Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major Problems! Several Programs Wont Work Anymore


  • Please log in to reply
1 reply to this topic

#1 golftec

golftec

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 12 February 2008 - 11:42 PM

Tried everything, Adaware, spybot, Kaspersky labs - found nothing. Here are the HJT and Combofix logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:32:25 PM, on 2008/02/12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iBurst Dashboard V2\DashboardLauncher.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\iBurst\iBurst_UTL.EXE
C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\customer\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Spark] C:\Program Files\waMessenger\Spark.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dashboard Launcher.lnk = ?
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: iBurst_Modem UTL.lnk = ?
O4 - Global Startup: iBurst_Terminal UTL.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Silver Sands Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Silver Sands Poker\GameClient.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...OCX/flashax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (file missing)
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7311 bytes


ComboFix 08-02-12.3 - customer 2008-02-12 19:19:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.161 [GMT 2:00]
Running from: C:\Documents and Settings\customer\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\customer\Application Data\AntiSpywareBot
C:\Documents and Settings\customer\Application Data\AntiSpywareBot\Log\2008 Jan 17 - 07_08_30 AM_906.log
C:\Documents and Settings\customer\Application Data\AntiSpywareBot\Log\2008 Jan 17 - 07_08_50 AM_921.log
C:\Documents and Settings\customer\Application Data\AntiSpywareBot\Log\2008 Jan 17 - 07_08_53 AM_437.log
C:\Documents and Settings\customer\Application Data\AntiSpywareBot\Log\2008 Jan 17 - 07_08_54 AM_375.log
C:\Documents and Settings\customer\Application Data\AntiSpywareBot\rs.dat
C:\Documents and Settings\customer\Application Data\AntiSpywareBot\Settings\ScanResults.pie
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\_000111_.tmp.dll
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-06 13:48 . 2008-02-06 13:48 <DIR> d-------- C:\WINDOWS\Twain32
2008-02-06 03:46 . 2008-02-12 12:40 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-02-01 08:37 . 2008-02-01 08:38 <DIR> d-------- C:\Program Files\IBP 9
2008-01-27 10:03 . 2008-01-27 10:04 <DIR> d-------- C:\Documents and Settings\customer\Spark
2008-01-24 06:30 . 2008-01-24 06:30 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-18 07:44 . 2008-01-18 07:44 52,940 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-17 21:35 . 2008-01-31 18:50 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-17 21:35 . 2008-01-17 21:35 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-17 21:34 . 2008-01-17 21:34 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-17 21:34 . 2008-02-12 19:26 6,691,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-17 21:34 . 2008-02-12 19:23 481,056 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-17 21:34 . 2008-02-12 19:22 90,644 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-17 21:34 . 2008-02-12 19:22 46,148 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-17 20:58 . 2008-01-17 20:58 <DIR> d-------- C:\Program Files\doc
2008-01-17 19:59 . 2008-01-17 19:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-17 19:59 . 2008-02-12 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-14 06:58 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-14 06:58 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-14 06:57 . 2008-01-18 08:34 <DIR> d-------- C:\Program Files\Picasa2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 15:47 --------- d-----w C:\Program Files\Lx_cats
2008-02-11 18:55 --------- d-----w C:\Program Files\PokerStars.NET
2008-02-07 14:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 10:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-04 07:48 --------- d-----w C:\Documents and Settings\customer\Application Data\IBP
2008-02-02 18:12 --------- d-----w C:\Program Files\Clean Disk Security
2008-02-02 12:53 --------- d-----w C:\Documents and Settings\customer\Application Data\Skype
2008-02-01 06:20 --------- d-----w C:\Program Files\DAP
2008-02-01 06:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-30 13:03 --------- d-----w C:\Documents and Settings\customer\Application Data\AdobeUM
2008-01-21 10:50 --------- d-----w C:\Program Files\PartyGaming.Net
2008-01-19 00:33 --------- d-----w C:\Documents and Settings\Guest\Application Data\Skype
2008-01-18 06:05 --------- d-----w C:\Program Files\Evrsoft First Page 2006
2008-01-18 06:04 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-18 05:36 --------- d-----w C:\Program Files\Hp
2008-01-01 06:52 --------- d-----w C:\Program Files\e-Sword
2007-12-30 08:57 --------- d-----w C:\Program Files\IrfanView
2007-12-20 20:23 72,264 ----a-w C:\Program Files\setup.exe
2007-12-20 20:22 28,877,824 ----a-w C:\Program Files\kav.en.msi
2007-12-19 06:54 213,023 ----a-w C:\Program Files\Common Files\qls-3.1.6.tar.gz
2007-12-18 19:16 --------- d-----w C:\Documents and Settings\customer\Application Data\Microgaming
2007-12-18 16:50 --------- d-----w C:\Documents and Settings\customer\Application Data\TransRender
2007-12-18 16:48 --------- d-----w C:\Documents and Settings\customer\Application Data\Temporary
2007-12-18 16:45 --------- d-----w C:\Documents and Settings\customer\Application Data\ConvertTemp
2007-12-17 22:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-17 22:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-17 15:23 74,124 ----a-w C:\Program Files\release_notes_kav7.0mp1_en.html
2007-12-14 17:14 --------- d-----w C:\Documents and Settings\customer\Application Data\Samsung
2007-12-14 17:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 17:09 --------- d-----w C:\Program Files\Samsung
2007-12-13 11:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-12-07 09:37 375,576 ----a-w C:\Program Files\Common Files\alternatiff-1_8_3.exe
2007-12-06 05:18 7,345,552 ----a-w C:\Program Files\Common Files\PokerStarsInstallPM.exe
2007-11-23 04:22 31,939,072 ----a-w C:\Program Files\Common Files\iBurstInstallV2.exe
2007-11-23 04:11 2,420,630 ----a-w C:\Program Files\Common Files\UTC Windows.zip
2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-10-15 11:35 186,880 ----a-w C:\Program Files\Common Files\LSPFix.exe
2007-09-25 12:02 3,673,600 ----a-w C:\Program Files\Common Files\sitegwi.exe
2007-09-16 07:54 13,411,824 ----a-w C:\Program Files\Common Files\Google_Earth_BZXV.exe
2007-08-02 14:53 536 ----a-w C:\Program Files\setup.reg
2006-12-18 07:20 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-06-25 16:13 0 ----a-w C:\Documents and Settings\customer\Application Data\wklnhst.dat
2005-02-16 09:06 218,112 ----a-w C:\Program Files\HijackThis.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:00 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"IBP"="" []
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]
"Spark"="C:\Program Files\waMessenger\Spark.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.2"="C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 22:36 107008]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 06:55 176128]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2005-07-08 06:55 491520]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 19:47 73728]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-18 11:07 185896]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43 227856]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 10:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-08-16 11:56:00 577597]
Dashboard Launcher.lnk - C:\WINDOWS\Installer\{797E599D-F9F7-4CA9-8323-79BA07E20CFD}\Icon797E599D.exe [2007-11-23 06:31:54 8192]
eFax 4.2.lnk - C:\Program Files\eFax Messenger 4.2\J2GTray.exe [2006-09-12 12:55:08 612352]
iBurst_Modem UTL.lnk - C:\Program Files\iBurst\iBurst_UTL.EXE [2006-09-15 09:05:44 311296]
iBurst_Terminal UTL.lnk - C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.EXE [2007-11-23 06:32:20 311296]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-04-13 12:12 88209 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2005-02-08 18:38 159744 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2005-03-30 00:45 233534 C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2005-12-07 20:56 409600 C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 09:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2005-11-16 18:30 503808 C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-07-19 13:06 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-07-19 13:10 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-07-19 13:09 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
c:\Program Files\Norton Internet Security\cfgwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2005-12-12 21:39 94208 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
--------- 2005-10-11 20:23 1187840 C:\Windows\SMINST\RecGuard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-08-06 18:27 860160 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 19:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 23:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
--a------ 2005-03-29 03:24 28616 C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe

R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-08-15 08:26]
R3 iBcT0201;iBurst Modem Type02-01;C:\WINDOWS\system32\DRIVERS\iBcT0201.sys [2006-04-05 03:39]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
S2 pciinfo;HP Pci Information;C:\DOCUME~1\customer\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []
S3 6be50cd7-b036-4248-bde6-209c910460f4;6be50cd7-b036-4248-bde6-209c910460f4;E:\Player\cds300.dll []
S3 iBurst;iBurst Modem;C:\WINDOWS\system32\DRIVERS\iBurst.sys [2006-04-05 03:39]
S3 iBurstu;iBurst Terminal;C:\WINDOWS\system32\DRIVERS\iBurstu.sys [2006-03-29 03:25]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

.
Contents of the 'Scheduled Tasks' folder
"2006-09-09 00:52:10 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"
"2008-02-12 16:26:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 19:25:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\customer\LOCALS~1\Temp\catchme.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\iBurst Dashboard V2\DashboardLauncher.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2008-02-12 19:28:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 17:27:57
.
2008-01-10 14:29:05 --- E O F ---

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 23 February 2008 - 05:02 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are extremely busy.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you have not followed the info in the link below prior to posting your log then please do so now:
Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

*Note*
Post all reports/logs directly into this topic,not as attachments or inside code boxes,thanks.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users