Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help With Set The Trend Virus


  • Please log in to reply
1 reply to this topic

#1 rmh0530

rmh0530

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 26 February 2008 - 11:01 PM

I keep getting the pop up SET THE TREND. I ran COMBOFIX. It said to post my problem here. Now what do I do. Here is my log file it said to copy and paste. HELP HELP HELP.

ComboFix 08-02-25.3 - HP_Administrator 2008-02-26 21:45:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.382 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\1ZJSFYLW\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware347
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\jokesearch.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\buttons\pranks.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware347\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware347\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware347\EntertainmentMarketingSP\images\active\EntertainmentMarketingSP0.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\Games\images\active\Games0.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\Movies\images\active\Movies0.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware347\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts\Data\HP_Administrator\avatar.dat
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts\Data\HP_Administrator\register.dat
C:\Documents and Settings\HP_Administrator\Application Data\Starware347
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Configurator\Configurator.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Configurator\Configurator.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Games\GamesOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Games\GamesOptions.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Layouts\PitchLayout.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Layouts\PitchLayout.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Layouts\ToolbarLayout.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Manager\ManagerOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Movies\MoviesOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Pranks\PranksOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\HP_Administrator\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml.backup
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\043E2BFF.urr
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CheckersAIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\ChessAIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\NoSettingAIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\ReversiAIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\bak\mwsoemon.exe
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm
C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Program Files\MyWebSearch\bar\Cache\00014A23
C:\Program Files\MyWebSearch\bar\Cache\04A329E1.bin
C:\Program Files\MyWebSearch\bar\Cache\04A32A9C.bin
C:\Program Files\MyWebSearch\bar\Cache\04A32B29.bin
C:\Program Files\MyWebSearch\bar\Cache\064CB99A
C:\Program Files\MyWebSearch\bar\Cache\064CCBFA.bin
C:\Program Files\MyWebSearch\bar\Cache\0F540CD2.bin
C:\Program Files\MyWebSearch\bar\Cache\0F540DDC.bin
C:\Program Files\MyWebSearch\bar\Cache\0F540E78.bin
C:\Program Files\MyWebSearch\bar\Cache\0F540EF5.bin
C:\Program Files\MyWebSearch\bar\Cache\0F540FE0.bin
C:\Program Files\MyWebSearch\bar\Cache\0F54106C.bin
C:\Program Files\MyWebSearch\bar\Cache\0F5410F9.bin
C:\Program Files\MyWebSearch\bar\Cache\0F92C373.bin
C:\Program Files\MyWebSearch\bar\Cache\0F92C42E.bin
C:\Program Files\MyWebSearch\bar\Cache\0F92C4BB.bin
C:\Program Files\MyWebSearch\bar\Cache\0F92C557.bin
C:\Program Files\MyWebSearch\bar\Cache\10EF768A.bin
C:\Program Files\MyWebSearch\bar\Cache\13DD0E6A.bin
C:\Program Files\MyWebSearch\bar\Cache\182BEB3D
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\matrix.dat
C:\WINDOWS\hosts
C:\WINDOWS\system32\f3PSSavr.scr
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SVCHOST
-------\msdirectx
-------\SVCHOST


((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-24 20:47 . 2008-02-24 20:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-02-24 15:24 . 2008-02-24 16:32 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-24 14:57 . 2008-02-24 14:58 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SpywareStop
2008-02-20 20:44 . 2008-02-20 20:44 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-20 20:44 . 2008-02-26 19:20 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AVG7
2008-02-20 20:44 . 2008-02-20 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-20 20:44 . 2008-02-20 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-07 18:25 . 2008-02-07 18:57 <DIR> d-------- C:\WPORTAL
2008-02-07 18:25 . 2004-10-05 23:35 766 --a------ C:\WINDOWS\system32\uninstall.ico
2008-02-07 18:24 . 2008-02-07 18:24 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 02:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-27 02:37 --------- d-----w C:\Program Files\BrowsingEnhancer
2008-02-27 00:14 --------- d-----w C:\Program Files\WildTangent
2008-02-26 23:46 --------- d-----w C:\Program Files\Microsoft Works
2008-02-26 23:30 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-02-26 16:29 --------- d-----w C:\Program Files\McAfee
2008-02-24 21:35 --------- d-----w C:\Program Files\Coupons
2008-02-20 21:20 --------- d-----w C:\Program Files\ComcastToolbar
2008-02-07 23:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-06 14:51 171,400 ----a-w C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-26 02:23 --------- d-----w C:\Program Files\PlayMP3z
2008-01-07 21:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-08-29 00:36 1,498 -c--a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2006-02-09 22:07 251 -c--a-w C:\Program Files\wt3d.ini
2005-10-02 03:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 278,528 2006-02-23 20:45:20 C:\Documents and Settings\HP_Administrator\My Documents\My Music\dan\bak\iTunesHelper.exe

----a-w 253,952 2004-10-14 20:54:32 C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe

-c--a-w 63,712 2007-03-09 15:09:58 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

----a-w 1,192,897 2006-08-13 23:41:22 C:\Program Files\Atir\bak\csrss.exe

-c--a-w 159,832 2005-08-02 19:33:02 C:\Program Files\Common Files\AOL\1127690895\ee\bak\AOLHostManager.exe

-c--a-w 180,269 2005-06-03 05:14:39 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 59,040 2006-04-13 17:20:52 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe

-c--a-w 68,856 2007-05-21 09:19:36 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

----a-w 245,760 2005-02-26 05:34:02 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe

-c--a-w 49,263 2006-11-09 20:07:30 C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe

-c--a-w 1,694,208 2004-10-13 23:24:38 C:\Program Files\Messenger\bak\msmsgs.exe

----a-w 155,648 2006-03-17 00:22:27 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 28,672 2006-07-17 04:30:17 C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\bak\mwsoemon.exe.vir

----a-w 59,392 2004-08-10 18:04:42 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 59,392 2004-08-10 18:04:42 C:\WINDOWS\ehome\ehtray.exe

----a-w 15,360 2004-08-10 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-10 12:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 126,976 2004-12-01 17:55:30 C:\WINDOWS\system32\bak\hkcmd.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}]
2007-12-26 18:32 1019904 --a------ C:\Program Files\BrowsingEnhancer\BrowsingEnhancer-2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"atir"="c:\program files\atir\bak\csrss.exe" [2006-08-13 18:41 1192897]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 13:04 59392]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 01:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [ ]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1127690895\ee\AOLHostManager.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [ ]
"iTunesHelper"="C:\Documents and Settings\HP_Administrator\My Documents\My Music\dan\iTunesHelper.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-10 07:00 143360]
"atir"="c:\program files\atir\bak\csrss.exe" [2006-08-13 18:41 1192897]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-20 20:49 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-20 20:44 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-03 16:31:50 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 04:28:24 258048]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pushow87.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\AOL\\1127690895\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32"=
"C:\\Documents and Settings\\HP_Administrator\\My Documents\\My Music\\dan\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2005-12-27 14:17]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b16ac69-8f60-11da-b3ff-0013d45d3475}]
\Shell\AutoRun\command - L:\.pspware\PSPWareLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f27a79a4-8c7a-11da-b3fe-0013d45d3475}]
\Shell\AutoRun\command - L:\.pspware\PSPWareLauncher.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 06:30:11 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 06:00:06 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-02-26 08:00:01 C:\WINDOWS\Tasks\SpywareStop Scheduled Scan.job"
- C:\Program Files\SpywareStop\SpywareStop.ex
- C:\Program Files\SpywareStop
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 21:51:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\mstunkern.dll

PROCESS: C:\program files\atir\bak\csrss.exe [2.07.0000.0392]
-> C:\WINDOWS\system32\mstunkern.dll

PROCESS: C:\program files\atir\bak\csrss.exe [2.07.0000.0392]
-> C:\WINDOWS\system32\mstunkern.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-26 22:47:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-27 03:47:17
.
2008-02-13 08:03:39 --- E O F ---

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:56 PM

Posted 27 February 2008 - 11:58 AM

I ran COMBOFIX. It said to post my problem here


You should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

Further, the instructions say to copy and paste the CF log file along with a HijackThis log into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install the current version of HJT in the proper location.) If using Windows Vista, be sure to Run As Administrator.

When you have done that, post your log as instructed. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users