Jump to content

Think my

davisdrafting
 Share

Recommended Posts

davisdrafting

davisdrafting

Posted
Posted

The hard drive light has been working overtime.

OS Win. XP 64 BIT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:49:11 PM, on 1/12/2010

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\CAD\SolidWorks\swScheduler\swBOEngine.exe

C:\Program Files (x86)\VIA\VIAudioi\HDADeck\HDeck.exe

C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\Java\jre6\bin\jqs.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SolidWorksLicTemp.0001

C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Desktop\New Folder\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [VIAJDS] "C:\Program Files (x86)\VIA\VIAudioi\HDADeck\VIAJDS.exe"

O4 - HKLM\..\Run: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\HDADeck\HDeck.exe" 1

O4 - HKLM\..\Run: [six Engine] "C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe" -b

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\CAD\SolidWorks\swScheduler\swBOEngine.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1258166901409

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)

O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files (x86)\Java\jre6\bin\jqs.exe

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)

O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)

O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--

End of file - 5969 bytes

Link to post
Share on other sites
davisdrafting

davisdrafting

Posted
  • Author
Posted

Avira AntiVir Personal

Report file date: Wednesday, January 13, 2010 19:20

Scanning for 1528331 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP 64 Bit

Windows version : (Service Pack 2) [5.2.3790]

Boot mode : Normally booted

Username : SYSTEM

Computer name : AMD-PHENOM

Version information:

BUILD.DAT : 9.0.0.418 21723 Bytes 12/2/2009 16:28:00

AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 19:26:33

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:35:52

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 03:14:40

VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 03:14:40

VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 03:14:41

VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 03:14:41

VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 03:14:41

VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 03:14:41

VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 03:14:42

VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 03:14:42

VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 03:14:42

VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 03:14:42

VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 03:14:42

VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 03:14:43

VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 03:14:45

VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 03:14:47

VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 03:14:53

VBASE016.VDF : 7.10.1.224 183296 Bytes 12/14/2009 03:14:54

VBASE017.VDF : 7.10.1.247 182272 Bytes 12/15/2009 03:14:57

VBASE018.VDF : 7.10.2.30 198144 Bytes 12/21/2009 03:14:59

VBASE019.VDF : 7.10.2.63 187392 Bytes 12/24/2009 03:15:02

VBASE020.VDF : 7.10.2.93 195072 Bytes 12/29/2009 03:15:06

VBASE021.VDF : 7.10.2.131 201216 Bytes 1/7/2010 03:15:09

VBASE022.VDF : 7.10.2.158 192000 Bytes 1/11/2010 03:15:13

VBASE023.VDF : 7.10.2.159 2048 Bytes 1/11/2010 03:15:13

VBASE024.VDF : 7.10.2.160 2048 Bytes 1/11/2010 03:15:14

VBASE025.VDF : 7.10.2.161 2048 Bytes 1/11/2010 03:15:14

VBASE026.VDF : 7.10.2.162 2048 Bytes 1/11/2010 03:15:15

VBASE027.VDF : 7.10.2.163 2048 Bytes 1/11/2010 03:15:15

VBASE028.VDF : 7.10.2.164 2048 Bytes 1/11/2010 03:15:15

VBASE029.VDF : 7.10.2.165 2048 Bytes 1/11/2010 03:15:15

VBASE030.VDF : 7.10.2.166 2048 Bytes 1/11/2010 03:15:16

VBASE031.VDF : 7.10.2.180 184320 Bytes 1/13/2010 03:15:18

Engineversion : 8.2.1.134

AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 15:38:52

AESCRIPT.DLL : 8.1.3.7 594296 Bytes 1/14/2010 03:15:43

AESCN.DLL : 8.1.3.0 127348 Bytes 1/14/2010 03:15:41

AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 15:38:44

AERDL.DLL : 8.1.3.4 479605 Bytes 1/14/2010 03:15:39

AEPACK.DLL : 8.2.0.4 422263 Bytes 1/14/2010 03:15:36

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 15:38:38

AEHEUR.DLL : 8.1.0.194 2228599 Bytes 1/14/2010 03:15:32

AEHELP.DLL : 8.1.9.0 237943 Bytes 1/14/2010 03:15:25

AEGEN.DLL : 8.1.1.83 369014 Bytes 1/14/2010 03:15:22

AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 15:38:26

AECORE.DLL : 8.1.9.1 180598 Bytes 1/14/2010 03:15:20

AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 15:38:20

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:47:59

AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 23:14:02

AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 22:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 23:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 23:39:58

RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 20:25:47

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files (x86)\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+PCK,+PFS,+SPR,

Start of the scan: Wednesday, January 13, 2010 19:20

Starting search for hidden objects.

The driver could not be initialized.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'CCC.exe' - '0' Module(s) have been scanned

Scan process 'MOM.exe' - '0' Module(s) have been scanned

Scan process 'SolidWorksLicensing.exe' - '1' Module(s) have been scanned

Scan process 'SolidWorksLicTemp.0001' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '0' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned

Scan process 'FourEngine.exe' - '1' Module(s) have been scanned

Scan process 'HDeck.exe' - '1' Module(s) have been scanned

Scan process 'VIAJDS.exe' - '0' Module(s) have been scanned

Scan process 'swBOEngine.exe' - '1' Module(s) have been scanned

Scan process 'ipoint.exe' - '0' Module(s) have been scanned

Scan process 'explorer.exe' - '0' Module(s) have been scanned

Scan process 'spoolsv.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'lsass.exe' - '0' Module(s) have been scanned

Scan process 'services.exe' - '0' Module(s) have been scanned

Scan process 'winlogon.exe' - '0' Module(s) have been scanned

Scan process 'csrss.exe' - '0' Module(s) have been scanned

Scan process 'smss.exe' - '0' Module(s) have been scanned

15 processes with 15 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '42' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Documents and Settings\Administrator\Local Settings\Temp\EULA.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.NSIS.Y dropper

C:\Documents and Settings\Administrator\Local Settings\Temp\HouseCall\log\8931A368-3C23-41CB-BD65-5C6E98989593\backup\27

[0] Archive type: HIDDEN

--> FIL\\\?\C:\Documents and Settings\Administrator\Local Settings\Temp\HouseCall\log\8931A368-3C23-41CB-BD65-5C6E98989593\backup\27

[DETECTION] Is the TR/Keygen.BM Trojan

Beginning disinfection:

C:\Documents and Settings\Administrator\Local Settings\Temp\EULA.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.NSIS.Y dropper

[NOTE] The file was moved to '4b9a9e28.qua'!

C:\Documents and Settings\Administrator\Local Settings\Temp\HouseCall\log\8931A368-3C23-41CB-BD65-5C6E98989593\backup\27

[NOTE] The file was moved to '4baa9e43.qua'!

End of the scan: Wednesday, January 13, 2010 20:30

Used time: 50:36 Minute(s)

The scan has been done completely.

7905 Scanned directories

995221 Files were scanned

2 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

2 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

995218 Files not concerned

5744 Archives were scanned

1 Warnings

3 Notes

Link to post
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.