Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Xp 2008-malware


  • This topic is locked This topic is locked
6 replies to this topic

#1 Cody Dean

Cody Dean

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 15 August 2008 - 05:44 PM

Hi! I am pretty certain I have some malware that I need advice how to remove. Antivirus XP 2008 or something of the sort was installed, and I thought I got rid of it. However, now I am left with adware and other stuff that I don't know how to get rid of! I have ran AVG free, adaware, spybot, and stinger. I then created the first log file. Aftewards, I ran malwarebytes' anti-malware which found more trojans, etc. I went to msconfig and edited the startup list and unchecked glove.exe, cssrss.exe, and sysrest32.exe. I still think I have adware or something because when I type a direct link in, it takes me to some ezcoolpages.com website. I would sincerely appreciate anyone's advice! Thanks so much.

HJT Log File BEFORE Malwarebytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:42 PM, on 8/15/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\VnrBlock\VnrBlock20.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Glove\X_Glove.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\VHJMPAST\stinger[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F} - C:\WINDOWS\system32\nnnlmNGX.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GloveBHO - {9782d730-5648-4eb0-ab4e-fe82f580485a} - C:\Program Files\Glove\Glove.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: bannerstyle browser optimizer - {bd60473d-825e-5b62-6b4c-3b4b0c2feb1d} - C:\WINDOWS\system32\embmkjuoiloezlfvw.dll (file missing)
O2 - BHO: (no name) - {CB2F7854-9A2E-4BF6-B129-35F74FEB7AF8} - C:\WINDOWS\system32\hgGwUNDU.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe
O4 - HKLM\..\Run: [lphcvutj0ev0v] C:\WINDOWS\system32\lphcvutj0ev0v.exe
O4 - HKLM\..\Run: [SMrhcrutj0ev0v] C:\Program Files\rhcrutj0ev0v\rhcrutj0ev0v.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Snte] "C:\WINDOWS\ICROSO~1.NET\wowexec.exe" -vt yazb
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VnrBlock20] "C:\Program Files\VnrBlock\VnrBlock20.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Glove - Auto Update.lnk = C:\Program Files\Glove\Glove.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200768731668
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: nnnlmNGX - nnnlmNGX.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10826 bytes

Current HJT Log File AFTER Malwarebytes and startup changes:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:51 PM, on 8/15/2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GloveBHO - {9782d730-5648-4eb0-ab4e-fe82f580485a} - C:\Program Files\Glove\Glove.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {CB2F7854-9A2E-4BF6-B129-35F74FEB7AF8} - C:\WINDOWS\system32\hgGwUNDU.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Snte] "C:\WINDOWS\ICROSO~1.NET\wowexec.exe" -vt yazb
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1200768731668
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: nnnlmNGX - nnnlmNGX.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9653 bytes

BC AdBot (Login to Remove)

 


#2 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:49 AM

Posted 15 August 2008 - 06:07 PM

Hello and welcome Cody Dean


Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


#3 Cody Dean

Cody Dean
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 15 August 2008 - 07:22 PM

Here is the ComboFix log:

ComboFix 08-08-14.05 - Mark 2008-08-15 19:57:53.1 - NTFSx86
Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\LocalService\Cookies\system@areaconnect[2].txt
C:\Documents and Settings\Mark\Application Data\ASEMBL~1
C:\Documents and Settings\Mark\Application Data\FNTS~1
C:\Documents and Settings\Mark\Application Data\ICROSO~1.NET
C:\Documents and Settings\Mark\Application Data\macromedia\Flash Player\#SharedObjects\YD5LVFTP\interclick.com
C:\Documents and Settings\Mark\Application Data\macromedia\Flash Player\#SharedObjects\YD5LVFTP\interclick.com\ud.sol
C:\Documents and Settings\Mark\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Mark\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Mark\Application Data\MCROSO~1
C:\Documents and Settings\Mark\Application Data\PPATCH~1
C:\Documents and Settings\Mark\Application Data\SKS~1
C:\Documents and Settings\Mark\Application Data\SSEMBL~1
C:\Documents and Settings\Mark\Application Data\YSTEM~1
C:\Documents and Settings\Mark\Cookies\mark@67.201.36[1].txt
C:\Documents and Settings\Mark\Cookies\mark@67.201.36[2].txt
C:\Documents and Settings\Mark\Cookies\mark@about[2].txt
C:\Documents and Settings\Mark\Cookies\mark@ad.outerinfoads[2].txt
C:\Documents and Settings\Mark\Cookies\mark@ad.outerinfoads[3].txt
C:\Documents and Settings\Mark\Cookies\mark@ad.yieldmanager[1].txt
C:\Documents and Settings\Mark\Cookies\mark@ad.yieldmanager[3].txt
C:\Documents and Settings\Mark\Cookies\mark@ad.yieldmanager[4].txt
C:\Documents and Settings\Mark\Cookies\mark@advertising[2].txt
C:\Documents and Settings\Mark\Cookies\mark@babyzone[1].txt
C:\Documents and Settings\Mark\Cookies\mark@ebay[3].txt
C:\Documents and Settings\Mark\Cookies\mark@mediatraffic[1].txt
C:\Documents and Settings\Mark\Cookies\mark@mediatraffic[3].txt
C:\Documents and Settings\Mark\Cookies\mark@mediatraffic[4].txt
C:\Documents and Settings\Mark\Cookies\mark@revsci[2].txt
C:\Documents and Settings\Mark\Cookies\mark@revsci[3].txt
C:\Documents and Settings\Mark\Cookies\mark@rtm[3].txt
C:\Documents and Settings\Mark\Cookies\mark@trafficmp[1].txt
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Mark\My Documents\DOBE~1
C:\Documents and Settings\Mark\My Documents\ICROSO~1
C:\Documents and Settings\Mark\My Documents\RACLE~1
C:\Documents and Settings\Mark\My Documents\SKS~1
C:\Documents and Settings\Mark\My Documents\STEM32~1
C:\Documents and Settings\Mark\My Documents\YMBOLS~1
C:\Program Files\Common Files\crosof~1
C:\Program Files\Common Files\ymbols~1
C:\Program Files\mcroso~1.net
C:\WINDOWS\b103.exe.bin
C:\WINDOWS\icroso~1.net
C:\WINDOWS\icroso~1.net\?icrosoft.NET\
C:\WINDOWS\mcroso~1.net
C:\WINDOWS\system32\bowdkjuu.ini
C:\WINDOWS\system32\D.tmp
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\icroso~2
C:\WINDOWS\system32\pqhsqjyd.ini
C:\WINDOWS\system32\UDNUwGgh.ini
C:\WINDOWS\system32\UDNUwGgh.ini2
C:\WINDOWS\system32\vxhbqkcn.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS
-------\Service_sysrest.sys


((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.

2008-08-15 20:02 . 2008-08-15 20:02 268 --ah----- C:\sqmdata10.sqm
2008-08-15 20:02 . 2008-08-15 20:02 244 --ah----- C:\sqmnoopt10.sqm
2008-08-15 17:38 . 2008-08-15 17:38 268 --ah----- C:\sqmdata09.sqm
2008-08-15 17:38 . 2008-08-15 17:38 244 --ah----- C:\sqmnoopt09.sqm
2008-08-15 17:15 . 2008-08-15 17:15 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Malwarebytes
2008-08-15 17:14 . 2008-08-15 17:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 17:14 . 2008-08-15 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-15 17:14 . 2008-07-30 20:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-15 17:14 . 2008-07-30 20:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-15 15:05 . 2008-08-15 15:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-15 14:13 . 2008-08-15 14:13 268 --ah----- C:\sqmdata08.sqm
2008-08-15 14:13 . 2008-08-15 14:13 244 --ah----- C:\sqmnoopt08.sqm
2008-08-15 12:09 . 2008-08-15 12:09 268 --ah----- C:\sqmdata07.sqm
2008-08-15 12:09 . 2008-08-15 12:09 244 --ah----- C:\sqmnoopt07.sqm
2008-08-13 23:15 . 2008-08-13 23:15 268 --ah----- C:\sqmdata06.sqm
2008-08-13 23:15 . 2008-08-13 23:15 244 --ah----- C:\sqmnoopt06.sqm
2008-08-13 19:02 . 2008-08-13 19:02 28 --a------ C:\WINDOWS\bcmwl.DMR
2008-08-13 17:25 . 2008-08-13 17:25 268 --ah----- C:\sqmdata05.sqm
2008-08-13 17:25 . 2008-08-13 17:25 244 --ah----- C:\sqmnoopt05.sqm
2008-08-13 16:31 . 2008-08-13 16:34 3,176 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-13 16:30 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-13 16:30 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-13 16:30 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-13 16:30 . 2008-08-11 18:07 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-13 16:30 . 2008-08-09 15:37 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-13 16:30 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-13 16:30 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-13 16:30 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-13 16:10 . 2008-08-13 18:16 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-13 16:05 . 2008-08-15 12:01 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-13 16:05 . 2008-08-13 16:17 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\AVGTOOLBAR
2008-08-13 16:05 . 2008-08-13 16:05 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-13 16:05 . 2008-08-13 16:05 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-13 16:05 . 2008-08-13 16:05 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-13 16:04 . 2008-08-13 16:04 <DIR> d-------- C:\Program Files\AVG
2008-08-13 16:04 . 2008-08-13 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-13 15:22 . 2008-08-13 15:22 268 --ah----- C:\sqmdata04.sqm
2008-08-13 15:22 . 2008-08-13 15:22 244 --ah----- C:\sqmnoopt04.sqm
2008-08-13 14:47 . 2008-08-13 14:47 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-13 14:47 . 2008-08-13 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-13 14:46 . 2008-08-13 14:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 13:57 . 2008-08-13 13:57 268 --ah----- C:\sqmdata03.sqm
2008-08-13 13:57 . 2008-08-13 13:57 244 --ah----- C:\sqmnoopt03.sqm
2008-08-13 13:55 . 2008-08-13 13:56 463 --a------ C:\WINDOWS\wininit.ini
2008-08-13 13:11 . 2008-08-13 13:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-13 13:11 . 2008-08-13 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-09 15:27 . 2008-08-15 17:30 <DIR> d-------- C:\Program Files\VnrBlock
2008-08-03 20:14 . 2008-08-13 18:47 <DIR> d-------- C:\Program Files\Glove
2008-08-03 20:10 . 2008-08-03 20:10 268 --ah----- C:\sqmdata02.sqm
2008-08-03 20:10 . 2008-08-03 20:10 244 --ah----- C:\sqmnoopt02.sqm
2008-08-03 20:06 . 2008-08-03 20:06 268 --ah----- C:\sqmdata01.sqm
2008-08-03 20:06 . 2008-08-03 20:06 244 --ah----- C:\sqmnoopt01.sqm
2008-08-02 07:51 . 2008-08-02 07:51 268 --ah----- C:\sqmdata00.sqm
2008-08-02 07:51 . 2008-08-02 07:51 244 --ah----- C:\sqmnoopt00.sqm
2008-07-18 08:56 . 2008-07-18 08:56 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-17 02:18 . 2008-07-17 02:30 1,864 --a------ C:\links.html
2008-07-17 01:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-17 01:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-17 01:15 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 21:14 --------- d-----w C:\Program Files\Java
2008-08-15 18:08 --------- d-----w C:\Program Files\Windows Live
2008-08-14 03:12 136 ----a-w C:\Documents and Settings\Mark\Application Data\wklnhst.dat
2008-08-13 20:25 --------- d-----w C:\Program Files\Common Files\rkif
2008-07-14 05:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-14 05:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 00:34 --------- d-----w C:\Program Files\eMusic Download Manager
2008-06-23 23:30 --------- d-----w C:\Documents and Settings\Mark\Application Data\Snapfish
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9782d730-5648-4eb0-ab4e-fe82f580485a}]
2008-02-14 10:06 409600 --a------ C:\Program Files\Glove\Glove.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-09 18:54 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 08:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 08:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 08:11 692316]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 11:00 339968]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 15:01 233534]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 17:04 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-19 13:18 98304]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 14:24 290816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 16:11 794624]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 12:35 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-13 16:04 1232152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Mark^Start Menu^Programs^Startup^Glove - Auto Update.lnk]
path=C:\Documents and Settings\Mark\Start Menu\Programs\Startup\Glove - Auto Update.lnk
backup=C:\WINDOWS\pss\Glove - Auto Update.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-13 16:05]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-13 16:04]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-13 16:04]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-13 16:05]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 11:18]
.
Contents of the 'Scheduled Tasks' folder

2008-08-16 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-08-14 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 09:42]
.
- - - - ORPHANS REMOVED - - - -

BHO-{CB2F7854-9A2E-4BF6-B129-35F74FEB7AF8} - C:\WINDOWS\system32\hgGwUNDU.dll
HKCU-Run-Snte - C:\WINDOWS\ICROSO~1.NET\wowexec.exe
Notify-nnnlmNGX - nnnlmNGX.dll
MSConfigStartUp-sysrest32 - C:\WINDOWS\system32\sysrest32.exe
MSConfigStartUp-WMDM PMSP Service - C:\WINDOWS\system32\cssrss.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie

O16 -: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
C:\WINDOWS\Downloaded Program Files\imikimi_cab.inf


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 20:07:23
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????4?5?6?6??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Hp\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-08-15 20:16:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-16 00:15:58

Pre-Run: 68,888,780,800 bytes free
Post-Run: 68,895,309,824 bytes free

251 --- E O F --- 2008-08-15 18:39:10

#4 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:49 AM

Posted 15 August 2008 - 09:24 PM

Please download the Suspicious File Packer from here:
http://www.safer-networking.org/files/sfp.zip
Unzip it to the desktop and run it.

Paste the following file path into the Suspicious File Packer window:

C:\Program Files\Glove

Allow SFP to pack the file. This will generate a CAB archive on your desktop.

Next
Click on this link:
http://www.bleepingcomputer.com/submit-malware.php?channel=57

In the window
Link to topic where this file was requested:
Copy and paste the link to this topic inside that please
http://www.bleepingcomputer.com/forums/t/163472/antivirus-xp-2008-malware/

At the lower window click on Browse Navigate to the newly created CAB archive

In the lowest Window
Leave any comments, further information about this file, or contact information:
Type Glove folder in that window please

Click on Send File

Wait for message like "File was successfully submited" to show up.
Thank you !!


Next



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\Program Files\Glove

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9782d730-5648-4eb0-ab4e-fe82f580485a}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#5 Cody Dean

Cody Dean
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 16 August 2008 - 11:05 AM

File you requested was uploaded as instructed. Here is the new log you wanted. Thanks!




ComboFix 08-08-14.05 - Mark 2008-08-16 11:33:19.2 - NTFSx86
Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mark\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\Mark\Application Data\macromedia\Flash Player\#SharedObjects\YD5LVFTP\interclick.com
C:\Documents and Settings\Mark\Application Data\macromedia\Flash Player\#SharedObjects\YD5LVFTP\interclick.com\ud.sol
C:\Documents and Settings\Mark\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Mark\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Program Files\Glove
C:\Program Files\Glove\Glove.dll
C:\Program Files\Glove\Glove.dll.intermediate.manifest
C:\Program Files\Glove\Glove.exe
C:\Program Files\Glove\Glove.original
C:\Program Files\Glove\Gloverg.dll
C:\Program Files\Glove\un_GloveSetup_16754.txt
C:\Program Files\Glove\X_Glove.exe
C:\Program Files\Glove\X_Glove.log

.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.

2008-08-16 11:37 . 2008-08-16 11:37 268 --ah----- C:\sqmdata11.sqm
2008-08-16 11:37 . 2008-08-16 11:37 244 --ah----- C:\sqmnoopt11.sqm
2008-08-15 20:02 . 2008-08-15 20:02 268 --ah----- C:\sqmdata10.sqm
2008-08-15 20:02 . 2008-08-15 20:02 244 --ah----- C:\sqmnoopt10.sqm
2008-08-15 17:38 . 2008-08-15 17:38 268 --ah----- C:\sqmdata09.sqm
2008-08-15 17:38 . 2008-08-15 17:38 244 --ah----- C:\sqmnoopt09.sqm
2008-08-15 17:15 . 2008-08-15 17:15 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Malwarebytes
2008-08-15 17:14 . 2008-08-15 17:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-15 17:14 . 2008-08-15 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-15 17:14 . 2008-07-30 20:14 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-15 17:14 . 2008-07-30 20:14 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-15 15:05 . 2008-08-15 15:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-15 14:13 . 2008-08-15 14:13 268 --ah----- C:\sqmdata08.sqm
2008-08-15 14:13 . 2008-08-15 14:13 244 --ah----- C:\sqmnoopt08.sqm
2008-08-15 12:09 . 2008-08-15 12:09 268 --ah----- C:\sqmdata07.sqm
2008-08-15 12:09 . 2008-08-15 12:09 244 --ah----- C:\sqmnoopt07.sqm
2008-08-13 23:15 . 2008-08-13 23:15 268 --ah----- C:\sqmdata06.sqm
2008-08-13 23:15 . 2008-08-13 23:15 244 --ah----- C:\sqmnoopt06.sqm
2008-08-13 19:02 . 2008-08-13 19:02 28 --a------ C:\WINDOWS\bcmwl.DMR
2008-08-13 17:25 . 2008-08-13 17:25 268 --ah----- C:\sqmdata05.sqm
2008-08-13 17:25 . 2008-08-13 17:25 244 --ah----- C:\sqmnoopt05.sqm
2008-08-13 16:31 . 2008-08-13 16:34 3,176 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-13 16:30 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-13 16:30 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-13 16:30 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-13 16:30 . 2008-08-11 18:07 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-13 16:30 . 2008-08-09 15:37 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-13 16:30 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-13 16:30 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-13 16:30 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-13 16:10 . 2008-08-13 18:16 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-13 16:05 . 2008-08-16 08:55 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-13 16:05 . 2008-08-13 16:17 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\AVGTOOLBAR
2008-08-13 16:05 . 2008-08-13 16:05 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-13 16:05 . 2008-08-13 16:05 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-13 16:05 . 2008-08-13 16:05 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-13 16:04 . 2008-08-13 16:04 <DIR> d-------- C:\Program Files\AVG
2008-08-13 16:04 . 2008-08-13 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-13 15:22 . 2008-08-13 15:22 268 --ah----- C:\sqmdata04.sqm
2008-08-13 15:22 . 2008-08-13 15:22 244 --ah----- C:\sqmnoopt04.sqm
2008-08-13 14:47 . 2008-08-13 14:47 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-13 14:47 . 2008-08-13 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-13 14:46 . 2008-08-13 14:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 13:57 . 2008-08-13 13:57 268 --ah----- C:\sqmdata03.sqm
2008-08-13 13:57 . 2008-08-13 13:57 244 --ah----- C:\sqmnoopt03.sqm
2008-08-13 13:55 . 2008-08-13 13:56 463 --a------ C:\WINDOWS\wininit.ini
2008-08-13 13:11 . 2008-08-13 13:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-13 13:11 . 2008-08-13 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-09 15:27 . 2008-08-15 17:30 <DIR> d-------- C:\Program Files\VnrBlock
2008-08-03 20:10 . 2008-08-03 20:10 268 --ah----- C:\sqmdata02.sqm
2008-08-03 20:10 . 2008-08-03 20:10 244 --ah----- C:\sqmnoopt02.sqm
2008-08-03 20:06 . 2008-08-03 20:06 268 --ah----- C:\sqmdata01.sqm
2008-08-03 20:06 . 2008-08-03 20:06 244 --ah----- C:\sqmnoopt01.sqm
2008-08-02 07:51 . 2008-08-02 07:51 268 --ah----- C:\sqmdata00.sqm
2008-08-02 07:51 . 2008-08-02 07:51 244 --ah----- C:\sqmnoopt00.sqm
2008-07-18 08:56 . 2008-07-18 08:56 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-17 02:18 . 2008-07-17 02:30 1,864 --a------ C:\links.html
2008-07-17 01:15 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-17 01:15 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-17 01:15 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 21:14 --------- d-----w C:\Program Files\Java
2008-08-15 18:08 --------- d-----w C:\Program Files\Windows Live
2008-08-14 03:12 136 ----a-w C:\Documents and Settings\Mark\Application Data\wklnhst.dat
2008-08-13 20:25 --------- d-----w C:\Program Files\Common Files\rkif
2008-07-14 05:54 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-14 05:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-04 00:34 --------- d-----w C:\Program Files\eMusic Download Manager
2008-06-23 23:30 --------- d-----w C:\Documents and Settings\Mark\Application Data\Snapfish
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-09 18:54 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"Snte"="C:\WINDOWS\ICROSO~1.NET\wowexec.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 08:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 08:00 455168]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 08:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 08:11 692316]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 11:00 339968]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 15:01 233534]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-13 17:04 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-19 13:18 98304]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 14:24 290816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 16:11 794624]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 12:35 49152]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-13 16:04 1232152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Mark^Start Menu^Programs^Startup^Glove - Auto Update.lnk]
path=C:\Documents and Settings\Mark\Start Menu\Programs\Startup\Glove - Auto Update.lnk
backup=C:\WINDOWS\pss\Glove - Auto Update.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-13 16:05]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-13 16:04]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-13 16:04]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-13 16:05]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 11:18]
.
Contents of the 'Scheduled Tasks' folder

2008-08-16 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-08-14 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 09:42]
.
- - - - ORPHANS REMOVED - - - -

BHO-{9782d730-5648-4eb0-ab4e-fe82f580485a} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 11:45:16
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????4?5?6?6??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Hp\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 2008-08-16 11:56:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-16 15:55:34
ComboFix2.txt 2008-08-16 00:16:30

Pre-Run: 68,821,184,512 bytes free
Post-Run: 68,865,171,456 bytes free

195 --- E O F --- 2008-08-15 18:39:10

#6 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:49 AM

Posted 16 August 2008 - 02:13 PM

That didn't quite work the way I needed it too

Click on this link:
http://www.bleepingcomputer.com/submit-malware.php?channel=57

In the window
Link to topic where this file was requested:
Copy and paste the link to this topic inside that please,

Copy and paste the following path in the window next to
Browse to the file you want to submit:

ComboFix-quarantined-files.txt 2008-08-16 15:55:34


In the lowest Window
Leave any comments, further information about this file, or contact information:
Type in that window please

Click on Send File

Wait for message like "File was successfully submited" to show up.
Thank you !!


By the way everything looks good how is the machine behaving now ?


Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#7 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:49 AM

Posted 23 August 2008 - 06:13 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users