Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Wallpaper Displaying Warning!...


  • This topic is locked This topic is locked
2 replies to this topic

#1 cimhera

cimhera

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 05 March 2008 - 02:10 AM

Please find the combofix.txt
After a restart, the issue seems to be rectified; but in about 2 mins after browsing; the blue wallpaper returns with a windows security icon in the taskbar.

ComboFix 08-03-04.5 - user 2008-03-04 22:51:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.523 [GMT -8:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.

2008-03-04 20:05 . 2008-03-04 20:05 16,436 --a------ C:\Program Files\tmp35718.exe
2008-03-04 19:17 . 2008-03-04 19:17 16,616 --a------ C:\Program Files\tmp27828.exe
2008-03-04 17:39 . 2008-03-04 17:39 16,464 --a------ C:\Program Files\tmp27609.exe
2008-03-04 08:29 . 2008-03-04 08:29 16,520 --a------ C:\Program Files\tmp31546.exe
2008-03-03 23:16 . 2008-03-03 23:16 16,504 --a------ C:\Program Files\tmp381500.exe
2008-03-03 22:23 . 2008-03-03 22:23 16,588 --a------ C:\Program Files\tmp32078.exe
2008-03-03 21:54 . 2008-03-03 21:54 <DIR> d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-03-03 21:53 . 2008-03-03 21:53 16,608 --a------ C:\Program Files\tmp90671.exe
2008-03-03 21:30 . 2008-03-03 21:30 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-03 21:30 . 2008-03-03 21:30 <DIR> d-------- C:\Documents and Settings\satish\Application Data\SUPERAntiSpyware.com
2008-03-03 21:30 . 2008-03-03 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-03 21:30 . 2008-03-03 21:30 16,604 --a------ C:\Program Files\tmp33031.exe
2008-03-03 21:18 . 2008-03-03 21:18 16,588 --a------ C:\Program Files\tmp204359.exe
2008-03-03 21:12 . 2008-03-03 21:12 <DIR> d-------- C:\Documents and Settings\satish\Application Data\Yahoo!
2008-03-03 20:43 . 2008-03-03 20:43 16,468 --a------ C:\Program Files\tmp31171.exe
2008-03-03 18:35 . 2008-03-03 18:35 16,600 --a------ C:\Program Files\tmp612000.exe
2008-03-03 18:25 . 2008-03-03 18:25 16,472 --a------ C:\Program Files\tmp47421.exe
2008-03-03 18:15 . 2008-03-03 18:15 16,604 --a------ C:\Program Files\tmp71578.exe
2008-03-03 18:10 . 2008-03-03 18:10 5,914,648 --a------ C:\SUPERAntiSpyware.exe
2008-03-03 18:06 . 2008-03-03 18:06 6,291,992 --a------ C:\SUPERAntiSpywarePro.exe
2008-03-03 17:57 . 2008-03-03 17:57 16,620 --a------ C:\Program Files\tmp38359.exe
2008-03-03 17:49 . 2008-03-03 18:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-02 21:44 . 2008-03-02 21:44 <DIR> d-------- C:\Documents and Settings\user\report
2008-03-02 19:59 . 2008-03-02 19:59 1,392 --a------ C:\Program Files\tmp1350546.exe
2008-03-02 17:11 . 2008-03-02 17:11 1,392 --a------ C:\Program Files\tmp40750.exe
2008-03-02 16:52 . 2008-03-03 18:21 <DIR> d-------- C:\Program Files\AntiSpyKit 5.3
2008-03-02 16:52 . 2008-03-03 18:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 16:35 . 2008-03-02 16:35 1,392 --a------ C:\Program Files\tmp31093.exe
2008-03-02 16:26 . 2008-03-02 16:26 <DIR> d-------- C:\Program Files\MediaEldoradoCodec
2008-03-02 16:26 . 2008-03-02 14:10 339,968 --a------ C:\WINDOWS\btrklfr.dll
2008-03-02 16:26 . 2008-03-02 14:10 315,392 --a------ C:\WINDOWS\apdqnxp.dll
2008-03-02 16:26 . 2008-03-02 14:10 81,920 --a------ C:\WINDOWS\fqspogw.exe
2008-03-02 16:26 . 2008-03-02 16:26 35,536 --a------ C:\Program Files\instaler.exe
2008-03-02 16:26 . 2008-03-02 16:26 16,596 --a------ C:\Program Files\tmp2592812.exe
2008-03-02 16:24 . 2008-03-04 22:45 3,072,054 --a------ C:\WINDOWS\mywallpaper.bmp
2008-03-02 16:19 . 2008-03-02 16:19 35,840 --a------ C:\WINDOWS\sysockeu.exe
2008-03-02 16:19 . 2008-03-02 16:19 32,256 --a------ C:\WINDOWS\sysodkcs.exe
2008-03-02 16:19 . 2008-03-02 16:19 28,672 --a------ C:\WINDOWS\sysokuaw.exe
2008-03-02 16:19 . 2008-03-02 16:19 25,088 --a------ C:\WINDOWS\sysoghcx.exe
2008-03-02 16:19 . 2008-03-02 16:19 20,992 --a------ C:\WINDOWS\sysounrk.exe
2008-03-02 16:19 . 2008-03-02 16:19 3,072 --a------ C:\WINDOWS\ftebh.exe
2008-03-02 16:19 . 2008-03-02 16:19 1,855 --a------ C:\WINDOWS\config.ini
2008-03-02 16:19 . 2008-03-02 16:19 1,409 --a------ C:\WINDOWS\fbdzj.exe
2008-03-02 16:19 . 2008-03-02 16:19 1,272 --a------ C:\WINDOWS\fzmxg.dll
2008-03-02 15:22 . 2008-03-03 21:51 <DIR> d-------- C:\Program Files\NetProject
2008-03-01 22:48 . 2008-03-01 22:49 9,216 --a------ C:\MyGraph.grf
2008-02-29 18:48 . 2008-02-29 18:48 <DIR> d-------- C:\Documents and Settings\user\Application Data\skypePM
2008-02-29 18:48 . 2008-02-29 18:48 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-29 18:46 . 2008-03-04 22:36 <DIR> d-------- C:\Program Files\Skype
2008-02-29 18:46 . 2008-02-29 18:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-28 18:30 . 2008-02-28 18:30 <DIR> d-------- C:\Documents and Settings\user\WINDOWS
2008-02-28 18:30 . 1998-01-23 12:22 304,128 --a------ C:\WINDOWS\IsUninst.exe
2008-02-28 18:30 . 1998-11-30 19:25 183,808 --a------ C:\WINDOWS\system\qmdx.dll
2008-02-28 18:15 . 2008-02-28 18:23 <DIR> d-------- C:\Program Files\ITC
2008-02-23 16:10 . 2008-02-23 16:10 14 --a------ C:\WINDOWS\system32\SysEngineDrive1.sys
2008-02-23 16:07 . 2008-02-23 16:07 <DIR> d-------- C:\Program Files\BlazeVideo
2008-02-23 16:07 . 2005-12-01 14:31 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-02-23 16:07 . 2004-08-04 00:56 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2008-02-23 16:07 . 2004-08-04 00:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-02-23 16:07 . 2004-08-04 00:56 56,832 --a------ C:\WINDOWS\system32\msdvbnp.ax
2008-02-23 16:07 . 2004-08-04 00:56 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-02-23 16:07 . 2004-08-04 00:56 33,280 --a------ C:\WINDOWS\system32\psisrndr.ax
2008-02-23 16:07 . 2004-08-04 00:56 33,280 --a--c--- C:\WINDOWS\system32\dllcache\psisrndr.ax
2008-02-23 11:49 . 2008-02-23 11:49 0 --a------ C:\WINDOWS\webica.ini
2008-02-23 11:47 . 2008-02-23 12:06 <DIR> d-------- C:\Documents and Settings\user\Application Data\ICAClient
2008-02-23 11:46 . 2008-02-23 11:46 <DIR> d-------- C:\WINDOWS\system32\Resource
2008-02-23 11:46 . 2008-02-23 11:46 <DIR> d-------- C:\Program Files\Citrix
2008-02-21 23:33 . 2008-02-21 23:43 <DIR> d-------- C:\Program Files\TVUPlayer
2008-02-21 23:27 . 2008-02-21 23:43 <DIR> d-------- C:\Documents and Settings\user\Application Data\TVU Networks
2008-02-21 23:27 . 2008-02-21 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-02-21 20:35 . 2008-02-21 20:35 <DIR> d-------- C:\Program Files\Real
2008-02-21 20:35 . 2008-02-21 20:35 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-02-21 20:35 . 2008-02-21 20:35 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-21 20:35 . 2008-02-21 20:35 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-21 20:35 . 2008-02-21 20:35 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-02-21 19:17 . 2008-02-21 19:17 <DIR> d-------- C:\Documents and Settings\user\Application Data\Yahoo!
2008-02-21 19:16 . 2008-02-21 19:16 182 --a------ C:\Internet Radio on Yahoo! Music.url
2008-02-21 19:16 . 2008-02-21 19:16 171 --a------ C:\Music Videos & More on Yahoo! Music.url
2008-02-21 19:15 . 2008-02-21 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-21 19:14 . 2008-03-04 22:38 <DIR> d-------- C:\Program Files\Yahoo!
2008-02-21 18:58 . 2008-03-04 22:38 <DIR> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 06:39 --------- d-----w C:\Documents and Settings\user\Application Data\Juniper Networks
2008-03-05 06:38 47,104 ----a-w C:\WINDOWS\system32\rpcnet.dll
2008-03-05 06:38 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.exe
2008-03-05 06:34 --------- d-----w C:\Program Files\Multimedia Center for Think Offerings
2008-02-28 02:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-22 07:33 --------- d-----w C:\Documents and Settings\user\Application Data\ZipGenius
2008-02-07 22:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-31 00:10 274,432 ----a-w C:\WINDOWS\system32\libcurl.dll
2008-01-30 22:21 --------- d-----w C:\Program Files\MSECache
2008-01-30 22:14 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-30 22:14 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-30 22:14 --------- d-----w C:\Program Files\Common Files\L&H
2008-01-30 22:11 --------- d-----w C:\Program Files\ZipGenius 6
2008-01-30 20:46 --------- d-----w C:\Documents and Settings\user\Application Data\Sonic
2008-01-30 20:46 --------- d-----w C:\Documents and Settings\user\Application Data\Leadertech
2008-01-30 20:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-30 20:31 391,792 ----a-w C:\WINDOWS\qfeA2.tmp
2008-01-30 20:21 --------- d-----w C:\Program Files\Intel
2008-01-30 20:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-30 19:57 --------- d-----w C:\Program Files\Common Files\Deterministic Networks
2008-01-30 19:57 --------- d-----w C:\Program Files\Cisco Systems
2008-01-30 19:18 --------- d-----w C:\Program Files\MSBuild
2008-01-30 19:15 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-30 19:13 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-30 19:13 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-30 19:12 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-30 18:21 --------- d-----w C:\Program Files\Java
2008-01-30 18:19 --------- d-----w C:\Program Files\Common Files\Java
2008-01-30 17:57 --------- d-----w C:\Program Files\Synaptics
2008-01-30 17:55 --------- d-----w C:\Program Files\Lenovo
2008-01-30 17:52 --------- d-----w C:\Program Files\Analog Devices
2008-01-30 17:47 --------- d-----w C:\Program Files\Network Associates
2008-01-30 17:47 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2008-01-30 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2008-01-30 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-30 17:46 --------- d-----w C:\Program Files\Common Files\Network Associates
2008-01-30 17:45 --------- d-----w C:\Program Files\CONEXANT
2008-01-30 17:44 --------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2008-01-30 17:36 720,088 ----a-w C:\WINDOWS\qfe1C8.tmp
2008-01-30 17:21 --------- d-----w C:\Program Files\ThinkPad
2008-01-30 17:03 47,104 ----a-w C:\WINDOWS\system32\rpcnet.exe
2008-01-30 17:02 --------- d-----w C:\Program Files\Common Files\ThinkVantage Fingerprint Software
2008-01-30 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\UIB
2008-01-30 16:51 --------- d-----w C:\Program Files\DIFX
2008-01-30 16:46 17,408 ----a-w C:\WINDOWS\system32\rpcnetp.dll
2008-01-30 16:43 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-30 10:35 69,632 ----a-w C:\WINDOWS\system32\TIFmtA.dll
2008-01-30 10:35 63,488 ----a-w C:\WINDOWS\system32\RIC640X.EXE
2008-01-30 10:35 61,440 ----a-w C:\WINDOWS\system32\TrackID.DLL
2008-01-30 10:35 53,248 ----a-w C:\WINDOWS\system32\RIC640PI.DLL
2008-01-30 10:35 49,152 ----a-w C:\WINDOWS\system32\TIBase64.dll
2008-01-30 10:35 221,184 ----a-w C:\WINDOWS\system32\Ricjc32.dll
2008-01-30 10:35 167,936 ----a-w C:\WINDOWS\system32\JCUI.exe
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-04_22.27.50.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-09-22 16:00:00 106,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\BBCpl.dll
+ 2004-09-22 16:00:00 90,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\EmCfgCpl.dll
+ 2006-06-09 04:00:00 41,018 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\EntAPI.dll
+ 2006-06-09 04:00:00 8,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\EntDrv51.sys
+ 2006-06-09 04:00:00 397,898 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\EntSrv.dll
+ 2006-06-09 04:00:00 163,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\F4837_shutil.dll
+ 2006-02-15 04:00:00 221,191 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\F4843_Mcshield.exe
+ 2006-06-09 04:00:00 90,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\F4849_shcfg32.exe
+ 2004-09-22 16:00:00 94,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\F4851_shstat.exe
+ 2006-06-09 04:00:00 58,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\mvstdi5x.sys
+ 2006-06-09 04:00:00 143,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\mytilus.dll
+ 2004-09-22 16:00:00 180,330 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\NaEventU.Dll
+ 2006-06-09 04:00:00 116,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\naiavf5x.sys
+ 2004-09-23 04:00:00 77,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\naiavfin.exe
+ 2006-06-09 04:00:00 303,193 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\NCDaemon.exe
+ 2006-06-09 04:00:00 278,617 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\NCExtMgr.dll
+ 2006-06-09 04:00:00 204,890 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\NCMenu.dll
+ 2006-06-09 04:00:00 499,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\NCScan.dll
+ 2006-06-09 04:00:00 81,994 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\NCTrace.dll
+ 2004-09-22 16:00:00 94,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\ScanEmal.Dll
+ 2006-02-15 04:00:00 45,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\scriptproxy.dll
+ 2006-06-09 04:00:00 229,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\vsodscpl.dll
+ 2006-06-09 04:00:00 86,016 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\BB1D3FD5E498DCD4285751A99C28B934\8.0.0\VSPlugin.dll
- 2006-06-09 04:00:00 8,448 ----a-w C:\WINDOWS\system32\drivers\EntDrv51.sys
+ 2007-11-27 04:00:00 8,320 ----a-w C:\WINDOWS\system32\drivers\EntDrv51.sys
- 2006-06-09 04:00:00 58,464 ----a-w C:\WINDOWS\system32\drivers\mvstdi5x.sys
+ 2007-11-27 04:00:00 59,904 ----a-w C:\WINDOWS\system32\drivers\mvstdi5x.sys
- 2006-06-09 04:00:00 116,864 ----a-w C:\WINDOWS\system32\drivers\naiavf5x.sys
+ 2007-11-27 04:00:00 117,024 ----a-w C:\WINDOWS\system32\drivers\naiavf5x.sys
- 2006-06-09 04:00:00 41,018 ----a-w C:\WINDOWS\system32\EntAPI.dll
+ 2007-11-27 04:00:00 36,922 ----a-w C:\WINDOWS\system32\EntAPI.dll
- 2008-03-05 06:23:49 72,554 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-05 06:42:42 72,554 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-05 06:23:49 445,096 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-05 06:42:42 445,096 ----a-w C:\WINDOWS\system32\perfh009.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-17 17:13 3810544]
"BlazeServoTool"="C:\Program Files\BlazeVideo\BlazeDVD 5 Professional\MediaDetector.exe" [2006-06-29 10:54 286720]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 13:34 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 08:00 98304]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 03:55 131072]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 01:30 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 01:30 512000]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 14:49 66176]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 13:34 3739648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-21 20:35 185896]
"1029BB4B-16A9-4E77-AA3D-96930BD68EEC"="C:\WINDOWS\sysockeu.exe" [2008-03-02 16:19 35840]
"852EBF20-A95D-4F1F-B9C2-B2CD24350F3E"="C:\WINDOWS\sysodkcs.exe" [2008-03-02 16:19 32256]
"756349DC-6D9E-4F2A-9B24-269661F073C3"="C:\WINDOWS\sysoghcx.exe" [2008-03-02 16:19 25088]
"2177F056-0AA6-4D6C-A944-13F71F341C29"="C:\WINDOWS\sysokuaw.exe" [2008-03-02 16:19 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ComponentCheck"= {b4ddb52d-4d4d-4577-92ff-5e4c3fadc77f} - C:\WINDOWS\Installer\{b4ddb52d-4d4d-4577-92ff-5e4c3fadc77f}\ComponentCheck.dll [2008-03-02 16:26 18662]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-03-08 18:08 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 16:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-14 11:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=C:\WINDOWS\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 04:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-08-15 15:07 162328 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-08-15 15:07 141848 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 16:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-08-15 15:07 137752 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
--a------ 2007-03-08 17:48 49168 C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--------- 2007-04-03 19:55 839680 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2007-04-09 16:23 1015808 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=

R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-08 18:01]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-03-08 17:41]

*Newly Created Service* - NAIAVFILTER101
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 22:52:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\Installer\{b4ddb52d-4d4d-4577-92ff-5e4c3fadc77f}\ComponentCheck.dll
.
Completion time: 2008-03-04 22:52:30
ComboFix-quarantined-files.txt 2008-03-05 06:52:28
.
2008-02-23 10:13:37 --- E O F ---



Could someone give me a solution for this!?!?!

BC AdBot (Login to Remove)

 


#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:53 PM

Posted 24 March 2008 - 06:20 AM

Hi cimhera

First of all, you are not supposed to run tools on your own.

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:53 PM

Posted 02 April 2008 - 06:20 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users