Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware - Firefox/ie7 Is Not Browsing And Random Pop-up Windows


  • This topic is locked This topic is locked
2 replies to this topic

#1 cezmy

cezmy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 29 May 2008 - 07:52 AM

hello all,

Problem appeared just few days ago with a pop up window asking installation of Antispywaresuite (Systemerrorfixer). Then internet explorer started not to respond i.e. no yahoo.com or google search.

Adaware, Windows Defender or Norton couldn't find anything on PC.

I Run the combobox application as described in this forum and pasting the log below. I would really appreciate if you can help!

thanks a lot.

----------------

ComboFix 08-05-28.4 - BY78016 2008-05-29 14:29:25.1 - NTFSx86
Microsoft® Windows Vista™ Enterprise 6.0.6001.1.1252.1.1033.18.1078 [GMT 2:00]
Running from: C:\Users\by78016\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\cMSDfMoq.ini
C:\Windows\System32\cMSDfMoq.ini2
C:\Windows\system32\dqdcceoo.dll
C:\Windows\system32\efcBrqRh.dll
C:\Windows\system32\fqwlddgl.ini
C:\Windows\system32\khFxxVpm.dll
C:\Windows\System32\mpVxxFhk.ini
C:\Windows\System32\mpVxxFhk.ini2
C:\Windows\System32\ooeccdqd.ini
C:\Windows\System32\pvcblobt.ini
C:\Windows\system32\pxqaiuci.dll
C:\Windows\system32\qoMfDSMc.dll
C:\Windows\system32\tbolbcvp.dll
C:\Windows\System32\wvothumk.ini
C:\Windows\system32\xcdhxyit.ini
C:\Windows\system32\yhrcuadb.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-29 13:57 . 2008-05-29 13:57 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2008-05-29 13:51 . 2008-05-29 13:51 <DIR> d-------- C:\Program Files\Microsoft Virtual PC
2008-05-29 13:46 . 2008-05-29 13:46 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-29 13:10 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Baris\Videos
2008-05-29 13:10 . 2008-05-29 13:11 <DIR> dr------- C:\Users\Baris\Searches
2008-05-29 13:10 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Baris\Saved Games
2008-05-29 13:10 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Baris\Pictures
2008-05-29 13:10 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Baris\Music
2008-05-29 13:10 . 2008-05-29 13:13 <DIR> dr------- C:\Users\Baris\Links
2008-05-29 13:10 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Baris\Downloads
2008-05-29 13:10 . 2008-05-29 13:10 <DIR> dr------- C:\Users\Baris\Documents
2008-05-29 13:10 . 2008-05-29 13:11 <DIR> dr------- C:\Users\Baris\Contacts
2008-05-29 13:10 . 2008-01-09 16:40 <DIR> d-------- C:\Users\Baris\AppData\Roaming\InstallShield
2008-05-29 13:10 . 2008-01-09 15:45 <DIR> d--h----- C:\Users\Baris\AppData
2008-05-29 13:10 . 2008-05-29 13:13 <DIR> d-------- C:\Users\Baris
2008-05-29 13:07 . 2003-08-25 11:03 458 --a------ C:\Windowsupdate.reg
2008-05-29 12:58 . 2008-05-29 12:58 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-28 22:30 . 2008-05-28 22:31 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-28 22:30 . 2008-05-28 22:31 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-28 22:30 . 2008-05-28 22:30 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-28 22:28 . 2008-05-28 22:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 22:21 . 2008-05-28 22:21 <DIR> d-------- C:\Program Files\7-Zip
2008-05-28 22:16 . 2008-05-28 22:16 <DIR> d-------- C:\Users\by78016\AppData\Roaming\Nero
2008-05-28 22:16 . 2008-05-28 22:16 <DIR> d-------- C:\Users\All Users\LightScribe
2008-05-28 22:16 . 2008-05-28 22:16 <DIR> d-------- C:\ProgramData\LightScribe
2008-05-28 20:24 . 2008-05-28 20:24 <DIR> d-------- C:\PerfLogs
2008-05-28 19:50 . 2008-05-28 19:15 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-05-28 19:50 . 2008-05-28 19:15 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-05-28 19:27 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
2008-05-28 19:27 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
2008-05-28 19:26 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
2008-05-28 19:26 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
2008-05-28 19:26 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
2008-05-28 19:22 . 2008-01-18 23:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll
2008-05-28 19:18 . 2007-12-06 06:04 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-05-28 19:17 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-05-28 19:15 . 2008-05-28 19:51 196,608 --a------ C:\Windows\SPInstall.etl
2008-05-27 21:50 . 2008-05-27 21:53 69 --a------ C:\Windows\NeroDigital.ini
2008-05-27 21:32 . 2008-05-27 21:32 39 --a------ C:\Windows\vbaddin.ini
2008-05-27 21:31 . 2008-05-27 21:31 162 --a------ C:\Windows\ODBC.INI
2008-05-27 21:19 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-05-27 21:13 . 2008-05-27 21:13 <DIR> d-------- C:\Users\All Users\Mindjet
2008-05-27 21:13 . 2008-05-27 21:13 <DIR> d-------- C:\ProgramData\Mindjet
2008-05-27 21:13 . 2008-05-27 21:13 <DIR> d-------- C:\Program Files\Mindjet
2008-05-27 21:09 . 2008-05-27 21:09 <DIR> d-------- C:\Windows\Downloaded Installations
2008-05-27 21:07 . 2008-05-27 21:07 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-27 21:03 . 2008-05-27 21:03 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-05-27 21:03 . 2008-05-27 21:03 <DIR> d-------- C:\ProgramData\FLEXnet
2008-05-27 21:00 . 2008-05-27 21:00 <DIR> d-------- C:\Program Files\Bonjour
2008-05-27 20:49 . 2008-05-27 20:49 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-27 20:43 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Default\Searches
2008-05-27 20:43 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Default\Contacts
2008-05-27 20:43 . 2008-01-09 20:55 1,561 --a------ C:\Users\Default\create_shortcut.vbs
2008-05-27 20:42 . 2008-05-27 20:42 <DIR> d-------- C:\Users\All Users\Nero
2008-05-27 20:42 . 2008-05-27 20:42 <DIR> d-------- C:\ProgramData\Nero
2008-05-27 20:42 . 2008-05-27 20:42 <DIR> d-------- C:\Program Files\Nero
2008-05-27 20:42 . 2008-05-27 20:42 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-27 20:40 . 2008-05-27 20:40 <DIR> d-------- C:\Program Files\Analog Devices
2008-05-27 20:34 . 2008-05-27 20:35 697 --a------ C:\Windows\details.xml
2008-05-27 20:31 . 2008-05-27 20:31 <DIR> d-------- C:\Program Files\Synaptics
2008-05-27 20:30 . 2006-11-02 08:09 1,419,232 --a------ C:\Windows\System32\drivers\wdfcoinstaller01005.dll
2008-05-27 17:07 . 2008-05-27 17:07 <DIR> d-------- C:\Program Files\Athp
2008-05-27 17:07 . 2008-05-27 17:07 45,056 --a------ C:\Windows\System32\PCTKRNT.SYS
2008-05-27 16:38 . 2008-05-27 16:38 <DIR> d-------- C:\Windows\System32\Macromed
2008-05-27 16:07 . 2008-05-27 16:07 <DIR> d-------- C:\Users\by78016\AppData\Roaming\vlc
2008-05-27 16:06 . 2008-05-27 16:06 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-27 15:31 . 2008-05-27 15:31 <DIR> d-------- C:\Program Files\Microsoft Office Communicator
2008-05-27 15:20 . 2008-05-27 15:20 <DIR> d-------- C:\Program Files\PDFCreator
2008-05-27 15:20 . 2004-03-09 00:00 662,288 --a------ C:\Windows\System32\MSCOMCT2.OCX
2008-05-27 15:20 . 2005-10-15 12:32 196,608 --a------ C:\Windows\System32\pdfcmnnt.dll
2008-05-27 15:20 . 1998-06-24 00:00 137,000 --a------ C:\Windows\System32\MSMAPI32.OCX
2008-05-27 15:20 . 1998-07-06 00:00 23,552 --a------ C:\Windows\System32\MSMPIDE.DLL
2008-05-27 13:50 . 2008-05-27 13:50 <DIR> d-------- C:\Garmin
2008-05-27 12:13 . 2008-05-27 12:13 <DIR> d-------- C:\Users\by78016\AppData\Roaming\Winamp
2008-05-27 12:13 . 2008-05-27 12:13 <DIR> d-------- C:\Program Files\Winamp
2008-05-27 12:09 . 2008-05-27 12:09 <DIR> d-------- C:\Users\by78016\AppData\Roaming\Jabber Messenger
2008-05-27 12:04 . 2008-05-27 12:04 <DIR> d-------- C:\trams
2008-05-27 11:59 . 2008-05-27 11:59 <DIR> d-------- C:\Program Files\Jabber
2008-05-27 11:56 . 2008-05-27 15:41 <DIR> d-------- C:\Program Files\Google
2008-05-27 11:54 . 2008-05-27 11:56 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-05-27 11:47 . 2008-05-27 11:47 0 --a------ C:\Windows\nsreg.dat
2008-05-27 11:28 . 2008-05-27 11:28 48,640 --a------ C:\Windows\System32\davclnt.dll
2008-05-27 11:25 . 2008-05-27 11:29 <DIR> d-------- C:\Persia
2008-05-27 11:25 . 2008-05-27 11:25 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-05-27 11:23 . 2008-05-27 11:23 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-05-27 11:23 . 2008-05-27 11:23 826,880 --a------ C:\Windows\System32\wininet.dll
2008-05-27 11:07 . 2007-03-30 18:03 172,032 --a------ C:\Windows\System32\igfxres.dll
2008-05-27 11:02 . 2008-01-09 15:45 <DIR> dr------- C:\Users\by78016\Videos
2008-05-27 11:02 . 2008-05-27 11:07 <DIR> dr------- C:\Users\by78016\Searches
2008-05-27 11:02 . 2008-01-09 15:45 <DIR> dr------- C:\Users\by78016\Saved Games
2008-05-27 11:02 . 2008-05-28 09:47 <DIR> dr------- C:\Users\by78016\Pictures
2008-05-27 11:02 . 2008-01-09 15:45 <DIR> dr------- C:\Users\by78016\Music
2008-05-27 11:02 . 2008-05-27 11:38 <DIR> dr------- C:\Users\by78016\Links
2008-05-27 11:02 . 2008-05-28 22:39 <DIR> dr------- C:\Users\by78016\Downloads
2008-05-27 11:02 . 2008-05-29 14:03 <DIR> dr------- C:\Users\by78016\Documents
2008-05-27 11:02 . 2008-05-27 11:07 <DIR> dr------- C:\Users\by78016\Contacts
2008-05-27 11:02 . 2008-01-09 16:40 <DIR> d-------- C:\Users\by78016\AppData\Roaming\InstallShield
2008-05-27 11:02 . 2008-01-09 15:45 <DIR> d--h----- C:\Users\by78016\AppData
2008-05-27 11:02 . 2008-05-29 13:55 <DIR> d-------- C:\Users\by78016
2008-05-27 10:59 . 2008-05-27 10:59 <DIR> d-------- C:\Program Files\HPQ
2008-05-27 10:59 . 2008-05-27 10:59 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-05-27 10:58 . 2007-06-08 13:46 1,560,576 --a------ C:\Windows\System32\BttnCmns_64.dll
2008-05-27 10:58 . 2006-06-30 05:46 1,560,576 --a------ C:\Windows\System32\BttnCmns.dll
2008-05-27 10:58 . 2005-10-31 14:30 987,136 --a------ C:\Windows\System32\BttnCmn.dll
2008-05-27 10:58 . 2008-05-27 10:58 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-05-27 10:56 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Administrator\Videos
2008-05-27 10:56 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Administrator\Searches
2008-05-27 10:56 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Administrator\Saved Games
2008-05-27 10:56 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Administrator\Pictures
2008-05-27 10:56 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Administrator\Music
2008-05-27 10:56 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Administrator\Links
2008-05-27 10:56 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Administrator\Downloads
2008-05-27 10:56 . 2008-05-27 10:56 <DIR> dr------- C:\Users\Administrator\Documents
2008-05-27 10:56 . 2008-01-09 15:45 <DIR> dr------- C:\Users\Administrator\Contacts
2008-05-27 10:56 . 2008-01-09 16:40 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\InstallShield
2008-05-27 10:56 . 2008-01-09 15:45 <DIR> d--h----- C:\Users\Administrator\AppData
2008-05-27 10:56 . 2008-05-27 10:56 <DIR> d-------- C:\Users\Administrator
2008-05-27 10:56 . 2008-01-09 20:55 1,561 --a------ C:\Users\Administrator\create_shortcut.vbs
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\Windows\System32\lsdelete.exe
2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\Windows\System32\drivers\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\Windows\System32\drivers\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\Windows\System32\drivers\Awrtpd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 18:44 174 --sha-w C:\Program Files\desktop.ini
2008-05-28 18:31 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-28 18:31 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-28 18:31 --------- d-----w C:\Program Files\Windows Mail
2008-05-28 18:31 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-28 18:31 --------- d-----w C:\Program Files\Windows Calendar
2008-05-28 18:30 --------- d-----w C:\Program Files\Windows Journal
2008-05-28 18:30 --------- d-----w C:\Program Files\Windows Defender
2008-05-28 18:01 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-28 18:01 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-27 19:32 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-27 19:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-27 15:07 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-27 08:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-27 08:57 --------- d-----w C:\Program Files\Common Files\InstallShield
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDA"="C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE" [2008-01-04 09:54 176128]
"COEMsgDisplay"="C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-12 07:44 26624]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-12-08 02:25 107112]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-08-05 23:29 135568]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe" [2007-09-26 07:23 75256]
"accrdsub"="C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2007-09-10 22:47 294440]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-05 18:45 138008]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-05 18:44 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-05 18:44 133912]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 19:14 833072]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 15:13 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 16:34 177456]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-27 11:56 29744]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-10-18 01:55 1097728]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376]

C:\Users\by78016\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe [2007-09-10 22:47:40 130864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableNT4Policy"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0CF5D165-517E-48B6-B3C7-3054A24F8BF6}"= C:\Windows\system32\efcBrqRh.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=NOITSCAN.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1957994488-842925246-40105171-218048\Scripts\Logon\0\0]
"Script"=NOITSCAN.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=C:\Windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
backup=C:\Windows\pss\PDFCreator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
-ra------ 2007-12-04 02:07 61440 C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetIT]
--a------ 2007-12-04 02:12 286720 C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
-ra------ 2007-05-18 00:05 37392 C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2006-09-06 05:02 184320 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2376190246-3261775438-4127576403-500]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A57E75E2-2D4B-4888-B515-EB70F1F193AE}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{595E626B-CEEC-4D60-B0B5-BA2CDDCBB613}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{729180D8-09B1-458F-AD8C-26AD4C462679}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{FB2BB8FD-3FAE-40F8-A244-2FA635E73ACE}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{626A787E-F348-4397-89D7-1871AA29EA7A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{E6C1990A-EE68-4F38-A0DB-1031055A8030}C:\\program files\\netmeeting\\conf.exe"= UDP:C:\program files\netmeeting\conf.exe:Windows® NetMeeting®
"UDP Query User{AB4820A4-616E-4493-9416-347698CE01D2}C:\\program files\\netmeeting\\conf.exe"= TCP:C:\program files\netmeeting\conf.exe:Windows® NetMeeting®
"TCP Query User{91C3C204-3676-460F-892E-F1ED97F39BF2}C:\\program files\\microsoft office communicator\\communicator.exe"= UDP:C:\program files\microsoft office communicator\communicator.exe:Microsoft Office Communicator 2005
"UDP Query User{540181B7-ECAD-4B7B-845F-2CCA71790BEE}C:\\program files\\microsoft office communicator\\communicator.exe"= TCP:C:\program files\microsoft office communicator\communicator.exe:Microsoft Office Communicator 2005
"{AD62AA55-268F-4063-A9D4-28C4D80444E0}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{BA88C64F-CACB-4C19-A1CA-80F319A89496}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{381E0DB3-BD7A-44E3-B337-1961F06A24A1}C:\\program files\\microsoft office communicator\\communicator.exe"= UDP:C:\program files\microsoft office communicator\communicator.exe:Microsoft Office Communicator 2005
"UDP Query User{BD149F59-4526-49EB-A4D7-F1D8353264DC}C:\\program files\\microsoft office communicator\\communicator.exe"= TCP:C:\program files\microsoft office communicator\communicator.exe:Microsoft Office Communicator 2005
"{138A63D1-D335-45E9-9DAE-73B4208AC212}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CFEABC10-7D54-4D52-B2C8-05C9DED650D9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{AEC8AD0B-46B9-45C4-ABB6-7416E83D80CC}C:\\program files\\microsoft office communicator\\communicator.exe"= UDP:C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator
"UDP Query User{010E9D1F-1295-4118-AC19-5DA58699C21B}C:\\program files\\microsoft office communicator\\communicator.exe"= TCP:C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 accoca;ActivClient Middleware Service;"C:\Program Files\ActivIdentity\ActivClient\accoca.exe" [2007-05-16 02:08]
R2 CPMDrvr;CPMDrvr;C:\Windows\system32\CPMDrvr.sys [2003-04-10 01:32]
R2 DriverManager;DriverManager;C:\Program Files\PAL\DriverManager.exe [2003-01-30 03:27]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2007-01-05 11:00]
R2 msralinkmonitor;MSRA Link Monitor;"C:\Program Files\Remote tools\msraLinkMonitor.exe" [2007-11-29 21:09]
R2 radexecd;HP OVCM Notify Daemon;"C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe" [2007-02-20 23:59]
R2 radsched;HP OVCM Scheduler Daemon;"C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe" [2007-03-23 03:19]
R2 Radstgms;HP OVCM MSI Redirector;"C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe" [2007-03-20 22:03]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R2 WcesComm;Windows Mobile 2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-01-23 23:10]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-03-30 18:57]
R3 RadiaMsi;RadiaMsi;C:\Windows\system32\DRIVERS\radiamsi.sys [2007-08-03 10:31]
R3 SmartUSB;SmartReader-USB;C:\Windows\system32\DRIVERS\SmartUSB.sys [2007-04-06 21:46]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-05-11 11:42]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-27 11:56]
S4 btwrchid;btwrchid;C:\Windows\system32\drivers\btwrchid.sys [2007-05-11 11:42]
S4 GtFUsb;GlobeTrotter 3G+ Fuji Filter Service;C:\Windows\system32\drivers\gtfusb.sys [2007-01-13 02:12]
S4 GTPTSER;GT PT SER;C:\Windows\system32\drivers\gtptser.sys [2007-01-13 02:12]
S4 GTUQBUS;GT UQ BUS;C:\Windows\system32\drivers\gtuqbus.sys [2007-01-13 02:12]
S4 NWADI;NWADI Bus Enumerator;C:\Windows\system32\drivers\nwadienum.sys [2007-01-13 02:12]
S4 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\drivers\nwusbser2.sys [2007-01-13 02:12]
S4 RimSerPort;RIM Virtual Serial Port;C:\Windows\system32\drivers\rimserial.sys [2007-01-13 02:12]
S4 SUSCOM;Susteen Serial port driver;C:\Windows\system32\drivers\suscom.sys [2007-01-13 02:13]
S4 swivsp;AC8xx Virtual Serial Port;C:\Windows\system32\drivers\swivspnt.sys [2007-01-13 02:13]
S4 swmx02;HP ev2200 USB MUX Driver (#02);C:\Windows\system32\drivers\swmx02.sys [2007-02-22 18:26]
S4 SWUMX00;Sierra Wireless USB MUX Driver (UMTS00);C:\Windows\system32\drivers\swumx00.sys [2007-01-13 02:12]
S4 SWUMX02;HP hs2300 USB MUX Driver (#02);C:\Windows\system32\drivers\swumx02.sys [2007-01-12 12:29]
S4 swumx12;Sierra Wireless USB MUX Driver (UMTS12);C:\Windows\system32\drivers\swumx12.sys [2007-01-13 02:12]
S4 SWUMX32;Sierra Wireless USB MUX Driver (UMTS32);C:\Windows\system32\drivers\swumx32.sys [2007-01-13 02:12]
S4 SWUMX33;Sierra Wireless USB MUX Driver (UMTS33);C:\Windows\system32\drivers\swumx33.sys [2007-01-13 02:12]
S4 SWUMX3A;Sierra Wireless USB MUX Driver (UMTS3A);C:\Windows\system32\drivers\swumx3a.sys [2007-01-13 02:12]
S4 SWUMX50;Sierra Wireless USB MUX Driver (UMTS50);C:\Windows\system32\drivers\swumx50.sys [2007-01-13 02:12]
S4 SWUMX52;Sierra Wireless USB MUX Driver (UMTS52);C:\Windows\system32\drivers\swumx52.sys [2007-01-13 02:12]
S4 SWUMX53;Sierra Wireless USB MUX Driver (UMTS53);C:\Windows\system32\drivers\swumx53.sys [2007-01-13 02:12]
S4 SWUMX70;Sierra Wireless USB MUX Driver (UMTS70);C:\Windows\system32\drivers\swumx70.sys [2007-01-13 02:12]
S4 SWUMX71;Sierra Wireless USB MUX Driver (UMTS71);C:\Windows\system32\drivers\swumx71.sys [2007-01-13 02:12]
S4 SWUMX72;Sierra Wireless USB MUX Driver (UMTS72);C:\Windows\system32\drivers\swumx72.sys [2007-01-13 02:12]
S4 SWUMX73;Sierra Wireless USB MUX Driver (UMTS73);C:\Windows\system32\drivers\swumx73.sys [2007-01-13 02:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcdc02f2-2c1b-11dd-a6d5-806e6f6e6963}]
\shell\AutoRun\command - D:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}]
msiexec.exe /fomus {8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8} /qb!
.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 12:48:54 C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job"
- C:\Program Files\Hewlett-Packard\PC COE\coetl32.exe
"2008-05-29 12:48:56 C:\Windows\Tasks\IDA{884F3959-E5F7-11D1-9B15-080009F878E4}000.job"
- C:\Windows\system32\rundll32.exe7C:\PROGRA~1\HEWLET~1\PCCOE~1\reltrksi.dll,UpdateUpTime
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 14:47:13
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-29 14:49:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-29 12:49:47

Pre-Run: 38,936,326,144 bytes free
Post-Run: 39,132,663,808 bytes free

366 --- E O F --- 2008-05-27 15:19:13

BC AdBot (Login to Remove)

 


m

#2 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 09 June 2008 - 12:56 PM

Welcome to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.

Forum Guidelines
Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

If you still need help, read the directions and the Forum Guidelines and start with a HJT log using Add Reply:

Download Trend Micro Hijack This™ to your Desktop
http://download.bleepingcomputer.com/hijac.../HJTInstall.exe
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 pskelley

pskelley

  • Staff Emeritus
  • 1,487 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 17 June 2008 - 10:05 AM

There has been no response to this topic in a week
This topic is closed
Thanks...pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users