Support Forum for TrojanHunter anti-malware remover and other products, including freeware

Welcome, Guest. Please Login or Register.

Search

Members

Login

Register

   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   help please

« Previous topic | Next topic »

Pages: 1 2 3 4

Notify of replies

Send Topic

Author

Topic: help please (Read 4385 times)

Thomas
Full Member

Gender:

Posts: 233

help please
« on: Nov 7^th, 2008, 4:24pm »

Quote

Modify

im on my mom desktop computer and here the log

ComboFix 08-11-07.01 - HP_Owner 2008-11-07 17:05:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.193 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.

2008-11-06 17:32 . 2008-06-10 02:3273,728--a------c:\windows\system32\javacpl.cpl
2008-11-04 13:40 . 2008-11-04 13:40940,794--a------c:\windows\system32\LoopyMusic.wav
2008-11-04 13:40 . 2008-11-04 13:40146,650--a------c:\windows\system32\BuzzingBee.wav
2008-10-29 17:29 . 2008-10-29 17:29<DIR>d--------c:\documents and settings\All Users\Application Data\Winferno
2008-10-29 17:24 . 2008-10-29 17:24<DIR>d--------c:\program files\Winferno
2008-10-29 17:24 . 2008-11-05 17:50<DIR>d--------c:\documents and settings\HP_Owner\Application Data\SmartShopper
2008-10-29 17:24 . 2006-10-09 11:28835,584--a------c:\windows\system32\WINCTL4.OCX
2008-10-29 17:24 . 2006-10-09 12:06495,616--a------c:\windows\system32\WINUTIL5.DLL
2008-10-29 17:24 . 2006-05-17 07:40393,216--a------c:\windows\system32\WINLCTL5.DLL
2008-10-29 17:23 . 2008-10-29 17:24<DIR>d--------c:\program files\SmartShopper
2008-10-29 17:23 . 2008-10-29 17:24<DIR>d--------c:\program files\My.Freeze.com Toolbar with NetAssistant
2008-10-21 14:48 . 2008-10-21 14:481,409--a------c:\windows\system32\tmpD32F1.FOT
2008-10-21 14:48 . 2008-10-21 14:481,409--a------c:\windows\system32\tmpD12F1.FOT
2008-10-21 14:48 . 2008-10-21 14:481,409--a------c:\windows\system32\tmpB62F1.FOT
2008-10-21 14:48 . 2008-10-21 14:481,409--a------c:\windows\system32\tmpA92F1.FOT
2008-10-21 14:48 . 2008-10-21 14:481,409--a------c:\windows\system32\tmp9D2F1.FOT
2008-10-21 14:48 . 2008-10-21 14:481,409--a------c:\windows\system32\tmp8F2F1.FOT
2008-10-15 20:52 . 2008-10-15 20:52<DIR>d----c---C:\58d91552cbe36ad9db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 22:32---------d-----wc:\program files\Java
2008-11-06 04:205,380----a-wc:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2008-10-15 16:57332,800----a-wc:\windows\system32\dllcache\netapi32.dll
2008-09-21 09:02---------d-----wc:\program files\NOS
2008-09-21 09:02---------d-----wc:\documents and settings\All Users\Application Data\NOS
2008-09-20 22:03---------d-----wc:\program files\Common Files\Adobe AIR
2008-09-20 22:02---------d-----wc:\program files\Common Files\Adobe
2008-09-18 06:53---------d-----wc:\program files\Winamp
2008-09-15 11:571,846,016----a-wc:\windows\system32\win32k.sys
2008-09-15 11:571,846,016----a-wc:\windows\system32\dllcache\win32k.sys
2008-09-10 21:53---------d-----wc:\program files\PokerStars
2008-08-28 10:04333,056----a-wc:\windows\system32\dllcache\srv.sys
2008-08-27 14:4110,520----a-wc:\windows\system32\avgrsstx.dll
2008-08-19 09:3018,432----a-wc:\windows\system32\dllcache\iedw.exe
2008-08-19 09:20351,744----a-wc:\windows\system32\SET256.tmp
2008-08-14 10:002,180,352----a-wc:\windows\system32\dllcache\ntoskrnl.exe
2008-08-14 09:582,136,064----a-wc:\windows\system32\ntoskrnl.exe
2008-08-14 09:582,136,064----a-wc:\windows\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51138,368----a-wc:\windows\system32\dllcache\afd.sys
2008-08-14 09:222,057,728----a-wc:\windows\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:222,015,744----a-wc:\windows\system32\ntkrnlpa.exe
2008-08-14 09:222,015,744----a-wc:\windows\system32\dllcache\ntkrpamp.exe
2005-01-07 19:20278,528----a-wc:\program files\internet explorer\plugins\PanoViewer.dll
2005-01-07 19:20143,360----a-wc:\program files\internet explorer\plugins\UPjpeg.dll
2005-08-25 01:0222--sha-wc:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 253,952 2004-10-14 20:54:32 c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe
----a-w 253,952 2004-10-14 20:54:32 c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

----a-w 67,112 2006-08-01 19:35:36 c:\program files\AIM\bak\aim.exe

----a-w 163,576 2006-10-17 01:30:58 c:\program files\Google\GoogleToolbarNotifier\1.2.908.5008\bak\GoogleToolbarNotifie r.exe

----a-w 245,760 2005-02-26 05:34:02 c:\program files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
----a-w 245,760 2005-02-26 05:34:02 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

----a-w 229,952 2006-09-12 05:58:54 c:\program files\iTunes\bak\iTunesHelper.exe

----a-w 49,263 2006-10-12 08:10:54 c:\program files\Java\jre1.5.0_09\bin\bak\jusched.exe

----a-w 282,624 2006-09-01 19:57:48 c:\program files\QuickTime\bak\qttask.exe
----a-w 98,304 2005-05-26 23:39:13 c:\program files\QuickTime\qttask.exe

----a-w 176,128 2005-05-19 21:59:03 c:\program files\Walgreens\Walgreens PhotoShow\data\Xtras\bak\mssysmgr.exe
----a-w 176,128 2005-05-19 21:59:03 c:\program files\Walgreens\Walgreens PhotoShow\data\Xtras\mssysmgr.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"= "c:\program files\My.Freeze.com Toolbar with NetAssistant\NetAssistant.dll" [2008-10-01 253048]

[HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2008-10-01 11:02253048--a------c:\program files\My.Freeze.com Toolbar with NetAssistant\NetAssistant.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D0523BB4-21E7-11DD-9AB7-415B56D89593}"= "c:\program files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll" [2008-10-01 1916024]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D0523BB4-21E7-11DD-9AB7-415B56D89593}"= "c:\program files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll" [2008-10-01 1916024]

[HKEY_CLASSES_ROOT\clsid\{d0523bb4-21e7-11dd-9ab7-415b56d89593}]
[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB00001.TBSB00001]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-11-14 8716288]
"PhotoShow Deluxe Media Manager"="c:\progra~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe" [2005-05-19 176128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-26 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-05-26 98304]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-07 176128]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"MyWebSearch Plugin"="c:\progra~1\MYWEBS~2\bar\4.bin\M3PLUGIN.DLL" [N/A]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-11-14 8716288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-10-17 960032]
Smart Wizard Wireless Settings.lnk - c:\program files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe [2007-01-11 1056864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-28 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-28 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-27 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2006-03-27 167808]
.
Contents of the 'Scheduled Tasks' folder

2008-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2007-03-12 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 20:04]

2008-10-25 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - HP_Owner.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe []

2008-11-07 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2008-10-28 13:48]

2008-11-07 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2008-10-28 13:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
BHO-{8373D48E-48E7-4661-99BD-88F55DB43A13} - c:\windows\system32\pmnnm.dll
BHO-{e16662cc-aa9a-479c-8716-03b59caacbc9} - c:\windows\system32\fifgsbbg.dll
Notify-opnonmk - opnonmk.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q305 &bd=pavilion&pf=desktop
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=Q305&b d=pavilion&pf=desktop
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q305 &bd=pavilion&pf=desktop
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 -: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt024YYU S
O8 -: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 -: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7} - c:\program files\SmartShopper\Bin\2.5.0\SmrtShpr.dll

O16 -: {59F156FC-9BC4-11D5-B0A5-0060085A719D} - hxxp://opal.pascocountyfl.net/permit/opalplayerx5.cab
c:\windows\Downloaded Program Files\CONFLICT.1\opalplayerx5.inf
c:\windows\system32\msvcrt.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\olepro32.dll
c:\windows\Downloaded Program Files\CONFLICT.1\Opalplayerx5.ocx

O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
c:\windows\Downloaded Program Files\OberonGameHost.dll

O16 -: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
c:\windows\Downloaded Program Files\imikimi.inf
.

************************************************************************ **

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-07 17:11:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************************************ **
.
Completion time: 2008-11-07 17:17:56
ComboFix-quarantined-files.txt 2008-11-07 22:17:34

Pre-Run: 107,339,063,296 bytes free
Post-Run: 107,499,597,824 bytes free

194--- E O F ---2008-10-24 07:01:53

IP Logged

Windows 7 Home Premium (64 Bit)
Yahoo! Messenger Version 11.0.0 Build 2014
Y!TunnelPro Version 2.6 Build 736
YTK Enhanced Version 2.6 Build 108
Mozilla Firefox Version 8.0 (Beta)
Internet Explorer Version 9.0.8112.16421
TrojanHunter Version 5.3 Build 994
HijackThis Version 2.0 Build 4
Wireless
avast! Free Antivirus
Malwarebytes' Anti-Malware
SUPERAntiSpyware Professional

Thomas
Full Member

Gender:

Posts: 233

Re: help please
« Reply #1 on: Nov 7^th, 2008, 4:24pm »

Quote

Modify

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:24 PM, on 11/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=Q305&bd=pavilion&pf=desktop
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\NetAssistant.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\NetAssistant.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: My.Freeze.com Toolbar - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~2\bar\4.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt024YYU S
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm (HKCU)
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - http://opal.pascocountyfl.net/permit/opalplayerx5.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10766 bytes

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7357

Re: help please
« Reply #2 on: Nov 7^th, 2008, 10:21pm »

Quote

Modify

Please do the following:

1. Run another Hijackthis scan. When the scan is completed, place a check mark in the box next to the following items. BE SURE that these are the only items checked.

R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\NetAssistant.dll

O2 - BHO: NetAssistantBHO - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\NetAssistant.dll

O3 - Toolbar: My.Freeze.com Toolbar - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~2\bar\4.bin\M3PLUGIN.DLL,UPF

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt024YYU S

O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll

2. Close your browser

3. Click on Fix Checked located at the lower left of the Hijackthis window. Confirm that you want Hijackthis to fix these items and let it fix them.

4. Close Hijackthis and immediately reboot.

5. Post back here a new Hijackthis scan log.

6. Also state whether you are experiencing any problems.

IP Logged

______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.

Thomas
Full Member

Gender:

Posts: 233

Re: help please
« Reply #3 on: Nov 7^th, 2008, 11:35pm »

Quote

Modify

Quote:

here is my log on my pc and i know i got no threats on my pc so imgoing post a log just to be sure

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:41 AM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.5\YTPro.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\divxsm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Y!TunnelPro] C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.5\YTPro.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/cli ent/muweb_site.cab?1224749584484
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5084 bytes

and my mom pc is off i do not know the password for it so im going have to wait tell my mom turn it back on

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7357

Re: help please
« Reply #4 on: Nov 7^th, 2008, 11:42pm »

Quote

Modify

The Hijackthis log of your system is not showing anything malicious.

Okay on your Mom's computer. Holler back when you are ready. Wink

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: help please
« Reply #5 on: Nov 7^th, 2008, 11:43pm »

Quote

Modify

you get my message about those to screen shots

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7357

Re: help please
« Reply #6 on: Nov 7^th, 2008, 11:44pm »

Quote

Modify

Yep, will respond via reply PM Wink

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: help please
« Reply #7 on: Nov 7^th, 2008, 11:46pm »

Quote

Modify

when i run combofix the frist time it found alot the 2 time none and my Hijackthis log it found few

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7357

Re: help please
« Reply #8 on: Nov 7^th, 2008, 11:53pm »

Quote

Modify

Quote:

when i run combofix the frist time it found alot the 2 time none and my Hijackthis log it found few

I assume that you are referring to your mom's 'puter, eh?

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: help please
« Reply #9 on: Nov 7^th, 2008, 11:57pm »

Quote

Modify

on Nov 7^th, 2008, 11:53pm, siliconman01 wrote:

I assume that you are referring to your mom's 'puter, eh?

yea

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7357

Re: help please
« Reply #10 on: Nov 8^th, 2008, 12:22am »

Quote

Modify

Okay...holler back when you are back on your mom's computer.

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: help please
« Reply #11 on: Nov 8^th, 2008, 10:04am »

Quote

Modify

this log is from my mom pc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:14 AM, on 11/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US& amp;c=Q305&bd=pavilion&pf=desktop
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" �-osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca, C=US\IEButton\support.htm (HKCU)
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {59F156FC-9BC4-11D5-B0A5-0060085A719D} (Opalplayerx5 Control) - http://opal.pascocountyfl.net/permit/opalplayerx5.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10159 bytes

« Last Edit: Nov 8^th, 2008, 10:16am by Thomas »

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: help please
« Reply #12 on: Nov 8^th, 2008, 10:56am »

Quote

Modify

here is my combofix log for my pc

ComboFix 08-11-07.01 - Compaq_Owner 2008-11-08 11:22:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.51 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\brreukis.ini
c:\windows\system32\dfeKlnpo.ini
c:\windows\system32\dfeKlnpo.ini2
c:\windows\system32\efcBTLfE.dll
c:\windows\system32\EfLTBcfe.ini
c:\windows\system32\EfLTBcfe.ini2
c:\windows\system32\eyqrolgk.dll
c:\windows\system32\gmoypd.dll
c:\windows\system32\jclhwvrc.dll
c:\windows\system32\jxnutq.dll
c:\windows\system32\kglorqye.ini
c:\windows\system32\mtcunz.dll
c:\windows\system32\pmnnmkLe.dll
c:\windows\system32\sikuerrb.dll
c:\windows\system32\srglvlfq.ini
c:\windows\system32\ssqPjgFu.dll
c:\windows\system32\tacgitof.dll
c:\windows\system32\tlchcrvf.dll
c:\windows\system32\tuvUKCTN.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))
.

2008-11-02 20:21 . 2008-11-02 20:24273--ah-----c:\windows\sysdata.dat
2008-11-02 20:17 . 2008-11-02 20:20289--ah-----c:\windows\winshell.dat
2008-11-02 20:14 . 2008-11-02 20:17315--ah-----c:\windows\wininf.dat
2008-11-02 20:10 . 2008-11-02 20:13268--ah-----c:\windows\sysreg.dat
2008-11-01 09:49 . 2008-11-01 09:49<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\DivX
2008-11-01 09:18 . 2008-11-01 09:41<DIR>d--------c:\program files\DivX
2008-11-01 09:17 . 2008-11-01 09:17<DIR>d--------c:\program files\AC3Filter
2008-11-01 09:17 . 2008-07-09 03:05421,888--a------c:\windows\system32\ac3filter.acm
2008-10-30 20:20 . 2008-10-30 20:20<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\Windows Search
2008-10-24 23:38 . 2008-10-24 23:38<DIR>d--------c:\windows\Sun
2008-10-24 07:01 . 2008-10-24 07:01<DIR>d--------c:\program files\Common Files\Adobe Systems Shared
2008-10-23 22:20 . 2008-10-15 11:34337,408--a------c:\windows\system32\dllcache\netapi32.dll
2008-10-23 22:16 . 2007-07-30 18:19271,224--a------c:\windows\system32\mucltui.dll
2008-10-23 22:16 . 2007-07-30 18:1930,072--a------c:\windows\system32\mucltui.dll.mui
2008-10-23 06:42 . 2008-10-23 06:42<DIR>d--------c:\program files\Yahoo!
2008-10-23 06:42 . 2008-10-23 06:44<DIR>d--------c:\documents and settings\All Users\Application Data\Yahoo!
2008-10-23 06:41 . 2008-10-23 06:41<DIR>d--------c:\program files\Trend Micro
2008-10-23 06:15 . 2008-10-23 06:15<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\Digital Asphyxia
2008-10-23 06:15 . 2008-10-23 06:15<DIR>d--------c:\documents and settings\All Users\Application Data\Digital Asphyxia
2008-10-23 06:14 . 2008-10-23 06:14<DIR>d--------c:\program files\Digital Asphyxia
2008-10-23 06:14 . 2008-10-23 06:14<DIR>d--------c:\documents and settings\All Users\Application Data\Tarma Installer
2008-10-23 06:10 . 2008-10-23 06:10<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\TrojanHunter
2008-10-23 06:09 . 2008-10-23 06:10<DIR>d--------c:\program files\TrojanHunter 5.0
2008-10-23 05:39 . 2008-10-23 05:39<DIR>d--------c:\windows\system32\scripting
2008-10-23 05:39 . 2008-10-23 05:39<DIR>d--------c:\windows\system32\en
2008-10-23 05:39 . 2008-10-23 05:39<DIR>d--------c:\windows\system32\bits
2008-10-23 05:39 . 2008-10-23 05:39<DIR>d--------c:\windows\l2schemas
2008-10-23 05:36 . 2008-10-23 05:39<DIR>d--------c:\windows\ServicePackFiles
2008-10-23 05:28 . 2008-10-23 05:28<DIR>d--------c:\windows\EHome
2008-10-23 03:16 . 2008-10-23 03:16<DIR>d--------c:\program files\Microsoft Silverlight
2008-10-23 03:16 . 2008-10-23 03:16<DIR>d--------c:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-23 03:01 . 2008-10-23 03:01<DIR>d--------c:\program files\MSXML 6.0
2008-10-23 02:54 . 2008-10-23 02:54<DIR>d--------c:\program files\MSBuild
2008-10-23 02:52 . 2008-10-23 03:02<DIR>d--------c:\windows\system32\XPSViewer
2008-10-23 02:51 . 2008-10-23 02:51<DIR>d--------c:\program files\Reference Assemblies
2008-10-23 02:50 . 2006-06-29 12:0714,048--a------c:\windows\system32\spmsg2.dll
2008-10-23 02:49 . 2008-10-23 02:49<DIR>d--------C:\4486b72b3237250b4026cbb32d
2008-10-23 02:31 . 2008-10-23 02:31<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\Windows Desktop Search
2008-10-23 02:30 . 2008-10-23 02:30<DIR>d--------c:\windows\system32\GroupPolicy
2008-10-23 02:30 . 2008-10-23 02:30<DIR>d--------c:\program files\Windows Desktop Search
2008-10-23 02:28 . 2008-10-23 02:28<DIR>d--------c:\program files\Windows Media Connect 2
2008-10-23 02:25 . 2008-10-23 02:25<DIR>d--------c:\windows\system32\LogFiles
2008-10-23 02:25 . 2008-10-23 02:27<DIR>d--------c:\windows\system32\drivers\UMDF
2008-10-23 02:14 . 2008-04-13 19:12290,304--a------c:\windows\system32\rhttpaa.dll
2008-10-23 02:14 . 2008-04-13 19:11136,192--a------c:\windows\system32\aaclient.dll
2008-10-23 02:14 . 2008-04-13 19:1253,248--a------c:\windows\system32\tsgqec.dll
2008-10-23 02:02 . 2008-04-13 19:124,274,816--a------c:\windows\system32\nv4_disp.dll
2008-10-23 02:01 . 2008-04-13 19:11870,784--a------c:\windows\system32\ati3d1ag.dll
2008-10-23 01:32 . 2008-10-03 12:416,066,176--a------c:\windows\system32\dllcache\ieframe.dll
2008-10-23 01:32 . 2007-04-17 04:322,455,488--a------c:\windows\system32\dllcache\ieapfltr.dat
2008-10-23 01:32 . 2007-03-08 00:10991,232--a------c:\windows\system32\dllcache\ieframe.dll.mui
2008-10-23 01:32 . 2008-08-26 02:24459,264--a------c:\windows\system32\dllcache\msfeeds.dll
2008-10-23 01:32 . 2008-08-26 02:24383,488--a------c:\windows\system32\dllcache\ieapfltr.dll
2008-10-23 01:32 . 2008-08-26 02:24267,776--a------c:\windows\system32\dllcache\iertutil.dll
2008-10-23 01:32 . 2008-08-26 02:2463,488--a------c:\windows\system32\dllcache\icardie.dll
2008-10-23 01:32 . 2008-08-26 02:2452,224--a------c:\windows\system32\dllcache\msfeedsbs.dll
2008-10-23 01:32 . 2008-08-25 03:3813,824--a------c:\windows\system32\dllcache\ieudinit.exe
2008-10-23 00:49 . 2008-10-23 00:49<DIR>d--------c:\program files\uTorrent
2008-10-23 00:49 . 2008-11-08 02:09<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\uTorrent
2008-10-23 00:48 . 2008-10-23 00:21246--a------c:\windows\system\hpsysdrv.dat
2008-10-23 00:45 . 2008-10-22 23:21<DIR>d--------c:\windows\I386
2008-10-23 00:35 . 2008-06-13 06:05272,128--a------c:\windows\system32\drivers\bthport.sys
2008-10-23 00:35 . 2008-06-13 06:05272,128--a------c:\windows\system32\dllcache\bthport.sys
2008-10-23 00:34 . 2008-08-14 05:112,189,184--a------c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-23 00:34 . 2008-08-14 05:092,145,280--a------c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-23 00:34 . 2008-08-14 04:332,066,048--a------c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-23 00:34 . 2008-08-14 04:332,023,936--a------c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-23 00:34 . 2008-09-15 07:121,846,400--a------c:\windows\system32\dllcache\win32k.sys
2008-10-23 00:34 . 2008-09-08 05:41333,824--a------c:\windows\system32\dllcache\srv.sys
2008-10-23 00:32 . 2008-04-11 14:04691,712--a------c:\windows\system32\dllcache\inetcomm.dll
2008-10-23 00:32 . 2008-05-08 09:02203,136--a------c:\windows\system32\dllcache\rmcast.sys
2008-10-22 23:17 . 2008-11-08 11:39<DIR>d-a------c:\documents and settings\All Users\Application Data\TEMP
2008-10-22 22:49 . 2008-10-22 22:49<DIR>d--------c:\program files\iTunes
2008-10-22 22:49 . 2008-10-22 22:49<DIR>d--------c:\program files\iPod
2008-10-22 22:49 . 2008-10-22 22:49<DIR>d--------c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-22 22:48 . 2008-10-22 22:48<DIR>d--------c:\program files\Bonjour
2008-10-22 22:47 . 2008-10-22 22:48<DIR>d--------c:\program files\QuickTime
2008-10-22 22:46 . 2008-10-22 22:49<DIR>d----c---c:\windows\system32\DRVSTORE
2008-10-22 22:46 . 2008-10-22 22:47<DIR>d--------c:\program files\Common Files\Apple
2008-10-22 22:46 . 2008-10-22 22:47<DIR>d--------c:\program files\Apple Software Update
2008-10-22 22:46 . 2008-10-22 22:46<DIR>d--------c:\documents and settings\All Users\Application Data\Apple
2008-10-22 22:42 . 2008-06-10 01:3273,728--a------c:\windows\system32\javacpl.cpl
2008-10-22 22:40 . 2008-04-13 13:395,504--a------c:\windows\system32\drivers\mstee.sys
2008-10-22 22:39 . 2008-04-13 19:1291,136--a------c:\windows\system32\kswdmcap.ax
2008-10-22 22:39 . 2008-04-13 13:4685,248--a------c:\windows\system32\drivers\nabtsfec.sys
2008-10-22 22:39 . 2008-04-13 19:1261,952--a------c:\windows\system32\kstvtune.ax
2008-10-22 22:39 . 2008-04-13 19:1228,672--a------c:\windows\system32\vidcap.ax
2008-10-22 22:39 . 2008-04-13 13:4619,200--a------c:\windows\system32\drivers\wstcodec.sys
2008-10-22 22:39 . 2008-04-13 13:4617,024--a------c:\windows\system32\drivers\ccdecode.sys
2008-10-22 22:39 . 2008-04-13 19:1216,384--a------c:\windows\system32\ipsink.ax
2008-10-22 22:39 . 2008-04-13 13:4615,232--a------c:\windows\system32\drivers\streamip.sys
2008-10-22 22:39 . 2008-04-13 13:4611,136--a------c:\windows\system32\drivers\slip.sys
2008-10-22 22:39 . 2008-04-13 13:4610,880--a------c:\windows\system32\drivers\ndisip.sys
2008-10-22 22:38 . 2008-04-13 19:1253,760--a------c:\windows\system32\vfwwdm32.dll
2008-10-22 22:38 . 2008-04-13 19:1243,008--a------c:\windows\system32\ksxbar.ax
2008-10-22 22:21 . 2008-10-22 22:23<DIR>d--------c:\program files\Winamp
2008-10-22 22:21 . 2008-11-08 01:181,125--a------c:\windows\winamp.ini
2008-10-22 22:20 . 2008-10-22 22:20<DIR>d--------c:\program files\7-Zip
2008-10-22 22:01 . 2004-08-04 07:00221,184--a------c:\windows\system32\wmpns.dll
2008-10-22 22:00 . 2008-10-22 22:011,857-rahs----c:\windows\system32\drivers\103C_HP_CPC_ED861AA-ABA SR1603WM NA540_YC_0Pres_QCNH542_E54NAheRED2_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.08_T050913_WXH2_L409_M223_J80_7AMD_8Sempron_91.79_#051225_ N10EC8139_Z14F12F20_G10025954.MRK
2008-10-22 21:58 . 2005-08-08 17:50<DIR>d--------c:\documents and settings\Compaq_Owner\WINDOWS
2008-10-22 21:58 . 2005-08-08 17:54<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\SampleView
2008-10-22 21:58 . 2005-08-08 17:49<DIR>d--------c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2008-10-22 21:58 . 2008-10-22 23:07<DIR>d--------c:\documents and settings\Compaq_Owner
2008-10-22 21:56 . 2005-08-08 17:50<DIR>d--------c:\windows\system32\config\systemprofile\WINDOWS
2008-10-22 21:55 . 2005-08-08 17:50<DIR>d--------c:\documents and settings\Default User\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 12:01---------d-----wc:\program files\Common Files\Adobe
2008-10-23 10:4361,440----a-wc:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard ,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-10-23 10:4345,056----a-wc:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard ,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-10-23 10:4344,032----a-wc:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard ,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-10-23 10:4340,960----a-wc:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard ,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-10-23 10:4332,768----a-wc:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard ,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-10-23 10:4332,768----a-wc:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard ,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-10-23 10:43287,310----a-wc:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packar d,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2008-10-23 10:43163,840----a-wc:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packar d,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-10-23 04:14---------d-----wc:\program files\Common Files\InstallShield
2008-10-23 04:12---------d--h--wc:\program files\InstallShield Installation Information
2008-10-23 03:47---------d-----wc:\documents and settings\All Users\Application Data\Apple Computer
2008-10-23 03:42---------d-----wc:\program files\Java
2008-09-15 12:121,846,400----a-wc:\windows\system32\win32k.sys
2008-09-08 10:41333,824----a-wc:\windows\system32\drivers\srv.sys
2008-08-29 14:1887,336----a-wc:\windows\system32\dns-sd.exe
2008-08-29 13:5361,440----a-wc:\windows\system32\dnssd.dll
2008-08-27 17:543,593,216----a-wc:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:3770,656----a-wc:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56635,848----a-wc:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54161,792----a-wc:\windows\system32\dllcache\ieakui.dll
2008-08-14 10:092,145,280----a-wc:\windows\system32\ntoskrnl.exe
2008-08-14 10:04138,496----a-wc:\windows\system32\dllcache\afd.sys
2008-08-14 09:332,023,936----a-wc:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Y!TunnelPro"="c:\program files\Digital Asphyxia\Y!TunnelPro 2.5\YTPro.exe" [2008-09-27 1412608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THGuard"="c:\program files\TrojanHunter 5.0\THGuard.exe" [2008-09-10 1056928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=mtcunz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Digital Asphyxia\\Y!TunnelPro 2.5\\YTPro.exe"=

R3 DCamUSBVeo532;Veo Stingray/Connect Web Camera;c:\windows\system32\Drivers\ubVeo532.sys [2002-07-01 95232]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - MCHINJDRV
.
- - - - ORPHANS REMOVED - - - -

BHO-{51c46c26-aecf-4c77-bf84-f867875f0083} - c:\windows\system32\mtcunz.dll
BHO-{96E74E0B-9143-4D55-B522-35112296956A} - c:\windows\system32\ssqPjgFu.dll
BHO-{E4083A24-0B25-4C9C-8922-D83F41418036} - c:\windows\system32\efcBTLfE.dll
ShellExecuteHooks-{96E74E0B-9143-4D55-B522-35112296956A} - c:\windows\system32\ssqPjgFu.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405 &bd=presario&pf=desktop&parm1=seconduser
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_U S&c=Q405 &bd=presario&pf=desktop&parm1=seconduser
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

************************************************************************ **

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 11:39:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************************************ **
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\explorer.exe
-> c:\program files\TrojanHunter 5.0\THSec.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\searchindexer.exe
.
************************************************************************ **
.
Completion time: 2008-11-08 11:51:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-08 16:51:39

Pre-Run: 19,322,314,752 bytes free
Post-Run: 19,244,920,832 bytes free

245--- E O F ---2008-10-24 03:22:58

IP Logged

siliconman01
Global Moderator

Trojans! Chew 'em Up, Spit 'em Out...

Gender: male

Posts: 7357

Re: help please
« Reply #13 on: Nov 8^th, 2008, 11:14am »

Quote

Modify

Your HJT scan log is not showing any infections.

HOWEVER, I see you ran ComboFix after you ran the HJT log and ComboFix found many files to quarantine. What I cannot tell is if these were leftovers from previous infections that were neutralized by other security programs.

Because of the number of items ComboFix uncovered, I recommend that you run an online REMOTE Scan with BitDefender to see what it finds...if anything.

1. To keep BitDefender from flagging ComboFix items.

- Delete ComboFix.exe from your desktop.

- Delete the ComboFix.exe log from your system.

- Delete the ComboFix Quarantine folder which is a folder named Qoobox and is typically located under root C:\

2. Then temporarily disable all your security programs EXCEPT your software firewall.

3. Close down as many programs as you can (icons next to the system clock...in the Notification tray).

4. Using Internet Explorer, go to the link below and run the online Remote scanner of Bitdefender. It needs to download an activeX component. Please let it do so. Run a FULL SCAN of your system.

http://www.bitdefender.com/scan8/ie.html

5. After the scan is completed, please post the BitDefender scan log back here. Also post a new Hijackthis scan log.

IP Logged

Thomas
Full Member

Gender:

Posts: 233

Re: help please
« Reply #14 on: Nov 8^th, 2008, 11:58am »

Quote

Modify

on Nov 8^th, 2008, 11:14am, siliconman01 wrote:

Your HJT scan log is not showing any infections.

HOWEVER, I see you ran ComboFix after you ran the HJT log and ComboFix found many files to quarantine. �What I cannot tell is if these were leftovers from previous infections that were neutralized by other security programs. �

Because of the number of items ComboFix uncovered, I recommend that you run an online REMOTE Scan with BitDefender to see what it finds...if anything.

1. �To keep BitDefender from flagging ComboFix items.

- �Delete ComboFix.exe from your desktop.

- �Delete the ComboFix.exe log from your system.

- �Delete the ComboFix Quarantine folder which is a folder named Qoobox and is typically located under root C:\

2. �Then temporarily disable all your security programs EXCEPT your software firewall.

3. �Close down as many programs as you can (icons next to the system clock...in the Notification tray).

4. �Using Internet Explorer, go to the link below and run the online Remote scanner of Bitdefender. �It needs to download an activeX component. �Please let it do so. �Run a FULL SCAN of your system.

http://www.bitdefender.com/scan8/ie.html

5. �After the scan is completed, please post the BitDefender scan log back here. �Also post a new Hijackthis scan log.

the combofix log is from my pc not my mom pc should i send these files to you guys?

IP Logged

Pages: 1 2 3 4

Notify of replies

Send Topic


« Previous topic \| Next topic »