "C:\WINDOWS\system32\rguydesl.dll",s O4 - HKLM\..\Run: [a4f72467] rundll32.exe "C:\WINDOWS\system32\wtrrigyp.dll",b O4 - HKLM\..\Run: [Antivirus] C:\Program Files\SAV\sav.exe O4 - HKCU\..\Run: [infoappapl] C:\WINDOWS\system32\dofyfmhg.exe O20 - Winlogon Notify: ssqPjkLb - C:\WINDOWS\ Have HJT Fix those Disable spybots teatimer and reboot to see if you can't get rid of these without using HJT O4 - HKCU\..\RunOnce: [SpybotDeletingB4626] command /c del "C:\WINDOWS\system32\rguydesl.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingD8404] cmd /c del "C:\WINDOWS\system32\rguydesl.dll_old" O4 - HKCU\..\RunOnce: [SpybotDeletingB1921] command /c del "C:\Documents and Settings\Justin\Local Settings\Temp\x.ico" Because if they are still there, you gotta boot up cmd prompt and delete those files (x.ico, rguydesl.dll_old) by hand. other than that you're looking a lot better |
||
| Back to top |
|
||
| Zero |
|
||
|
I want to fuck your hand.
Registered Member #571
Joined: Thu Feb 15 2007, 09:59PM Posts: 2809 |
Disabled Resident, but I didn't see Teatimer on it anywhere Computer sounds better, and is running much better. The files didn't come back in in a follow up log, so I feel they are gone for good. I'm gonna run all my scanners after I reboot and see if there is any trace of anything anymore. Thanks so much Cha, I think I don't even have to reformat!! I owe you big time. so in a totally non-gay and serious fashion, if you need anything just let me know Cha, I can't thank you enough. |
||
| Back to top |
|
||
| Cha Siew Bao |
|
||
|
Registered Member #133
Joined: Sat Jan 21 2006, 09:03PM Posts: 198 |
yap np, few things before i go watch a movie with the lady friend 1) RegistryBooster is iffy, alot of people consider it bullshit so if it asks you to pay just uninstall immediately 2) the problem came from System AntiVirus (SAV.exe), don't click yes next time those things come up saying "click here to clean, compy is infected etc tec" you probably did it by accident 3) for you and anyone else reading this DO NOT RUN COMBOFIX UNLESS SOMEONE TELLS YOU TO AND/OR YOU HAVE RUN THE OTHER PROGRAMS FIRST (smitfraud/sd/hjt/etc) Thas all, good to see your compy is ok now. Keep up with avg & Spybot S/D and you should be ok nite |
||
| Back to top |
|
||
| Rusty |
|
||
FTS Server Op
Registered Member #159
Joined: Wed Mar 01 2006, 06:33PMPosts: 2682 |
cha has azn hax!!! | ||
| Back to top |
|
||
Powered by e107 Forum System
|
|