Infected: Antispy Spider, Http Quickbrowser Activity, Etc...

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Infected: Antispy Spider, Http Quickbrowser Activity, Etc..., Massive amount of popups, slow machine, etc...

Options

gloryfalls12 View Member Profile	Jun 16 2008, 01:53 AM Post #16
Member Group: Members Posts: 97 Joined: 7-June 08 Member No.: 214,894	For some reason, it won't let me run ComboFix. I was going to go on my computer and download a new copy, but once again, it seems as if it knows what sites are helpful for whatever i have and it just acts like those websites are down (like when you try and go to a webpage when your internet is off). However, it only does it on those websites, not basic stuff like cnn.com, espn.com, etc... I downloaded a new copy of Combofix onto my jump drive from another computer in the house and loaded it onto mine and it still wouldn't work. I'm lost on this one...

Cretemonster	Jun 16 2008, 03:30 AM Post #17
Guests	Rename ComboFix to Dangit.exe and try again.

gloryfalls12 View Member Profile	Jun 16 2008, 03:32 AM Post #18
Member Group: Members Posts: 97 Joined: 7-June 08 Member No.: 214,894	alright, i got it to work finally...i read somewhere that if i change the file extention from .exe to .com it would work, and sure enough it did. i'm also back on your site with my infected computer, so i guess combofix actually fixed a few things here is the combofix log... ComboFix 08-06-15.4 - J 2008-06-16 3:10:12.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.137 [GMT -5:00] Running from: C:\Documents and Settings\J\Desktop\ComboFix.com * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\system32\clbdll.dll C:\WINDOWS\system32\clbinit.dll C:\WINDOWS\system32\drivers\clbdriver.sys C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\pac.txt ----- BITS: Possible infected sites ----- hxxp://80.93.48.89 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CLBDRIVER ((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))) . 2008-06-16 03:01 . 2008-06-16 03:01 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-15 03:44 . 2008-06-15 03:44 <DIR> d-------- C:\Deckard 2008-06-15 03:39 . 2004-08-04 03:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-06-14 04:47 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-06-12 03:43 . 2008-06-12 03:43 <DIR> d-------- C:\WINDOWS\ERUNT 2008-06-12 03:39 . 2004-11-20 06:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2008-06-12 03:39 . 2004-11-20 06:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic 2008-06-12 03:39 . 2004-11-20 06:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-06-12 03:39 . 2008-06-12 03:39 <DIR> d-------- C:\Documents and Settings\Administrator 2008-06-12 03:35 . 2008-06-12 05:04 <DIR> d-------- C:\SDFix 2008-06-11 16:57 . 2008-06-11 16:57 <DIR> d-------- C:\fsaua.data 2008-06-10 20:45 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 20:45 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-07 23:49 . 2008-06-07 23:49 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-07 23:17 . 2008-06-07 14:57 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico 2008-06-07 23:17 . 2008-06-09 23:19 4,286 --a------ C:\WINDOWS\system32\Jamster.ico 2008-06-07 22:29 . 2008-06-07 22:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-06-07 22:29 . 2008-06-07 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-04 02:52 . 2008-06-04 02:53 <DIR> d-------- C:\Program Files\QuickTime 2008-05-29 23:42 . 2008-05-29 23:42 <DIR> d-------- C:\Documents and Settings\J\Application Data\Sonic 2008-05-29 23:36 . 2008-05-29 23:36 <DIR> d-------- C:\Program Files\iPod 2008-05-29 23:35 . 2008-05-29 23:36 <DIR> d-------- C:\Program Files\iTunes 2008-05-29 23:33 . 2008-05-29 23:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-05-29 23:33 . 2008-05-29 23:33 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-05-29 23:30 . 2008-05-29 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-05-25 03:43 . 2008-05-29 23:41 <DIR> d-------- C:\Program Files\Apple Software Update . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-16 08:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream 2008-06-15 11:34 --------- d-----w C:\Documents and Settings\J\Application Data\AVG7 2008-06-15 08:43 --------- d-----w C:\Documents and Settings\J\Application Data\uTorrent 2008-06-15 07:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-14 09:47 --------- d-----w C:\Program Files\Java 2008-06-07 22:03 15,360 ----a-w C:\WINDOWS\TASKMAN.EXE 2008-05-25 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-26 22:44 --------- d-----w C:\Program Files\AIM 2008-04-26 09:41 142 ----a-w C:\Program Files\page.html 2007-05-19 22:08 1,176 ----a-w C:\Documents and Settings\J\Application Data\wklnhst.dat 2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js 2005-04-13 01:59 55,307,153 ----a-w C:\Program Files\Microsoft Office.zip 2007-07-10 22:04 208 --sha-w C:\WINDOWS\ime\klog.dat . ((((((((((((((((((((((((((((( snapshot_2008-06-11_16.22.56.87 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-11 19:37:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-16 08:17:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-02-27 20:59:28 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll + 2008-02-27 20:59:28 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll + 2008-02-27 21:00:12 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll + 2008-02-27 20:59:16 588,392 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe + 2008-06-11 07:07:53 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-06-12 08:43:51 6,995,968 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-06-12 08:43:51 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-06-11 07:07:53 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-06-12 08:43:37 6,995,968 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-06-12 08:43:37 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2005-03-13 22:06:52 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-06-16 07:07:34 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2005-03-13 22:06:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-06-16 07:07:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2005-03-13 22:06:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-06-16 07:07:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2004-08-04 13:00:00 4,224 ----a-w C:\WINDOWS\system32\dllcache\beep.sys - 2004-08-04 08:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys + 2004-08-04 13:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys - 2006-10-12 07:35:14 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2008-03-25 06:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2006-10-12 07:35:24 53,346 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-03-25 06:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2006-10-12 09:10:56 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-03-25 07:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-03-01 11:33 3551744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-06-17 15:48 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-06-17 15:43 118784] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 04:01 110592] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 11:25 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 11:24 688218] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 19:19 290816] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-10-13 20:34 229438] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664] "dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2005-02-17 22:44 784896] "DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 14:49 282624] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-20 19:42 579584] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 12:53 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices] --a------ 2005-05-19 13:55 101888 C:\Program Files\ESPNRunTime\DIGServices.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingvo Launcher] --a------ 2006-08-14 13:12 106496 C:\Program Files\ABBYY Lingvo 11 First Step\Lvagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tutor.exe] --a------ 2006-08-14 13:20 1323008 C:\Program Files\ABBYY Lingvo 11 First Step\Tutor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\utorrent\\utorrent.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fba58b3d-13d5-11dd-a6fa-000e35df30e4}] \Shell\AutoRun\command - E:\setupSNK.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{04FD0F03-ADE1-F1A3-545A-CAE86BA3A181}] C:\WINDOWS\IME\imeupdt.exe s . Contents of the 'Scheduled Tasks' folder "2008-06-11 03:43:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-05-20 21:58:44 C:\WINDOWS\Tasks\Low Battery Alarm Program.job" "2008-06-16 07:25:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-16 03:20:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????N????\|?????? ???B?????????????H<C? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\DOCUME~1\J\LOCALS~1\Temp\mc25.tmp" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2008-06-16 3:26:24 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-16 08:26:16 ComboFix2.txt 2008-06-12 19:46:24 ComboFix3.txt 2008-06-11 21:23:47 ComboFix4.txt 2008-06-10 20:35:00 Pre-Run: 32,960,077,824 bytes free Post-Run: 33,016,078,336 bytes free 201 --- E O F --- 2008-06-11 19:36:24

Cretemonster	Jun 17 2008, 06:38 AM Post #19
Guests	Wow,something is going on inside there,Im not sure if you have some infected software your trying to install or what. How about a firewall,do you have an active one onboard? Copy the text below to notepad and save it to the desktop with the name CFScript CODE File:: C:\Program Files\page.html C:\Program Files\Del.js C:\Program Files\Microsoft Office.zip C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Folder:: C:\fsaua.data Driver:: mchInjDrv Once saved,drag CFScript.txt on top of ComboFix.exe and this will launch the tool and begin the script. Once completed,post the new CombFix log and a fresh HijackThis log.

gloryfalls12 View Member Profile	Jun 18 2008, 03:59 AM Post #20
Member Group: Members Posts: 97 Joined: 7-June 08 Member No.: 214,894	The only thing I have installed is Firefox...and the only firewall i have is the windows firewall ComboFix 08-06-15.4 - J 2008-06-18 2:50:04.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.126 [GMT -5:00] Running from: C:\Documents and Settings\J\Desktop\ComboFix.com Command switches used :: C:\DOCUME~1\J\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Program Files\Del.js C:\Program Files\Microsoft Office.zip C:\Program Files\page.html . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\fsaua.data C:\Program Files\Del.js C:\Program Files\Microsoft Office.zip C:\Program Files\page.html . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MCHINJDRV -------\Service_mchInjDrv ((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 ))))))))))))))))))))))))))))))) . 2008-06-16 14:25 . 2008-06-16 14:25 1,160 --a------ C:\WINDOWS\mozver.dat 2008-06-16 03:01 . 2008-06-16 03:01 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-15 03:44 . 2008-06-15 03:44 <DIR> d-------- C:\Deckard 2008-06-15 03:39 . 2004-08-04 03:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-06-14 04:47 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-06-12 03:43 . 2008-06-12 03:43 <DIR> d-------- C:\WINDOWS\ERUNT 2008-06-12 03:39 . 2004-11-20 06:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2008-06-12 03:39 . 2004-11-20 06:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic 2008-06-12 03:39 . 2004-11-20 06:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer 2008-06-12 03:39 . 2008-06-12 03:39 <DIR> d-------- C:\Documents and Settings\Administrator 2008-06-12 03:35 . 2008-06-12 05:04 <DIR> d-------- C:\SDFix 2008-06-10 20:45 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 20:45 . 2008-04-14 06:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-07 23:49 . 2008-06-07 23:49 <DIR> d-------- C:\Program Files\Trend Micro 2008-06-07 23:17 . 2008-06-07 14:57 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico 2008-06-07 23:17 . 2008-06-09 23:19 4,286 --a------ C:\WINDOWS\system32\Jamster.ico 2008-06-07 22:29 . 2008-06-07 22:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-06-07 22:29 . 2008-06-07 22:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-06-04 02:52 . 2008-06-04 02:53 <DIR> d-------- C:\Program Files\QuickTime 2008-05-29 23:42 . 2008-05-29 23:42 <DIR> d-------- C:\Documents and Settings\J\Application Data\Sonic 2008-05-29 23:36 . 2008-05-29 23:36 <DIR> d-------- C:\Program Files\iPod 2008-05-29 23:35 . 2008-05-29 23:36 <DIR> d-------- C:\Program Files\iTunes 2008-05-29 23:33 . 2008-05-29 23:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-05-29 23:33 . 2008-05-29 23:33 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-05-29 23:30 . 2008-05-29 23:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-05-25 03:43 . 2008-05-29 23:41 <DIR> d-------- C:\Program Files\Apple Software Update . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-18 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream 2008-06-15 11:34 --------- d-----w C:\Documents and Settings\J\Application Data\AVG7 2008-06-15 08:43 --------- d-----w C:\Documents and Settings\J\Application Data\uTorrent 2008-06-15 07:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-14 09:47 --------- d-----w C:\Program Files\Java 2008-06-07 22:03 15,360 ----a-w C:\WINDOWS\TASKMAN.EXE 2008-05-25 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-26 22:44 --------- d-----w C:\Program Files\AIM 2007-05-19 22:08 1,176 ----a-w C:\Documents and Settings\J\Application Data\wklnhst.dat 2007-07-10 22:04 208 --sha-w C:\WINDOWS\ime\klog.dat . ((((((((((((((((((((((((((((( snapshot_2008-06-11_16.22.56.87 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-11 19:37:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-18 07:55:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-02-27 20:59:28 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll + 2008-02-27 20:59:28 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll + 2008-02-27 21:00:12 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll + 2008-02-27 20:59:16 588,392 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe + 2008-06-11 07:07:53 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE + 2008-06-12 08:43:51 6,995,968 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-06-12 08:43:51 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-06-11 07:07:53 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-06-12 08:43:37 6,995,968 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-06-12 08:43:37 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2005-03-13 22:06:52 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-06-16 07:07:34 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2005-03-13 22:06:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-06-16 07:07:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2005-03-13 22:06:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-06-16 07:07:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2004-08-04 13:00:00 4,224 ----a-w C:\WINDOWS\system32\dllcache\beep.sys - 2004-08-04 08:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys + 2004-08-04 13:00:00 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys - 2006-10-12 07:35:14 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2008-03-25 06:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2006-10-12 07:35:24 53,346 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-03-25 06:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2006-10-12 09:10:56 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-03-25 07:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-03-25 01:21:00 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll + 2008-03-25 01:21:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-03-01 11:33 3551744] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-06-17 15:48 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-06-17 15:43 118784] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 04:01 110592] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 11:25 98394] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 11:24 688218] "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 19:19 290816] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-10-13 20:34 229438] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664] "dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2005-02-17 22:44 784896] "DIGStream"="C:\Program Files\DIGStream\digstream.exe" [2005-05-18 14:49 282624] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-20 19:42 579584] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 12:53 219136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices] --a------ 2005-05-19 13:55 101888 C:\Program Files\ESPNRunTime\DIGServices.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lingvo Launcher] --a------ 2006-08-14 13:12 106496 C:\Program Files\ABBYY Lingvo 11 First Step\Lvagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tutor.exe] --a------ 2006-08-14 13:20 1323008 C:\Program Files\ABBYY Lingvo 11 First Step\Tutor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\utorrent\\utorrent.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fba58b3d-13d5-11dd-a6fa-000e35df30e4}] \Shell\AutoRun\command - E:\setupSNK.exe Newly Created Service - MCHINJDRV [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{04FD0F03-ADE1-F1A3-545A-CAE86BA3A181}] C:\WINDOWS\IME\imeupdt.exe s . Contents of the 'Scheduled Tasks' folder "2008-06-18 03:43:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-05-20 21:58:44 C:\WINDOWS\Tasks\Low Battery Alarm Program.job" "2008-06-18 07:25:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-18 02:58:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????O????\|?????? ???B?????????????H<C? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\DOCUME~1\J\LOCALS~1\Temp\mc25.tmp" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe . ************************************************************************ . Completion time: 2008-06-18 3:05:05 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-18 08:04:56 ComboFix2.txt 2008-06-16 08:26:30 ComboFix3.txt 2008-06-12 19:46:24 ComboFix4.txt 2008-06-11 21:23:47 ComboFix5.txt 2008-06-10 20:35:00 Pre-Run: 32,960,245,760 bytes free Post-Run: 32,951,844,864 bytes free 208 --- E O F --- 2008-06-11 19:36:24 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:57:53 AM, on 6/18/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\CF29565.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\dvd43\dvd43_tray.exe C:\Program Files\DIGStream\digstream.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ESPNRunTime\DIGServices.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\regedit.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.knology.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.knology.net R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://C:\Program Files\ABBYY Lingvo 11 First Step\Lingvo.exe/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871 O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 8449 bytes

Cretemonster	Jun 18 2008, 02:17 PM Post #21
Guests	OK,so you have Windows Firewall and AVG7(Think 8 is out) plus Spy Sweeper. Is the machine connected to the Internet via a router? Run the F-Secure scanner again please Please run the F-Secure Online Scanner Note: This Scanner is for Internet Explorer Only Follow the Instruction on the F-Secure page for proper installation. Accept the License Agreement. Once the ActiveX installs,Click Full System Scan Once the download completes,the scan will begin automatically. The scan will take some time to finish,so please be patient. When the scan completes, click the Automatic cleaning (recommended) button. Click the Show Report button and Copy&Paste the entire report in your next reply.

gloryfalls12 View Member Profile	Jun 20 2008, 03:39 PM Post #22
Member Group: Members Posts: 97 Joined: 7-June 08 Member No.: 214,894	That's correct. Usually, I use my wireless, but right now I have my computer hooked up directly through my wireless router. I have run the F-Secure scan twice now, and it gets through the scan just fine, but once I get to the deletion of the files, it just freezes up. I'll run it again tonight and see if anything different happens.

Cretemonster	Jun 22 2008, 09:55 AM Post #23
Guests	OK,let me know what the machine state is and if the F-Secure scan finishes. This post has been edited by Cretemonster: Jun 22 2008, 09:56 AM

gloryfalls12 View Member Profile	Jun 23 2008, 06:10 PM Post #24
Member Group: Members Posts: 97 Joined: 7-June 08 Member No.: 214,894	the computer seems to be working pretty well. no issues as of late. however, the f-secure online scan still won't finish. once again, it got through the scan process just fine, but once i tell it to clean off what it found, it just freezes up. needless to say, i still don't have a log to show you on that one

Cretemonster	Jun 24 2008, 04:59 AM Post #25
Guests	Hmm,I wanna peek at some other things before we go too far. Download Gmer from Here Fully unzip the archive and double click gmer.exe to execute the program. Let it load up,then right click inside its window and select "Only non MS files" then click Scan. Wait for it to finish then click save and save the log somewhere convienient. Post that log in the next reply please.

gloryfalls12 View Member Profile	Jun 25 2008, 02:32 PM Post #26
Member Group: Members Posts: 97 Joined: 7-June 08 Member No.: 214,894	GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-06-25 14:33:00 Windows 5.1.2600 Service Pack 2 ---- Modules - GMER 1.0.14 ---- Module aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) F7D77000-F7D79000 (8192 bytes) Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F7AFF000-F7B04000 (20480 bytes) Module \SystemRoot\system32\DRIVERS\ialmnt5.sys (Intel Graphics Miniport Driver/Intel Corporation) F6B5A000-F6C08000 (712704 bytes) Module \SystemRoot\system32\DRIVERS\Rtlnicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) F6B11000-F6B23000 (73728 bytes) Module \SystemRoot\system32\DRIVERS\w29n51.sys (Intel® Wireless LAN Driver/Intel® Corporation) F6801000-F6B11000 (3211264 bytes) Module \SystemRoot\system32\drivers\tifm21.sys (tifm21.sys/Texas Instruments) F67EC000-F6801000 (86016 bytes) Module \SystemRoot\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) F6772000-F67A0000 (188416 bytes) Module \SystemRoot\System32\DRIVERS\dvd43llh.sys (dvd43llh.sys/RIF) F7BBF000-F7BC4000 (20480 bytes) Module \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) F764A000-F764D000 (12288 bytes) Module \SystemRoot\system32\drivers\camchal.sys (Conexant AmcHal Driver/Conexant Systems Inc.) F670B000-F674F000 (278528 bytes) Module \SystemRoot\system32\drivers\camcaud.sys (Conexant WDM AC97 Audio Driver/Conexant Systems Inc.) F66C3000-F670B000 (294912 bytes) Module \SystemRoot\system32\DRIVERS\HSFHWICH.sys (HSFHWICH WDM driver/Conexant Systems, Inc.) F666E000-F669F000 (200704 bytes) Module \SystemRoot\system32\DRIVERS\HSF_DP.sys (HSF_DP driver/Conexant Systems, Inc.) F656F000-F666E000 (1044480 bytes) Module \SystemRoot\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) F64C8000-F656F000 (684032 bytes) Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F7BDF000-F7BE4000 (20480 bytes) Module \??\C:\WINDOWS\system32\drivers\EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company) F7DA5000-F7DA7000 (8192 bytes) Module \SystemRoot\System32\ialmdnt5.dll (Controller Hub for Intel Graphics Driver/Intel Corporation) BF9E3000-BFA03000 (131072 bytes) Module \SystemRoot\System32\ialmrnt5.dll (Controller Hub for Intel Graphics Driver/Intel Corporation) BF9D5000-BF9E3000 (57344 bytes) Module \SystemRoot\System32\ialmdev5.DLL (Component GHAL Driver/Intel Corporation) BFA03000-BFA27000 (147456 bytes) Module \SystemRoot\System32\ialmdd5.DLL (DirectDraw® Driver for Intel® Graphics Technology/Intel Corporation) BFA27000-BFAE1000 (761856 bytes) Module \SystemRoot\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface DRIVER/Conexant) ED7E9000-ED7EC000 (12288 bytes) Module \SystemRoot\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) F6C28000-F6C32000 (40960 bytes) Module \??\C:\WINDOWS\system32\drivers\tmcomm.sys (TrendMicro Common Module/Trend Micro Inc.) ED5FD000-ED60F000 (73728 bytes) Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) BFFA0000-BFFE6000 (286720 bytes) Module \??\C:\DOCUME~1\J\LOCALS~1\Temp\mc23.tmp F7EEF000-F7EF0000 (4096 bytes) Module \SystemRoot\System32\Drivers\avgmfx86.sys (AVG Resident Shield Minifilter Driver/GRISOFT, s.r.o.) F7C37000-F7C3C000 (20480 bytes) Module \SystemRoot\System32\Drivers\avgldx86.sys (AVG AVI Loader Driver/AVG Technologies CZ, s.r.o.) EC7FE000-EC814000 (90112 bytes) Module \SystemRoot\System32\Drivers\avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) EC7ED000-EC7FE000 (69632 bytes) Module \SystemRoot\System32\Drivers\hiber_WMILIB.SYS F7D7D000-F7D7F000 (8192 bytes) Module \SystemRoot\System32\DRIVERS\gmer.sys (GMER Driver http://www.gmer.net/GMER) EC692000-EC6A7000 (86016 bytes) ---- Processes - GMER 1.0.14 ---- Process C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (TouchPad Driver Helper Application/Synaptics, Inc.) 168 Library C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (TouchPad Driver Helper Application/Synaptics, Inc.) 0x00400000 Library C:\WINDOWS\system32\SynCOM.dll (SynCOM/Synaptics, Inc.) 0x10000000 Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x01060000 Process C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) 200 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x008D0000 Process C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics TouchPad Enhancements/Synaptics, Inc.) 336 Library C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics TouchPad Enhancements/Synaptics, Inc.) 0x00400000 Library C:\WINDOWS\system32\SynCOM.dll (SynCOM/Synaptics, Inc.) 0x10000000 Library C:\WINDOWS\system32\SynTPAPI.dll (SynTPAPI/Synaptics, Inc.) 0x63010000 Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x011E0000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x01330000 Process C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (HP Framework Component Manager Service/Hewlett-Packard Company) 404 Library C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (HP Framework Component Manager Service/Hewlett-Packard Company) 0x00400000 Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00C40000 Process C:\Program Files\dvd43\dvd43_tray.exe 412 Library C:\Program Files\dvd43\dvd43_tray.exe 0x00400000 Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x01160000 Process C:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper Module/Apple Inc.) 432 Library C:\Program Files\iTunes\iTunesHelper.exe (iTunesHelper Module/Apple Inc.) 0x00400000 Library C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL (iTunesHelper Resource Library/Apple Inc.) 0x10000000 Library C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL (iTunesHelper Resource Library/Apple Inc.) 0x00B50000 Library C:\Program Files\QuickTime\QTSystem\QuickTime.qts (QuickTime/Apple Inc.) 0x66800000 Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000 Library C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll (iTunesMobileDevice/Apple Inc.) 0x09330000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x09C90000 Process C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Java™ Platform SE binary/Sun Microsystems, Inc.) 464 Library C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Java™ Platform SE binary/Sun Microsystems, Inc.) 0x00400000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00B50000 Process C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Spy Sweeper/Webroot Software, Inc.) 492 Library C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Spy Sweeper/Webroot Software, Inc.) 0x00010000 Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000 Library C:\Program Files\Webroot\Spy Sweeper\Language.dll (Language Library/Webroot Software, Inc.) 0x017D0000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x05B10000 Process C:\WINDOWS\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 656 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00AA0000 Process C:\WINDOWS\system32\winlogon.exe (Windows NT Logon Application/Microsoft Corporation) 680 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x01290000 Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x10000000 Library C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation) 0x00A50000 Process C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) 724 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00810000 Process C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) 736 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00EC0000 Process C:\PROGRA~1\AVG\AVG8\avgemc.exe (AVG E-Mail Scanner/AVG Technologies CZ, s.r.o.) 828 Library C:\PROGRA~1\AVG\AVG8\avgemc.exe (AVG E-Mail Scanner/AVG Technologies CZ, s.r.o.) 0x00400000 Library C:\PROGRA~1\AVG\AVG8\libsasl.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x62200000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00AC0000 Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x10000000 Library C:\Program Files\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x00F10000 Library C:\Program Files\AVG\AVG8\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x00FD0000 Library C:\PROGRA~1\AVG\AVG8\saslcrammd5.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x62230000 Library C:\PROGRA~1\AVG\AVG8\sasldigestmd5.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x62240000 Library C:\PROGRA~1\AVG\AVG8\sasllogin.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x62220000 Library C:\PROGRA~1\AVG\AVG8\saslplain.dll (Cyrus SASL API implementation/AVG Technologies CZ, s.r.o.) 0x62210000 Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 888 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00EC0000 Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 948 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00960000 Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1036 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x02030000 Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1100 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00950000 Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1188 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00F70000 Process C:\WINDOWS\Explorer.EXE (Windows Explorer/Microsoft Corporation) 1264 Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00BB0000 Library C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc.) 0x10000000 Library C:\Program Files\WinRAR\rarext.dll 0x00E90000 Library C:\Program Files\AVG\AVG8\avgse.dll (AVG Shell Extension/AVG Technologies CZ, s.r.o.) 0x621A0000 Process C:\PROGRA~1\AVG\AVG8\avgrsx.exe (AVG Resident Shield Service/AVG Technologies CZ, s.r.o.) 1404 Library C:\PROGRA~1\AVG\AVG8\avgrsx.exe (AVG Resident Shield Service/AVG Technologies CZ, s.r.o.) 0x00400000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00390000 Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x10000000 Library C:\PROGRA~1\AVG\AVG8\avgcorex.dll (AVG Scanning Core Module/AVG Technologies CZ, s.r.o.) 0x007B0000 Library C:\PROGRA~1\AVG\AVG8\avgcrlpx.dll (AVG Core RLP Module/AVG Technologies CZ, s.r.o.) 0x03DA0000 Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1508 Library C:\WINDOWS\system32\hpzsnt10.dll (HP) 0x10000000 Library C:\WINDOWS\system32\hpz3l3xu.dll (LanguageMonitor/Hewlett-Packard Company) 0x00AB0000 Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp3xu.dll (Hewlett-Packard Corporation) 0x00F10000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x01010000 Process C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple, Inc.) 1608 Library C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple, Inc.) 0x00400000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00A10000 Process C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1708 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00B10000 Process C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) 1716 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00E50000 Process C:\WINDOWS\system32\hkcmd.exe (hkcmd Module/Intel Corporation) 1792 Library C:\WINDOWS\system32\hkcmd.exe (hkcmd Module/Intel Corporation) 0x00400000 Library C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation) 0x10000000 Library C:\WINDOWS\system32\igfxdev.dll (igfxdev Module/Intel Corporation) 0x00A30000 Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x00AE0000 Library C:\WINDOWS\system32\igfxres.dll (xxxxres Module/Intel Corporation) 0x00B60000 Library C:\WINDOWS\system32\igfxhk.dll (igfxhk Module/Intel Corporation) 0x00BA0000 Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00E00000 Process C:\WINDOWS\system32\igfxtray.exe (igfxTray Module/Intel Corporation) 1816 Library C:\WINDOWS\system32\igfxtray.exe (igfxTray Module/Intel Corporation) 0x00400000 Library C:\WINDOWS\system32\hccutils.DLL (hccutils Module/Intel Corporation) 0x10000000 Library C:\WINDOWS\system32\igfxdev.dll (igfxdev Module/Intel Corporation) 0x00A50000 Library C:\WINDOWS\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x00B00000 Library C:\WINDOWS\system32\igfxres.dll (xxxxres Module/Intel Corporation) 0x00B70000 Library C:\WINDOWS\system32\igfxress.dll (igfxress Module/Intel Corporation) 0x00BB0000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00DB0000 Process C:\WINDOWS\system32\wdfmgr.exe (Windows User Mode Driver Manager/Microsoft Corporation) 1844 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00950000 Process C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Quick Launch Buttons/Hewlett-Packard ) 1912 Library C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Quick Launch Buttons/Hewlett-Packard ) 0x00400000 Library C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL (Quick Launch Buttons/Hewlett-Packard ) 0x10000000 Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000 Library C:\Program Files\HPQ\Quick Launch Buttons\HPQPRES.DLL (Presentation Mode/Hewlett-Packard) 0x00D70000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00C30000 Process C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) 2196 Library C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) 0x00400000 Library C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL (iPodService Resource Library/Apple Inc.) 0x10000000 Library C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL (iPodService Resource Library/Apple Inc.) 0x00890000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x016E0000 Process C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe (HP Task Management Component/Hewlett-Packard Company) 2220 Library C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe (HP Task Management Component/Hewlett-Packard Company) 0x00400000 Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000 Library C:\Program Files\HP\hpcoretech\HPCmpMgr.dll (HP Framework Component Manager Proxy/Hewlett-Packard Company) 0x10000000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x02650000 Process C:\Program Files\AVG\AVG8\avgtray.exe (AVG Tray Monitor/AVG Technologies CZ, s.r.o.) 2304 Library C:\Program Files\AVG\AVG8\avgtray.exe (AVG Tray Monitor/AVG Technologies CZ, s.r.o.) 0x00400000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00B70000 Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x10000000 Library C:\Program Files\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x00DA0000 Library C:\Program Files\AVG\AVG8\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x00E30000 Library C:\Program Files\AVG\AVG8\avgabout.dll (AVG About Box Library/AVG Technologies CZ, s.r.o.) 0x00E70000 Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000 Library C:\Program Files\AVG\AVG8\avgsrmx.dll (AVG Scan Result Manager Module/AVG Technologies CZ, s.r.o.) 0x011F0000 Library C:\Program Files\AVG\AVG8\avgvvx.dll (AVG Virus Vault Module/AVG Technologies CZ, s.r.o.) 0x01280000 Library C:\Program Files\AVG\AVG8\AVGUIRES.DLL (AVG User Interface Resource Library/AVG Technologies CZ, s.r.o.) 0x01640000 Library C:\Program Files\AVG\AVG8\avgscanx.dll (AVG Scanning Module/AVG Technologies CZ, s.r.o.) 0x01820000 Library C:\Program Files\AVG\AVG8\avgmvflx.dll (AVG Move File Library/AVG Technologies CZ, s.r.o.) 0x04D20000 Process C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) 3200 Library C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) 0x00400000 Library C:\WINDOWS\system32\avgrsstx.dll (AVG Resident Shield Starter/AVG Technologies CZ, s.r.o.) 0x10000000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00690000 Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x007C0000 Library C:\PROGRA~1\AVG\AVG8\avgwd.dll (AVG Watchdog Module/AVG Technologies CZ, s.r.o.) 0x00900000 Library C:\PROGRA~1\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x00BE0000 Library C:\PROGRA~1\AVG\AVG8\avgsched.dll (AVG Scheduler Module/AVG Technologies CZ, s.r.o.) 0x00CA0000 Library C:\PROGRA~1\AVG\AVG8\avgwdwsc.dll (AVG Windows Security Center Module/AVG Technologies CZ, s.r.o.) 0x00E50000 Library C:\PROGRA~1\AVG\AVG8\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x00EA0000 Process C:\Program Files\internet explorer\iexplore.exe (Internet Explorer/Microsoft Corporation) 3268 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00A00000 Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000 Library C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Acrobat IE Helper Version 7.0 for ActiveX/Adobe Systems Incorporated) 0x10000000 Library C:\Program Files\AVG\AVG8\avgssie.dll (Safe Search for Internet Explorer/AVG Technologies CZ, s.r.o.) 0x01CF0000 Library C:\Program Files\AVG\AVG8\avgxpl.dll (LinkScanner SDK/AVG Technologies CZ, s.r.o.) 0x01D70000 Library C:\Program Files\AVG\AVG8\avgcfgx.dll (AVG Configuration Module/AVG Technologies CZ, s.r.o.) 0x020C0000 Library C:\Program Files\AVG\AVG8\avglogx.dll (AVG Logging Library/AVG Technologies CZ, s.r.o.) 0x02160000 Library C:\Program Files\AVG\AVG8\avglngx.dll (AVG Language Module/AVG Technologies CZ, s.r.o.) 0x021B0000 Library C:\Program Files\jZip\WebmailPlugin.dll (jZip Webmail plugin/Discordia Limited) 0x021F0000 Library C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Java™ Platform SE binary/Sun Microsystems, Inc.) 0x6D7C0000 Process C:\Documents and Settings\J\Desktop\gmer.exe 3564 Library C:\Documents and Settings\J\Desktop\gmer.exe 0x00400000 Library C:\Program Files\Webroot\Spy Sweeper\sis.dll (Webroot Software, Inc.) 0x00350000 Library C:\WINDOWS\gmer.dll 0x72000000 Library C:\WINDOWS\system32\SynTPFcs.dll (SynTPFcs/Synaptics, Inc.) 0x63000000 ---- Services - GMER 1.0.14 ---- Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [MANUAL] Adobe LM Service Service C:\WINDOWS\system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [BOOT] AliIde Service C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple, Inc.) [AUTO] Apple Mobile Device Service C:\PROGRA~1\AVG\AVG8\avgemc.exe (AVG E-Mail Scanner/AVG Technologies CZ, s.r.o.) [AUTO] avg8emc Service C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) [AUTO] avg8wd Service C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG AVI Loader Driver/AVG Technologies CZ, s.r.o.) [SYSTEM] AvgLdx86 Service C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Resident Shield Minifilter Driver/GRISOFT, s.r.o.) [SYSTEM] AvgMfx86 Service C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) [AUTO] AvgTdiX Service C:\WINDOWS\system32\drivers\camcaud.sys (Conexant WDM AC97 Audio Driver/Conexant Systems Inc.) [MANUAL] CAMCAUD Service C:\WINDOWS\system32\drivers\camchal.sys (Conexant AmcHal Driver/Conexant Systems Inc.) [MANUAL] CAMCHALA Service C:\ComboFix\catchme.sys [MANUAL] catchme Service C:\WINDOWS\System32\DRIVERS\dvd43llh.sys (dvd43llh.sys/RIF) [MANUAL] dvd43llh Service C:\WINDOWS\system32\drivers\EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company) [SYSTEM] eabfiltr Service C:\WINDOWS\system32\drivers\eabusb.sys (QLB USB Keyboard filter driver/Hewlett-Packard Company) [MANUAL] eabusb Service C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM Service C:\WINDOWS\System32\DRIVERS\gmer.sys (GMER Driver http://www.gmer.net/GMER) [MANUAL] gmer Service C:\Program Files\HPQ\SHARED\HPQWMI.exe (hpqwmi Module/Hewlett-Packard Development Company, L.P.) [MANUAL] hpqwmi Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412 Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12 Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12 Service C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys (HSFHWICH WDM driver/Conexant Systems, Inc.) [MANUAL] HSFHWICH Service C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DP Service C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Graphics Miniport Driver/Intel Corporation) [MANUAL] ialm Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module/Apple Inc.) [MANUAL] iPod Service Service C:\DOCUME~1\J\LOCALS~1\Temp\mc23.tmp [DISABLED] mchInjDrv Service C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface DRIVER/Conexant) [AUTO] mdmxsdk Service Outlook Service System32\Drivers\Pcouffin.sys [MANUAL] Pcouffin Service C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) [MANUAL] Pml Driver HPZ12 Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20 Service C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys (Realtek 10/100/1000 NDIS 5.1 Driver /Realtek Semiconductor Corporation ) [MANUAL] RTL8023xp Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] Secdrv Service C:\WINDOWS\system32\DRIVERS\smcirda.sys (SMC IrCC NDIS 5.0 IrDA FIR Device Driver/SMC) [MANUAL] SMCIRDA Service C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) [MANUAL] SynTP Service C:\WINDOWS\system32\drivers\tifm21.sys (tifm21.sys/Texas Instruments) [MANUAL] tifm21 Service C:\WINDOWS\system32\drivers\tmcomm.sys (TrendMicro Common Module/Trend Micro Inc.) [AUTO] tmcomm Service C:\WINDOWS\system32\DRIVERS\w29n51.sys (Intel® Wireless LAN Driver/Intel® Corporation) [MANUAL] w29n51 Service C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf ---- EOF - GMER 1.0.14 ----

Cretemonster	Jun 26 2008, 02:40 AM Post #27
Guests	Need ya to do me a favor,so i can have a small piece of mind that the system files havent been tampered with. Go to http://www.virustotal.com and scan each of the following: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe Hopefully each will scan completely clean but if any one doesnt,please copy those scan results to notepad and post them in the next reply,if all scan clean,just post back and let me know.

gloryfalls12 View Member Profile	Jun 26 2008, 05:45 AM Post #28
Member Group: Members Posts: 97 Joined: 7-June 08 Member No.: 214,894	all of those seemed to have checked out just fine, however i have been getting virus messages from avg as of late...here is a log of the stuff it has been telling me Resident Shield detection "Infection" "Object" "Result" "Detection time" "Object Type" "Process" "Trojan horse BackDoor.Agent.SXA" "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0027617.sys" "Moved to Virus Vault" "6/25/2008, 9:59:46 PM" "file" "C:\WINDOWS\System32\svchost.exe" "Adware Generic.NTR" "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0027581.dll" "Moved to Virus Vault" "6/25/2008, 8:58:08 PM" "file" "C:\WINDOWS\System32\svchost.exe" "Adware Generic.NTR" "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0027581.dll" "Moved to Virus Vault" "6/25/2008, 7:59:00 PM" "file" "C:\WINDOWS\System32\svchost.exe" "Virus found Win32/Heur" "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP838\A0026768.exe" "Moved to Virus Vault" "6/25/2008, 6:52:33 PM" "file" "C:\WINDOWS\System32\svchost.exe" "Virus found Win32/Heur" "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP838\A0026768.exe" "Moved to Virus Vault" "6/25/2008, 6:42:13 PM" "file" "C:\WINDOWS\System32\svchost.exe" "Adware Generic2.ACQG" "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP838\A0026767.dll" "Moved to Virus Vault" "6/25/2008, 4:02:14 AM" "file" "C:\WINDOWS\System32\svchost.exe" "Virus identified JS/Psyme.NG" "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP838\A0026752.exe" "Moved to Virus Vault" "6/25/2008, 3:09:57 AM" "file" "C:\WINDOWS\System32\svchost.exe" "Trojan horse Downloader.Generic7.SVE" "C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP845\A0027618.exe" "Moved to Virus Vault" "6/25/2008, 10:59:15 PM" "file" "C:\WINDOWS\System32\svchost.exe"

Cretemonster	Jun 27 2008, 02:47 PM Post #29
Guests	Im wondering if you can uninstall SpySweeper temporarily and reboot then let the system load normal,Now we need to reset System Restore and Clear out all the old infected restore points. Click Start Right-Click "My Computer" and Select Properties. Click on the "System Restore" tab. Place a checkmark in the box for "Turn off System Restore" and Click "Apply." Restart the Computer. Return to System Restore and Uncheck the box for "Turn off System Restore" and Click "Apply." A fresh Restore Point will be created. Reboot once more,Then scan with AVG and lets see what happens. This post has been edited by Cretemonster: Jun 27 2008, 03:00 PM

gloryfalls12 View Member Profile	Jun 29 2008, 01:39 PM Post #30
Member Group: Members Posts: 97 Joined: 7-June 08 Member No.: 214,894	AVG found just a few things. "Scan ""Scan whole computer"" was finished." "Infections found:";"3" "Infected objects removed or healed";"3" "Not removed or healed.";"0" "Spyware found:";"0" "Spyware removed:";"0" "Not removed:";"0" "Warnings count:";"165" "Information count:";"0" "Scan started:";"Sunday, June 29, 2008, 5:37:44 AM" "Total object scanned:";"643735" "Time needed:";"2 hour(s) 10 minute(s) 42 second(s) " "Errors encountered:";"0" "Infections" "File";"Infection";"Result" "C:\QooBox\Quarantine\catchme2008-06-16_ 31507.07.zip:\clbdriver.sys";"Trojan horse BackDoor.Agent.SXA";"Moved to Virus Vault" "C:\QooBox\Quarantine\catchme2008-06-16_ 31507.07.zip:\clbdll.dll";"Trojan horse BackDoor.Generic9.AVLI";"Moved to Virus Vault" "C:\QooBox\Quarantine\catchme2008-06-16_ 31507.07.zip";"Trojan horse BackDoor.Agent.SXA";"Moved to Virus Vault"

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides