Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Horneymatch Popup, Unable To Type Url Direct


  • This topic is locked This topic is locked
2 replies to this topic

#1 mweaver

mweaver

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 27 June 2008 - 02:09 PM

I am getting whacked with Horneymatch.com and other pop-ups. Browser is unresponsive when typing url directly into the navigation bar. Google search bar unresponsive, sometimes works in separate tab, very slow.

I will be attaching the combofix and hijackthis log files. Due to the inability to use the nav bar it is difficult to get the Kaspersky scan. I have Trend Micro, it is updated daily. When i realized i was whacked (mid last week) i scanned the system and deleted 13 infected files (virus/malware types). Obviously, this didn't do much.

Also - my monitor sometimes doesn't get recognized and i have to hard boot several times before the monitor kicks on. Not sure if this is a coincidence or a symptom.]

I am sending this from my second computer. I will continue to try and run the Kaspersky scan and send the log along if successful.

Thanks in advance for your assistance.


ComboFix 08-06-20.4 - Matt 2008-06-27 12:11:17.3 - FAT32x86

Running from: C:\Documents and Settings\Matt\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kmd.exe
C:\WINDOWS\BM3c526c13.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\JiikQqru.ini
C:\WINDOWS\system32\JiikQqru.ini2
C:\WINDOWS\system32\nstonrog.ini
C:\WINDOWS\system32\opnKeEwu.dll
C:\WINDOWS\system32\rqRLfGxv.dll
C:\WINDOWS\system32\urqQkiiJ.dll
C:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-26 16:29 . 2008-06-26 16:29 <DIR> d--hs---- C:\FOUND.000
2008-06-26 15:04 . 2008-06-26 15:04 <DIR> d-------- C:\Program Files\PrevxCSI
2008-06-26 15:04 . 2008-06-26 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-06-26 15:04 . 2008-06-26 15:04 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-06-26 09:34 . 2008-06-26 09:34 6,692 --a------ C:\WINDOWS\system32\apphglra.dll
2008-06-26 09:34 . 2008-06-26 09:34 6,690 --a------ C:\WINDOWS\system32\kbyrttih.dll
2008-06-26 09:33 . 2008-06-26 09:33 91,648 --a------ C:\WINDOWS\system32\gvruuxwd.dll
2008-06-21 08:16 . 2008-06-21 08:16 <DIR> d-------- C:\Documents and Settings\Gabrielle\Application Data\Sunbelt Software
2008-06-20 22:27 . 2008-06-20 22:27 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-06-20 22:27 . 2008-06-20 22:27 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-06-20 22:04 . 2008-06-20 22:04 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\Sunbelt Software
2008-06-20 16:41 . 2008-06-20 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 16:38 . 2008-06-20 16:38 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\PC Tools
2008-06-20 14:40 . 2008-06-20 14:40 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-20 14:18 . 2008-06-20 14:18 99,328 --a------ C:\WINDOWS\system32\avacvbib.dll
2008-06-20 14:15 . 2008-06-20 14:15 90,624 --a------ C:\WINDOWS\system32\feshgthw.dll
2008-06-20 14:15 . 2008-06-20 14:15 6,690 --a------ C:\WINDOWS\system32\yfjfcalm.dll
2008-06-19 20:02 . 2008-06-19 20:02 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\Ahead
2008-06-19 19:58 . 2008-06-19 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-06-19 19:48 . 2008-06-19 19:48 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-19 14:07 . 2008-06-19 14:07 98,816 --a------ C:\WINDOWS\system32\rwnympxf.dll
2008-06-19 14:07 . 2008-06-19 14:07 90,112 --a------ C:\WINDOWS\system32\bywfgfsw.dll
2008-06-19 14:07 . 2008-06-19 14:07 6,690 --a------ C:\WINDOWS\system32\fdomepxo.dll
2008-06-19 13:15 . 2008-06-19 13:18 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2008-06-17 23:13 . 2008-06-17 23:13 7,152 --a------ C:\WINDOWS\system32\ljJCstrS.dll
2008-06-17 22:12 . 2008-06-17 22:13 7,152 --a------ C:\WINDOWS\system32\iifdddET.dll
2008-06-17 21:12 . 2008-06-17 21:13 7,152 --a------ C:\WINDOWS\system32\rqRHyvTJ.dll
2008-06-17 20:12 . 2008-06-17 20:12 7,152 --a------ C:\WINDOWS\system32\geBtTLdE.dll
2008-06-17 19:12 . 2008-06-17 19:12 7,152 --a------ C:\WINDOWS\system32\ljJCrOHb.dll
2008-06-17 18:12 . 2008-06-17 18:12 7,152 --a------ C:\WINDOWS\system32\geBrrPJa.dll
2008-06-17 17:12 . 2008-06-17 17:12 7,152 --a------ C:\WINDOWS\system32\ljJYSkIa.dll
2008-06-17 16:12 . 2008-06-17 16:12 7,152 --a------ C:\WINDOWS\system32\opnooPHy.dll
2008-06-17 15:12 . 2008-06-17 15:12 7,152 --a------ C:\WINDOWS\system32\pmnoOFwV.dll
2008-06-15 20:25 . 2008-06-15 20:25 6,690 --a------ C:\WINDOWS\system32\rejeppgy.dll
2008-06-14 15:20 . 2008-06-14 15:20 <DIR> d-------- C:\Documents and Settings\Matt\Application Data\dBpoweramp
2008-06-14 14:01 . 2008-06-14 14:01 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
2008-06-14 14:01 . 2008-06-14 14:01 3,400 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2008-06-10 19:22 . 2008-06-10 19:22 <DIR> d-------- C:\Documents and Settings\Gracie\Application Data\HPAppData
2008-06-10 19:22 . 2008-06-10 19:22 <DIR> d-------- C:\Documents and Settings\Gracie\Application Data\Aladdin Systems
2008-06-10 19:21 . 2008-06-10 19:21 <DIR> d-------- C:\Documents and Settings\Gracie\Application Data\Spamihilator
2008-06-10 19:19 . 2004-09-22 01:33 <DIR> d-------- C:\Documents and Settings\Gracie\WINDOWS
2008-06-10 19:19 . 2004-09-22 03:54 <DIR> d---s---- C:\Documents and Settings\Gracie\UserData
2008-06-10 19:19 . 2004-09-24 01:11 <DIR> d--h----- C:\Documents and Settings\Gracie\InstallAnywhere
2008-06-10 19:19 . 2004-09-24 01:03 <DIR> d-------- C:\Documents and Settings\Gracie\Application Data\You've Got Pictures Screensaver
2008-06-10 19:19 . 2004-09-24 06:12 <DIR> d-------- C:\Documents and Settings\Gracie\Application Data\Ulead Systems
2008-06-10 19:19 . 2004-09-24 03:45 <DIR> d-------- C:\Documents and Settings\Gracie\Application Data\Simple Star
2008-06-10 19:19 . 2004-09-24 04:57 <DIR> d-------- C:\Documents and Settings\Gracie\Application Data\Leadertech
2008-06-10 19:19 . 2004-09-24 01:33 <DIR> d-------- C:\Documents and Settings\Gracie\Application Data\Intuit
2008-06-10 19:19 . 2004-09-24 05:50 <DIR> d-------- C:\Documents and Settings\Gracie\Application Data\InterVideo
2008-06-10 19:19 . 2004-09-24 03:30 <DIR> d-------- C:\Documents and Settings\Gracie\Application Data\InterTrust
2008-06-10 19:19 . 2004-09-24 03:22 <DIR> d-------- C:\Documents and Settings\Gracie\Application Data\ExpensAble
2008-06-10 19:19 . 2004-09-24 01:03 <DIR> d-------- C:\Documents and Settings\Gracie\Application Data\AOL
2008-06-10 19:19 . 2004-09-24 06:45 <DIR> d-------- C:\Documents and Settings\Gracie\Application Data\7100Series
2008-06-10 19:19 . 2008-06-10 19:19 <DIR> d-------- C:\Documents and Settings\Gracie
2008-06-10 19:15 . 2008-06-10 19:15 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-10 17:22 . 2008-06-10 17:22 <DIR> d-------- C:\Documents and Settings\Karli\Application Data\HPAppData
2008-06-10 17:22 . 2008-06-10 17:22 <DIR> d-------- C:\Documents and Settings\Karli\Application Data\Aladdin Systems
2008-06-10 17:20 . 2008-06-10 17:20 <DIR> d-------- C:\Documents and Settings\Karli\Application Data\Spamihilator
2008-06-10 17:17 . 2004-09-22 01:33 <DIR> d-------- C:\Documents and Settings\Karli\WINDOWS
2008-06-10 17:17 . 2004-09-22 03:54 <DIR> d---s---- C:\Documents and Settings\Karli\UserData
2008-06-10 17:17 . 2004-09-24 01:11 <DIR> d--h----- C:\Documents and Settings\Karli\InstallAnywhere
2008-06-10 17:17 . 2004-09-24 01:03 <DIR> d-------- C:\Documents and Settings\Karli\Application Data\You've Got Pictures Screensaver
2008-06-10 17:17 . 2004-09-24 06:12 <DIR> d-------- C:\Documents and Settings\Karli\Application Data\Ulead Systems
2008-06-10 17:17 . 2004-09-24 03:45 <DIR> d-------- C:\Documents and Settings\Karli\Application Data\Simple Star
2008-06-10 17:17 . 2004-09-24 04:57 <DIR> d-------- C:\Documents and Settings\Karli\Application Data\Leadertech
2008-06-10 17:17 . 2004-09-24 01:33 <DIR> d-------- C:\Documents and Settings\Karli\Application Data\Intuit
2008-06-10 17:17 . 2004-09-24 05:50 <DIR> d-------- C:\Documents and Settings\Karli\Application Data\InterVideo
2008-06-10 17:17 . 2004-09-24 03:30 <DIR> d-------- C:\Documents and Settings\Karli\Application Data\InterTrust
2008-06-10 17:17 . 2004-09-24 03:22 <DIR> d-------- C:\Documents and Settings\Karli\Application Data\ExpensAble
2008-06-10 17:17 . 2004-09-24 01:03 <DIR> d-------- C:\Documents and Settings\Karli\Application Data\AOL
2008-06-10 17:17 . 2004-09-24 06:45 <DIR> d-------- C:\Documents and Settings\Karli\Application Data\7100Series
2008-06-10 17:17 . 2008-06-10 17:17 <DIR> d-------- C:\Documents and Settings\Karli
2008-06-10 16:39 . 2008-06-10 16:39 1,409 --a------ C:\WINDOWS\system32\tmpB30FA.FOT
2008-06-10 16:39 . 2008-06-10 16:39 1,409 --a------ C:\WINDOWS\system32\tmpAF2FA.FOT
2008-06-10 16:39 . 2008-06-10 16:39 1,409 --a------ C:\WINDOWS\system32\tmp59EEA.FOT
2008-06-10 16:39 . 2008-06-10 16:39 1,409 --a------ C:\WINDOWS\system32\tmp0CCEA.FOT
2008-06-10 08:49 . 2008-06-10 08:49 1,409 --a------ C:\WINDOWS\system32\tmpDF9A1.FOT
2008-06-10 08:49 . 2008-06-10 08:49 1,409 --a------ C:\WINDOWS\system32\tmpCB9B1.FOT
2008-06-10 08:49 . 2008-06-10 08:49 1,409 --a------ C:\WINDOWS\system32\tmpBA4B1.FOT
2008-06-10 08:49 . 2008-06-10 08:49 1,409 --a------ C:\WINDOWS\system32\tmpB3D91.FOT
2008-06-10 08:49 . 2008-06-10 08:49 1,409 --a------ C:\WINDOWS\system32\tmp885A1.FOT
2008-06-10 08:49 . 2008-06-10 08:49 1,409 --a------ C:\WINDOWS\system32\tmp730B1.FOT
2008-06-10 08:49 . 2008-06-10 08:49 1,409 --a------ C:\WINDOWS\system32\tmp42991.FOT
2008-06-10 08:49 . 2008-06-10 08:49 1,409 --a------ C:\WINDOWS\system32\tmp241A1.FOT
2008-06-08 11:52 . 2008-06-08 11:52 <DIR> d-------- C:\Program Files\Alex Feinman

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 18:01 10,886,008 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-05-22 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-11 12:14 --------- d-----w C:\Program Files\Photo Viewer
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-03 19:12 --------- d-----w C:\Documents and Settings\Brandon\Application Data\HPAppData
2008-05-02 20:22 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-05-02 20:21 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-05-02 20:17 1,169,240 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2008-05-01 14:51 --------- d-----w C:\Program Files\iTunes
2008-05-01 14:47 --------- d-----w C:\Program Files\QuickTime
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 --s-a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 11:01 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2007-12-24 15:56 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-07-12 11:47 291,120 ----a-w C:\Documents and Settings\Matt\Application Data\GDIPFONTCACHEV1.DAT
2007-02-07 19:35 240,984 ----a-w C:\Documents and Settings\Gabrielle\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2008-02-22 15:53 23552 1ea6f0ab57ce0e11a8721073491f575f C:\WINDOWS\system32\ctfmon.exe
2008-02-22 15:53 23552 1ea6f0ab57ce0e11a8721073491f575f C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{aa1debee-2a21-4320-8363-26aac4f4d9e0}]
2008-06-20 14:18 99328 --a------ C:\WINDOWS\system32\avacvbib.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZVolume"="C:\Program Files\ZVolume\ZVolume.exe" [2006-05-09 19:07 339968]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-07 19:01 43008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-05-27 01:09 49152 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2004-06-07 19:58 143360 C:\WINDOWS\system32\VTTrayp.exe]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-07-06 10:28 716800]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 00:56 1398024]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [ ]
"BM3c526c13"="C:\WINDOWS\system32\gvruuxwd.dll" [2008-06-26 09:33 91648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 12:00 53760 C:\WINDOWS\system32\narrator.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:59 44544]

C:\Documents and Settings\Matt\Start Menu\Programs\Startup\
IC Task Manager.lnk - C:\Program Files\Aladdin Systems\Internet Cleanup\ONICTASK.exe [2004-11-02 12:31:26 122880]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"vidc.mxmc"= MimicICM.DLL
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Lifeline.lnk.disabled]
backup=C:\WINDOWS\pss\Digital Lifeline.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk.disabled]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk.disabled]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk.disabled]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk.disabled]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk.disabled]
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Smart Reminder.lnk.disabled]
backup=C:\WINDOWS\pss\Smart Reminder.lnk.disabledCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Reminder.lnk.disabled

[HKLM\~\startupfolder\C:^Documents and Settings^Brandon^Start Menu^Programs^Startup^V CAST Music Monitor.lnk]
backup=C:\WINDOWS\pss\V CAST Music Monitor.lnkStartup
path=C:\Documents and Settings\Brandon\Start Menu\Programs\Startup\V CAST Music Monitor.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^IC Task Manager.lnk]
path=C:\Documents and Settings\Matt\Start Menu\Programs\Startup\IC Task Manager.lnk
backup=C:\WINDOWS\pss\IC Task Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^IC Task Manager.lnk.disabled]
backup=C:\WINDOWS\pss\IC Task Manager.lnk.disabledStartup
path=C:\Documents and Settings\Matt\Start Menu\Programs\Startup\IC Task Manager.lnk.disabled

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 15:35 67112 C:\Program Files\AIM95\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
--a------ 2004-12-07 21:03 163840 C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shicoxp]
--a------ 2004-06-09 17:00 45056 C:\WINDOWS\shicoxp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMC_AutoUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LVPrcSrv"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"aawservice"=2 (0x2)
"AresChatServer"=3 (0x3)
"Apple Mobile Device"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TalkItTypeIt"=C:\Program Files\TalkItTypeIt\TalkItTypeIt.exe
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
"PlaxoUpdate"=C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
"LDM"=\Program\BackWeb-8876480.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe
"LVCOMSX"=C:\WINDOWS\System32\LVCOMSX.EXE
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
"WinFSG"="C:\Program Files\Aladdin Systems\Internet Cleanup\MSFG.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"SoundMan"=SOUNDMAN.EXE
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 13:22:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 12:40:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\gvruuxwd.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRAM FILES\PREVXCSI\PREVXCSI.EXE
C:\PROGRAM FILES\ALADDIN SYSTEMS\INTERNET CLEANUP\ICSERV.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY\SFCTLCOM.EXE
C:\WINDOWS\SYSTEM32\SLSERV.EXE
C:\PROGRAM FILES\TREND MICRO\BM\TMBMSRV.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\PROGRAM FILES\PREVXCSI\PREVXCSI.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2008-06-27 12:49:38 - machine was rebooted [Matt]
ComboFix-quarantined-files.txt 2008-06-27 16:48:46
ComboFix2.txt 2008-02-05 21:28:06

Pre-Run: 127,120,179,200 bytes free
Post-Run: 129,309,966,336 bytes free

290 --- E O F --- 2008-06-10 19:51:38


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:20 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ZVolume\ZVolume.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Aladdin Systems\Internet Cleanup\ONICTASK.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Aladdin Systems\Internet Cleanup\icserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: ICHlprObj Class - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\PROGRA~1\ALADDI~1\INTERN~1\IC3hlpr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: {0e9d4f4c-aa62-3638-0234-12a2eebed1aa} - {aa1debee-2a21-4320-8363-26aac4f4d9e0} - C:\WINDOWS\system32\avacvbib.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BM3c526c13] Rundll32.exe "C:\WINDOWS\system32\gvruuxwd.dll",s
O4 - HKCU\..\Run: [ZVolume] C:\Program Files\ZVolume\ZVolume.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-21-133707808-3993469562-2165517387-1006\..\Run: [ZVolume] C:\Program Files\ZVolume\ZVolume.exe (User '?')
O4 - HKUS\S-1-5-21-133707808-3993469562-2165517387-1006\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-133707808-3993469562-2165517387-1006 Startup: IC Task Manager.lnk = C:\Program Files\Aladdin Systems\Internet Cleanup\ONICTASK.exe (User '?')
O4 - Startup: IC Task Manager.lnk = C:\Program Files\Aladdin Systems\Internet Cleanup\ONICTASK.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stashSpace.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177686501937
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138388603343
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mlmeetings.webex.com/client/wbs25-v...bex/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: icservice - Aladdin Systems, Inc. - C:\Program Files\Aladdin Systems\Internet Cleanup\icserv.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 8404 bytes

BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 18 July 2008 - 04:30 AM

Hello mweaver,

I apologise for the delay, the forum is too busy.

Please remove Combofix from your computer.
----------------------------------------------
RENAME HIJACKTHIS

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Right-click on HijackThis.exe & select Rename to scanner.exe and post back a new Hijackthis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 23 July 2008 - 06:07 AM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users