Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting Redirects When Using Google, Yahoo And Msn Search Results


  • This topic is locked This topic is locked
8 replies to this topic

#1 lagreen

lagreen

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 16 June 2008 - 11:52 AM

I am getting redirects both by clicking on the found page as well as trying to open it in a new tab. I have used both Ad Aware and Spybot already to no avail. PLEASE HELP!

Chris

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:28 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Targus BT Mouse\MulMouse.exe
C:\Program Files\Targus BT Mouse\osd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Christopher Scarlett\My Documents\Downloads\HiJackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {694CECEE-40AA-48DA-AAC6-647C07E6B6EE} - C:\WINDOWS\system32\AgCPanelSimplifiedChinesei.dll
O2 - BHO: (no name) - {9E8BFB56-04A5-44A7-83D4-21844B8AE8F6} - c:\windows\system32\sqsdhvz.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Snte] "C:\WINDOWS\SSTEM3~1\regsvr32.exe" -vt yazb
O4 - HKCU\..\Run: [Nkhzzl] C:\WINDOWS\system32\?racle\??rss.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Targus BT Mouse.lnk = C:\Program Files\Targus BT Mouse\MulMouse.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: erfozhsg - C:\WINDOWS\SYSTEM32\sqsdhvz.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11975 bytes

BC AdBot (Login to Remove)

 


m

#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 16 June 2008 - 04:09 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.

Post that in your next reply with a fresh HijackThis log.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 lagreen

lagreen
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 16 June 2008 - 09:26 PM

OK. So here is the Combofix.txt file. After I ran teh combofix.exe program, I am still getting the redirects. It quarantined quite of few things, but the problem is still there...

2006-12-28 22:58 90 --a--c--- C:\Qoobox\Quarantine\D\Autorun.inf.vir
2007-07-19 13:46 18031 --a--c--- C:\Qoobox\Quarantine\C\Program Files\Outerinfo\Terms.rtf.vir
2007-10-19 09:26 0 --a--c--- C:\Qoobox\Quarantine\C\Program Files\Outerinfo\FF\chrome.manifest.vir
2007-10-19 14:45 766 --a--c--- C:\Qoobox\Quarantine\C\Program Files\Outerinfo\FF\install.rdf.vir
2007-10-31 10:44 138 --a--c--- C:\Qoobox\Quarantine\C\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt.vir
2007-12-20 17:08 45056 --a--c--- C:\Qoobox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir
2008-01-28 12:29 230400 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\RACLE~1\??rss.exe.vir
2008-01-28 12:29 60928 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\nsuiie.dll.vir
2008-03-29 01:36 39424 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXPfdCs.dll.vir
2008-03-29 01:37 39424 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyabCRh.dll.vir
2008-03-29 01:44 268288 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\opnmNGaW.dll.vir
2008-03-30 08:30 4095 --a--c--- C:\Qoobox\Quarantine\C\Program Files\nvcoi\mst.stt.vir
2008-03-30 08:35 12288 --a--c--- C:\Qoobox\Quarantine\C\Program Files\JavaCore\UnInstall.exe.vir
2008-03-30 08:45 1563 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\Christopher Scarlett\Start Menu\Programs\Outerinfo\Uninstall.lnk.vir
2008-03-30 08:45 68608 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\SSTEM3~1\regsvr32.exe.vir
2008-03-30 08:45 710 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\Christopher Scarlett\Start Menu\Programs\Outerinfo\Terms.lnk.vir
2008-03-30 09:58 14 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\NetMon\domains.txt.vir
2008-03-30 09:58 2232 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\NetMon\log.txt.vir
2008-03-30 20:49 90176 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\tgjhcuyu.dll.vir
2008-03-30 20:54 1583637 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\sbcxfmmx.ini.vir
2008-03-30 21:13 90176 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\cklyrfwc.dll.vir
2008-03-31 10:42 16384 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\nod32se.exe.vir
2008-03-31 21:15 91712 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\psfuqkre.dll.vir
2008-04-02 11:51 2284117 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\fdqaboea.ini.vir
2008-04-02 11:52 88128 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\dwniaxgw.dll.vir
2008-04-02 11:54 91712 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\iggeuxox.dll.vir
2008-04-02 11:57 83520 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\cxxpxivm.dll.vir
2008-04-03 18:04 88128 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\ictragjv.dll.vir
2008-04-03 18:09 89152 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\mkfmaoou.dll.vir
2008-04-04 12:16 1660021 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\mvixpxxc.ini.vir
2008-04-04 12:36 147456 --a--c--- C:\Qoobox\Quarantine\C\Program Files\JavaCore\javacore.exe.vir
2008-04-04 12:36 16384 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\users32.dat.vir
2008-04-05 14:29 87104 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\mkhlwqwr.dll.vir
2008-04-05 14:31 706378 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\lccoqtkv.ini.vir
2008-04-05 14:32 85056 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\qflewsag.dll.vir
2008-04-05 14:34 89664 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\mjjebvtu.dll.vir
2008-04-07 17:35 89664 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\urpthhci.dll.vir
2008-04-08 10:37 0 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir
2008-04-08 10:53 706537 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\gaswelfq.ini.vir
2008-04-08 11:05 88640 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\vspxchqy.dll.vir
2008-04-08 11:08 3648 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\vtwvsews.dll.vir
2008-04-08 11:17 91712 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\iwwskvas.dll.vir
2008-04-08 11:20 83520 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\mxovrygc.dll.vir
2008-04-09 16:00 88640 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\qethxhjt.dll.vir
2008-04-09 16:01 89664 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\chompuqj.dll.vir
2008-04-09 16:03 3648 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\ejiwfljc.dll.vir
2008-04-10 08:52 95808 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\tatvdsqa.dll.vir
2008-04-10 08:55 1353 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2008-04-10 08:55 752181 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\cgyrvoxm.ini.vir
2008-04-10 08:55 86080 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\kmvcvmkn.dll.vir
2008-04-12 21:31 793743 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\nkmvcvmk.ini.vir
2008-04-12 21:36 3648 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\gvxlhfth.dll.vir
2008-04-12 21:42 92736 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\dehemggw.dll.vir
2008-04-12 21:45 86592 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\pgsbtgmb.dll.vir
2008-04-12 21:46 889304 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\bmgtbsgp.ini.vir
2008-04-12 22:36 101091 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\BM04b1d155.xml.vir
2008-04-12 22:36 23 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir
2008-04-12 22:36 3648 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\jwutpkvj.dll.vir
2008-04-12 22:36 94272 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\cralpwkb.dll.vir
2008-04-12 22:39 86592 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\mcmayotk.dll.vir
2008-04-12 22:40 884557 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\ktoyamcm.ini.vir
2008-04-12 22:45 92736 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\cvvygjva.dll.vir
2008-04-13 08:16 300014 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\WaGNmnpo.ini2.vir
2008-04-13 08:18 300014 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\WaGNmnpo.ini.vir
2008-04-13 08:19 832 --a--c--- C:\Qoobox\Quarantine\Registry_backups\Legacy_CMDSERVICE.reg.dat
2008-04-13 08:19 862 --a--c--- C:\Qoobox\Quarantine\Registry_backups\Legacy_NETWORK_MONITOR.reg.dat
2008-04-13 08:23 260038 --a--c--- C:\Qoobox\Quarantine\catchme2008-04-13_ 82304.87.zip
2008-06-16 18:02 434 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\At1.job.vir
2008-06-16 22:05 1090 --a--c--- C:\Qoobox\Quarantine\Registry_backups\Legacy_GILTYCEQ.reg.dat
2008-06-16 22:05 2172 --a--c--- C:\Qoobox\Quarantine\Registry_backups\Service_giltyceq.reg.dat
2008-06-16 22:05 411 --a--c--- C:\Qoobox\Quarantine\catchme.log
2008-06-16 22:05 82424 --a--c--- C:\Qoobox\Quarantine\catchme2008-06-16_220557.70.zip

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 17 June 2008 - 01:36 AM

I think you posted the wrong log, so can you post the Combofix.txt log please?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 lagreen

lagreen
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 19 June 2008 - 01:08 PM

ComboFix 08-04-12.7 - Christopher Scarlett 2008-04-13 8:18:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.417 [GMT -4:00]
Running from: C:\Documents and Settings\Christopher Scarlett\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Christopher Scarlett\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Christopher Scarlett\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Christopher Scarlett\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\CPV
C:\Program Files\JavaCore
C:\Program Files\JavaCore\javacore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\nvcoi
C:\Program Files\nvcoi\mst.stt
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\sstem3~1
C:\WINDOWS\sstem3~1\regsvr32.exe
C:\WINDOWS\sstem3~1\s?stem32\
C:\WINDOWS\system32\bmgtbsgp.ini
C:\WINDOWS\system32\cbXPfdCs.dll
C:\WINDOWS\system32\cgyrvoxm.ini
C:\WINDOWS\system32\chompuqj.dll
C:\WINDOWS\system32\cklyrfwc.dll
C:\WINDOWS\system32\cralpwkb.dll
C:\WINDOWS\system32\cvvygjva.dll
C:\WINDOWS\system32\cxxpxivm.dll
C:\WINDOWS\system32\dehemggw.dll
C:\WINDOWS\system32\dwniaxgw.dll
C:\WINDOWS\system32\gaswelfq.ini
C:\WINDOWS\system32\ictragjv.dll
C:\WINDOWS\system32\iggeuxox.dll
C:\WINDOWS\system32\iwwskvas.dll
C:\WINDOWS\system32\kmvcvmkn.dll
C:\WINDOWS\system32\ktoyamcm.ini
C:\WINDOWS\system32\lccoqtkv.ini
C:\WINDOWS\system32\mcmayotk.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mjjebvtu.dll
C:\WINDOWS\system32\mkfmaoou.dll
C:\WINDOWS\system32\mkhlwqwr.dll
C:\WINDOWS\system32\mvixpxxc.ini
C:\WINDOWS\system32\mxovrygc.dll
C:\WINDOWS\system32\nkmvcvmk.ini
C:\WINDOWS\system32\nod32se.exe
C:\WINDOWS\system32\nsuiie.dll
C:\WINDOWS\system32\opnmNGaW.dll
C:\WINDOWS\system32\pgsbtgmb.dll
C:\WINDOWS\system32\psfuqkre.dll
C:\WINDOWS\system32\qethxhjt.dll
C:\WINDOWS\system32\qflewsag.dll
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\racle~1\??rss.exe
C:\WINDOWS\system32\tatvdsqa.dll
C:\WINDOWS\system32\tgjhcuyu.dll
C:\WINDOWS\system32\urpthhci.dll
C:\WINDOWS\system32\users32.dat
C:\WINDOWS\system32\vspxchqy.dll
C:\WINDOWS\system32\WaGNmnpo.ini
C:\WINDOWS\system32\WaGNmnpo.ini2
C:\WINDOWS\system32\xxyabCRh.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 00:04 . 2008-04-13 00:04 <DIR> d-------- C:\Documents and Settings\Christopher Scarlett\Application Data\Move Networks
2008-04-12 22:36 . 2008-04-12 22:36 3,648 --a------ C:\WINDOWS\system32\jwutpkvj.dll
2008-04-12 21:36 . 2008-04-12 21:36 3,648 --a------ C:\WINDOWS\system32\gvxlhfth.dll
2008-04-09 16:03 . 2008-04-09 16:03 3,648 --a------ C:\WINDOWS\system32\ejiwfljc.dll
2008-04-08 11:08 . 2008-04-08 11:08 3,648 --a------ C:\WINDOWS\system32\vtwvsews.dll
2008-04-02 12:21 . 2008-04-02 12:21 <DIR> d-------- C:\Documents and Settings\Christopher Scarlett\Application Data\Palo Alto Software
2008-04-02 12:05 . 2008-04-02 12:05 <DIR> d-------- C:\Program Files\Business Plan Pro 2007
2008-04-02 12:05 . 2008-04-02 12:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Palo Alto Software
2008-04-02 12:03 . 2008-04-02 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PAS
2008-04-02 11:52 . 2008-04-12 22:36 101,091 --a------ C:\WINDOWS\BM04b1d155.xml
2008-04-01 00:38 . 2008-04-01 00:38 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-03-30 21:16 . 2008-04-02 11:51 2,284,117 --ahs---- C:\WINDOWS\system32\fdqaboea.ini
2008-03-30 20:49 . 2008-03-30 20:54 1,583,637 --ahs---- C:\WINDOWS\system32\sbcxfmmx.ini
2008-03-30 09:58 . 2008-03-30 09:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-30 09:58 . 2008-03-30 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-30 08:50 . 2008-03-30 20:07 <DIR> d--hs---- C:\WINDOWS\Q2hyaXN0b3BoZXIgU2NhcmxldHQ
2008-03-30 08:50 . 2006-01-03 17:45 1,989 --a------ C:\WINDOWS\uninstall_nmon.vbs
2008-03-29 01:41 . 2008-03-29 01:41 19,800 --a------ C:\Documents and Settings\Christopher Scarlett\Application Data\fosusuziby.pif
2008-03-29 01:41 . 2008-03-29 01:41 19,245 --a------ C:\Documents and Settings\Christopher Scarlett\Application Data\moxowys.scr
2008-03-29 01:41 . 2008-03-29 01:41 17,770 --a------ C:\WINDOWS\ovup.exe
2008-03-29 01:41 . 2008-03-29 01:41 17,191 --a------ C:\Program Files\Common Files\enekumypyt.dll
2008-03-29 01:41 . 2008-03-29 01:41 17,093 --a------ C:\WINDOWS\iceduz.bat
2008-03-29 01:41 . 2008-03-29 01:41 16,076 --a------ C:\WINDOWS\vubot.sys
2008-03-29 01:41 . 2008-03-29 01:41 15,767 --a------ C:\WINDOWS\utanysip.sys
2008-03-29 01:41 . 2008-03-29 01:41 15,681 --a------ C:\WINDOWS\idegovu.dll
2008-03-29 01:41 . 2008-03-29 01:41 14,803 --a------ C:\WINDOWS\system32\sycy.reg
2008-03-29 01:41 . 2008-03-29 01:41 14,583 --a------ C:\WINDOWS\system32\ojumelaf.ban
2008-03-29 01:41 . 2008-03-29 01:41 14,177 --a------ C:\Documents and Settings\Christopher Scarlett\Application Data\dasoju.bin
2008-03-29 01:41 . 2008-03-29 01:41 13,868 --a------ C:\Documents and Settings\All Users\Application Data\ojusygiz.dat
2008-03-29 01:41 . 2008-03-29 01:41 11,384 --a------ C:\WINDOWS\system32\ojokyzup.vbs
2008-03-29 01:41 . 2008-03-29 01:41 11,297 --a------ C:\WINDOWS\rajypyseh.sys
2008-03-29 01:41 . 2008-03-29 01:41 11,132 --a------ C:\Documents and Settings\Christopher Scarlett\Application Data\ycenymekal.pif
2008-03-29 01:41 . 2008-03-29 01:41 10,782 --a------ C:\Documents and Settings\All Users\Application Data\novykezulo.dat
2008-03-29 01:41 . 2008-03-29 01:41 10,024 --a------ C:\WINDOWS\ykiqybyre.sys
2008-03-29 01:40 . 2008-03-29 01:40 19,310 --a------ C:\Documents and Settings\Christopher Scarlett\Application Data\ynad.exe
2008-03-29 01:40 . 2008-03-29 01:40 18,908 --a------ C:\WINDOWS\system32\ludagykih.com
2008-03-29 01:40 . 2008-03-29 01:40 18,889 --a------ C:\Program Files\Common Files\nyxoboxy.exe
2008-03-29 01:40 . 2008-03-29 01:40 18,794 --a------ C:\Documents and Settings\All Users\Application Data\tulinynogy.dat
2008-03-29 01:40 . 2008-03-29 01:40 18,537 --a------ C:\WINDOWS\system32\ydij.com
2008-03-29 01:40 . 2008-03-29 01:40 18,197 --a------ C:\WINDOWS\system32\bujysibos.vbs
2008-03-29 01:40 . 2008-03-29 01:40 16,570 --a------ C:\Documents and Settings\All Users\Application Data\unuxubu.dat
2008-03-29 01:40 . 2008-03-29 01:40 15,671 --a------ C:\WINDOWS\uzuvyhip.reg
2008-03-29 01:40 . 2008-03-29 01:40 15,323 --a------ C:\Program Files\Common Files\suwaz.scr
2008-03-29 01:40 . 2008-03-29 01:40 14,858 --a------ C:\WINDOWS\iveriki._dl
2008-03-29 01:40 . 2008-03-29 01:40 14,734 --a------ C:\Program Files\Common Files\byfy.bin
2008-03-29 01:40 . 2008-03-29 01:40 14,445 --a------ C:\WINDOWS\peluduna.scr
2008-03-29 01:40 . 2008-03-29 01:40 14,107 --a------ C:\WINDOWS\system32\mifolore.dll
2008-03-29 01:40 . 2008-03-29 01:40 13,327 --a------ C:\WINDOWS\tacuqiv.vbs
2008-03-29 01:40 . 2008-03-29 01:40 13,115 --a------ C:\WINDOWS\system32\yfokozegav.ban
2008-03-29 01:40 . 2008-03-29 01:40 11,478 --a------ C:\WINDOWS\system32\rytuf.ban
2008-03-29 01:37 . 2008-03-29 20:57 4,080 --a------ C:\WINDOWS\system32\dllcache\beep.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 01:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-02 16:05 --------- d-----w C:\Program Files\Common Files\Palo Alto Software
2008-04-02 16:05 --------- d-----w C:\Program Files\Common Files\Intuit
2008-04-01 13:18 --------- d-----w C:\Documents and Settings\Christopher Scarlett\Application Data\InstallShield Installation Information
2008-04-01 13:16 --------- d-----w C:\Program Files\Novatel Wireless
2008-03-30 13:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-30 00:57 4,080 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-03-30 00:53 --------- d-----w C:\Program Files\QuickTime
2008-03-30 00:53 --------- d-----w C:\Program Files\j2 Messenger 4.2
2008-03-29 05:46 --------- d-----w C:\Program Files\WildTangent
2008-03-29 05:46 --------- d-----w C:\Program Files\HP Games
2008-03-29 05:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-03-29 05:41 18,200 ----a-w C:\Program Files\Common Files\uciral._sy
2008-03-29 05:40 19,602 ----a-w C:\Program Files\Common Files\nojivi.ban
2008-03-29 05:40 18,009 ----a-w C:\Program Files\Common Files\uxon.inf
2008-03-04 19:32 105,984 ----a-w C:\WINDOWS\b152.exe
2008-02-28 19:31 --------- d-----w C:\Documents and Settings\Christopher Scarlett\Application Data\j2 Messenger
2008-02-28 19:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\j2 Messenger 4.2 Setup
2008-02-22 23:20 --------- d-----w C:\Program Files\Unreal Tournament 3
2008-02-20 20:35 --------- d-----w C:\Program Files\Common Files\Adobe
2005-07-29 20:24 472 --sha-r C:\WINDOWS\Q2hyaXN0b3BoZXIgU2NhcmxldHQ\kZ1VurhXva1CtrK0oZh1wAU5xJk.vbs
.
Files Infected - Win32.Agent.zb
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
C:\Windows\SMINST\RecGuard.exe
C:\Windows\CREATOR\Remind_XP.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
C:\Program Files\Brother\ControlCenter3\brctrcen.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-29 02:04 68856]
"Snte"="C:\WINDOWS\SSTEM3~1\regsvr32.exe" [ ]
"Nkhzzl"="C:\WINDOWS\system32\?racle\??rss.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2008-04-04 12:36 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-03-29 02:04 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 01:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 01:58 86016]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 11:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-29 02:04 794713]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2008-03-29 02:04 102400]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-03-29 02:04 213936]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2008-03-29 02:04 86960]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 14:33 163840]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-03-29 02:04 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2008-03-29 02:04 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2008-03-29 02:04 643072]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-03-29 02:04 213936]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2008-03-29 02:04 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2008-03-29 02:04 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-03-29 02:04 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2008-03-29 02:04 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2008-03-29 02:04 77824]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2008-03-29 02:04 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 02:04 282624]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"j2 4.2"="C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2008-03-29 02:04 107008]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 16:09:32 73728]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-05-09 16:09:32 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 14:33:22 581693]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-14 14:16:41 124400]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 12:39:30 73728]
Palo Alto Software Update Manager 9.0.lnk - C:\Program Files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe [2006-09-05 15:55:24 122880]
Targus BT Mouse.lnk - C:\Program Files\Targus BT Mouse\MulMouse.exe [2006-11-20 23:52:32 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=

R1 BtFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\BtFltr.sys [2006-04-12 16:40]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-09-06 16:30]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\WINDOWS\system32\DRIVERS\nwusbser2.sys [2007-10-12 17:04]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-18 23:44]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 04:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ae824f6-a8e8-11dc-9c69-0018de76ae88}]
\Shell\AutoRun\command - G:\LapNetWizard.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3f314e4-4102-11dc-9c57-b88f17d69674}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 08:23:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????Y??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Targus BT Mouse\OSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-13 8:26:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-13 12:25:54
Pre-Run: 28,680,445,952 bytes free
Post-Run: 28,897,734,656 bytes free
.
2008-03-12 14:07:42 --- E O F ---


That was the other .txt file. hope it is what you're looking for...

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 19 June 2008 - 04:56 PM

That was indeed the correct log :thumbsup:
Before we begin, please visit the page below, scroll down to the part which says "How to install and use the Windows XP Recovery Console," and follow those instructions:

How to download and use ComboFix

Then please run another scan with Combofix and post back the new log, along with a HijackThis log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 lagreen

lagreen
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 20 June 2008 - 08:04 AM

i Purchased my laptop through HP and they did not include a Windows XP disk with the machine. I don't have a Windows Software CD to do the installation per the instructions on the page. Also, on the support page from Microsoft, I couldn't find anything about how to install it without the cd, or if there was a file I could save to a disk to do basically the same thing. Any suggestions?

thnaks

chris

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 20 June 2008 - 03:08 PM

There is a section on the page I linked you to which details how to download the Recovery Console if you don't have the CD. It starts:

If you use Windows XP and do not have the Windows CD, ComboFix includes a method of installing the Windows Recovery console by downloading a file from Microsoft. To install the Windows Recovery Console when you do not have the Windows XP CD, please follow these instructions:


Edited by rookie147, 20 June 2008 - 03:08 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 16 July 2008 - 04:27 PM

Due to lack of feedback, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users