Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Fast!


  • This topic is locked This topic is locked
1 reply to this topic

#1 marklafan

marklafan

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 12 November 2007 - 11:59 AM

am getting virus report and malware/spyware reports poping up in my system tray with the yellow triangle sign. Also have the security 7.1 tool bar in my explorer windows and popups to download spyware removers. i have run my spyware and malware removers with no luck. following is my hijackthis and combofix logs. please help

HIJACK-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:29 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\Program Files\Sprint\Pantech\Sprint PCS Connection Manager\PWIUtilityService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\limewire\limewire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vmxzdqei.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: Sprint PCS Connection Manager (3).lnk = C:\Program Files\Sprint\Pantech\Sprint PCS Connection Manager\CMPWI.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/...erInstaller.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UkVHU1VQUE9SVA\command.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: Pantech Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Pantech\Sprint PCS Connection Manager\PWIUtilityService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6630 bytes






COMBO

ComboFix 07-11-08.3 - mglogowski 2007-11-11 21:16:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.560 [GMT -8:00]
Running from: C:\Documents and Settings\mglogowski\My Documents\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\mglogowski\Desktop\Live Safety Center.lnk
C:\Documents and Settings\mglogowski\Desktop\Online Security Guide.lnk
C:\Documents and Settings\mglogowski\Favorites\Online Security Guide.lnk
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\sstqn.dll
C:\WINDOWS\system32\vmxzdqei.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService


((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
.

2007-11-11 21:11 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 21:07 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-11 20:20 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-11 20:20 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-11 20:20 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-11 20:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-11 20:20 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-11 20:20 3,416 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 16:42 79,936 --a------ C:\WINDOWS\system32\tgknmfiy.dll
2007-11-11 14:24 145,984 --a------ C:\WINDOWS\system32\yukfkoac.dll
2007-11-11 14:24 145,984 --a------ C:\WINDOWS\system32\vmxzdqei.dll
2007-11-11 13:38 <DIR> d--hs---- C:\WINDOWS\UkVHU1VQUE9SVA
2007-11-10 08:11 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-10 08:09 <DIR> d-------- C:\Program Files\LimeWire
2007-11-10 08:08 36,352 --a------ C:\WINDOWS\system32\ssqomkl.dll
2007-11-10 08:08 134 --a------ C:\n.bat
2007-11-10 08:08 0 --a------ C:\x.dat
2007-11-10 08:07 172,032 --a------ C:\winlogon.exe
2007-11-10 08:07 850 --a------ C:\Documents and Settings\mglogowski\z.dat
2007-11-10 08:07 0 --a------ C:\z.dat
2007-11-10 08:07 0 --a------ C:\Documents and Settings\mglogowski\x.dat
2007-11-05 11:54 <DIR> d-------- C:\WAR2
2007-10-29 19:08 <DIR> d-------- C:\Program Files\Stardock
2007-10-29 19:08 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-10-29 19:08 163,584 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2007-10-26 20:09 2,360 --a------ C:\cc_20071026_2109.reg
2007-10-24 06:09 <DIR> d-------- C:\Program Files\USL
2007-10-22 04:27 <DIR> d-------- C:\Program Files\Socket Communications, Inc
2007-10-19 17:54 <DIR> d-------- C:\Documents and Settings\mglogowski\Application Data\Atari
2007-10-19 17:53 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-19 17:52 <DIR> d-------- C:\Documents and Settings\mglogowski\Application Data\Leadertech
2007-10-18 18:31 <DIR> d-------- C:\Program Files\Google
2007-10-17 09:23 10,752 --a------ C:\WINDOWS\system32\WhoisCL.exe
2007-10-17 06:37 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2007-10-17 06:36 299,464 --a------ C:\WINDOWS\system32\drivers\windrvr6.sys
2007-10-13 23:06 35,641 --a------ C:\cc_20071014_0006.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 04:53 --------- d-----w C:\Documents and Settings\mglogowski\Application Data\LimeWire
2007-11-12 04:48 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-10 16:11 278,548 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-11-10 16:06 278,547 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-11-10 03:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-08 22:57 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-10-17 14:36 --------- d-----w C:\Program Files\Dolby Laboratories Inc
2007-10-17 14:36 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-11 18:51 --------- d-----w C:\Program Files\Projector User Supportware
2007-09-20 19:21 381 ----a-w C:\cc_20070920_1221.reg
2007-09-15 12:28 --------- d-----w C:\Documents and Settings\mglogowski\Application Data\Kensington
2007-09-14 19:56 --------- d-----w C:\Program Files\Kensington
2007-09-14 18:16 33,423 ----a-w C:\cc_20070914_1116.reg
2007-09-13 14:23 --------- d-----w C:\Program Files\SensorsViewPro31
2007-09-13 02:19 --------- d-----w C:\Documents and Settings\mglogowski\Application Data\BinarySense
2007-09-12 22:29 --------- d-----w C:\Program Files\Sprint(2)
2007-09-12 22:29 --------- d-----w C:\Program Files\Sprint
2007-09-12 22:29 --------- d-----w C:\Program Files\Security Task Manager
2007-09-12 22:29 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
2007-09-12 21:17 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sprint Mobile Broadband (Pantech)
2007-08-30 23:09 2,273 ----a-w C:\cc_20070830_1609.reg
2007-08-24 15:23 312 ----a-w C:\cc_20070824_0823.reg
2007-08-19 12:30 36,104 ----a-w C:\cc_20070813_0614.reg
2007-08-12 16:42 98,306 ----a-w C:\cc_20070430_0753.reg
2007-05-10 04:30 673,370 -c--a-w C:\Program Files\DelayedShutdownSetup.exe
2006-02-19 10:28 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
2004-09-17 06:51 879,616 -c--a-w C:\Program Files\Ad-Aware.exe
2005-07-30 00:24:26 472 --sha-r C:\WINDOWS\UkVHU1VQUE9SVA\o4pJoYpkoH6mpE.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
2007-11-10 08:08 36352 --a------ C:\WINDOWS\system32\ssqomkl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-11 14:24 145984 --a------ C:\WINDOWS\system32\vmxzdqei.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d7229d9c-5b63-439b-aafb-2d58526bb000}]
2007-11-11 16:42 79936 --a------ C:\WINDOWS\system32\tgknmfiy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vmxzdqei.dll [2007-11-11 14:24 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-06-20 03:51]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 03:50]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-25 02:32]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 10:19]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 06:12 C:\WINDOWS\AGRSMMSG.exe]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-25 02:32]
"kmw_run.exe"="kmw_run.exe" [2005-09-01 09:43 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 17:58]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 15:21]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 13:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 13:30]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-11-10 08:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:56]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 12:39]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-09-10 06:03]

C:\Documents and Settings\mglogowski\Start Menu\Programs\Startup\
Sprint PCS Connection Manager (3).lnk - C:\Program Files\Sprint\Pantech\Sprint PCS Connection Manager\CMPWI.exe [2006-10-18 12:12:15]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-05-04 11:39:42]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\ssqomkl.dll [2007-11-10 08:08 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-07-13 18:14 24673 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqomkl]
ssqomkl.dll 2007-11-10 08:08 36352 C:\WINDOWS\system32\ssqomkl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vmxzdqei]
vmxzdqei.dll 2007-11-11 14:24 145984 C:\WINDOWS\system32\vmxzdqei.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstqn.dll

R2 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys
R2 sensorsview;sensorsview;\??\C:\WINDOWS\system32\drivers\sensorsview.sys
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys
S3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys
S3 pxfhbus;PANTECH PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pxfhbus.sys
S3 pxfhmdfl;PANTECH PC Card Filter;C:\WINDOWS\system32\DRIVERS\pxfhmdfl.sys
S3 pxfhmdm;PANTECH PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pxfhmdm.sys
S3 pxfhserd;PANTECH PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pxfhserd.sys
S3 U2SP;USB to Serial Converter Driver(Philips);C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b566993-f298-11db-a490-00166f77d1b7}]
\Shell\AutoRun\command - E:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-15 22:30:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-12 05:30:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A99B1664-4275-4E48-99D9-43B654D6D7C0}.job"
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 21:28:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 21:32:07 - machine was rebooted
.
--- E O F ---

BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:06:37 PM

Posted 12 November 2007 - 01:22 PM

Hello marklafan, you are being helped HERE please don't open any new topics and wait for your helper to reply to you.

Topic closed.
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users