Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox doesn't work after five minutes


  • Please log in to reply
15 replies to this topic

#1 AceAlmighty13

AceAlmighty13

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 11 January 2009 - 08:15 PM

For awhile now Firefox will work but will quit working after five minutes. I will have to close any windows I have and start over. To top it off Firefox takes a minute to load up initially, maybe longer. I'll start it up then walk off and go do something else so I don't sit there and wait for it to load. iTunes, Winamp, and a couple other programs do the same exact thing. I've posted my HJT log and hope to have the internet fixed. I am in an online college now and I can't have this problem anymore.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:22 PM, on 01/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alex Schwartz\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: 0 - {22C5EC2A-A989-4814-93A3-5ED4F4B899EE} - (no file)
O2 - BHO: (no name) - {3D1A1CA3-8C1D-F9BC-4F17-FE8DBA558FC6} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {BBC37109-6B13-4BB0-8595-ED9D44E7AFAE} - (no file)
O2 - BHO: (no name) - {cdc41c99-8bed-46bc-97b6-9ec228afe395} - (no file)
O2 - BHO: (no name) - {D5E064AF-1DB6-4BFD-A87E-B95DF6E78BB6} - (no file)
O2 - BHO: {108fd1f5-8496-0019-7914-4e9cabc216ce} - {ec612cba-c9e4-4197-9100-69485f1df801} - C:\WINDOWS\System32\jixeeghu.dll (file missing)
O2 - BHO: (no name) - {F116E937-5F68-4D7E-9647-14BD1A1C934F} - (no file)
O2 - BHO: (no name) - {F1D18367-ED25-4A59-9881-8897EE3736C9} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] //~c:\program files\nero\nero 7\incd\incd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] //~c:\program files\spybot - search & destroy\teatimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1228865990125
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ljjheee - ljjheee.dll (file missing)
O20 - Winlogon Notify: opnkjif - opnkjif.dll (file missing)
O20 - Winlogon Notify: sstqr - C:\WINDOWS\System32\sstqr.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\profsyzyzoz.html

--
End of file - 11570 bytes

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:10 PM

Posted 22 January 2009 - 05:31 PM

Hello AceAlmighty13,

Please read [url="http://"http://www.bleepingcomputer.com/combofix/how-to-use-combofix"]this tutorial[/url] carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Please post back with the ComboFix log.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 AceAlmighty13

AceAlmighty13
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 22 January 2009 - 10:03 PM

Here is my Combofix log:

ComboFix 07-06-18.2 - C:\Documents and Settings\Alex Schwartz\My Documents\Stuff\ComboFix.exe
"Alex Schwartz" - 2009-01-22 20:43:06 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))


2009-01-22 20:42 49,152 --a------ C:\WINDOWS\nircmd.exe
2009-01-18 14:03 <DIR> d-------- C:\DOCUME~1\ALEXSC~1\APPLIC~1\HPAppData
2009-01-05 20:28 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2009-01-04 12:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
2009-01-04 12:02 <DIR> d-------- C:\DOCUME~1\ALEXSC~1\APPLIC~1\HP
2009-01-04 12:00 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2009-01-04 11:59 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2009-01-04 11:59 271,704 -ra------ C:\WINDOWS\system32\hpzids01.dll
2009-01-04 11:58 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2009-01-04 11:58 118,272 --a------ C:\WINDOWS\system32\hpz3l692.dll
2009-01-04 11:57 974,848 -ra------ C:\WINDOWS\system32\hpost_p01c.dll
2009-01-04 11:57 729,088 -ra------ C:\WINDOWS\system32\hposwia_p01c.dll
2009-01-04 11:57 372,736 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2009-01-04 11:57 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2009-01-04 11:57 303,104 -ra------ C:\WINDOWS\system32\hposc_p01a.dll
2009-01-04 11:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
2009-01-04 11:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2009-01-04 11:17 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2009-01-04 11:16 <DIR> d-------- C:\Program Files\Common Files\HP
2009-01-04 11:03 165,205 --a------ C:\WINDOWS\hpoins33.dat
2009-01-04 11:03 1,526 --------- C:\WINDOWS\hpomdl33.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-01-23 01:31:11 -------- d-----w C:\DOCUME~1\ALEXSC~1\APPLIC~1\uTorrent
2009-01-04 18:16:30 -------- d-----w C:\Program Files\HP
2009-01-04 17:01:22 -------- d-----w C:\Program Files\Palm
2009-01-04 16:57:11 -------- d-----w C:\Program Files\Hewlett-Packard
2008-12-18 02:24:51 -------- d-----w C:\Program Files\iTunes
2008-12-18 02:23:47 -------- d-----w C:\Program Files\iPod
2008-12-18 02:23:41 -------- d-----w C:\Program Files\Common Files\Apple
2008-12-18 02:20:22 -------- d-----w C:\Program Files\Bonjour
2008-12-18 02:18:59 -------- d-----w C:\Program Files\QuickTime
2008-12-18 02:13:51 -------- d-----w C:\Program Files\Apple Software Update
2008-12-08 12:50:17 -------- d-----w C:\Program Files\Diablo II
2008-12-08 02:09:27 261 ----a-w C:\WINDOWS\system32\PavCPL.dat
2008-12-08 02:05:59 -------- d-----w C:\Program Files\Panda Security
2008-12-08 02:05:59 -------- d-----w C:\DOCUME~1\ALEXSC~1\APPLIC~1\Panda Security
2008-12-08 01:52:04 -------- d-----w C:\Program Files\Common Files\Panda Security
2008-12-08 01:26:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-12-05 13:04:15 -------- d-----w C:\DOCUME~1\ALEXSC~1\APPLIC~1\Move Networks
1989-12-12 15:10:10 1,126,352 --sh--r C:\WINDOWS\oomoekeA.exe
2008-02-19 04:05:17 29,646 --sh--w C:\WINDOWS\system32\zbkbltcm.dllbox


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0347C33E-8762-4905-BF09-768834316C61}=C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-03-27 23:51]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-26 23:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 01:11]
{ec612cba-c9e4-4197-9100-69485f1df801}=C:\WINDOWS\System32\jixeeghu.dll []
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}=C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 23:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 15:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 11:23]
"InCD"="//~c:\program files\nero\nero 7\incd\incd.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 17:54]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.exe" [2008-12-03 02:54]
"SCANINICIO"="C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe" [2008-07-07 14:43]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 14:16]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-11-04 10:30]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-11-20 13:20]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 21:27]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 09:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="//~c:\program files\spybot - search & destroy\teatimer.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-10-09 06:44]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Internet Explorer\profsyzyzoz.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [2006-10-26 23:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjheee]
ljjheee.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkjif]
opnkjif.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqr]
C:\WINDOWS\System32\sstqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\wbsrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\\WINDOWS\\System32\\vtutt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PskSvcRetail]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Alerter"=3 (0x3)
"TrkWks"=2 (0x2)
"MSDTC"=3 (0x3)
"ClipSrv"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda Gwmsrv
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


Contents of the 'Scheduled Tasks' folder
2009-01-21 06:02:00 C:\WINDOWS\tasks\Basic clean-up.job
2009-01-21 06:00:00 C:\WINDOWS\tasks\Windows Update.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 20:55:14
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2009-01-22 21:00:26
C:\ComboFix-quarantined-files.txt ... 2009-01-22 21:00
C:\ComboFix2.txt ... 2008-10-16 22:11

--- E O F ---

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:10 PM

Posted 23 January 2009 - 07:21 AM

Hello AceAlmighty13,

Please move ComboFix.exe to your Desktop !

Then, let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/194438/firefox-doesnt-work-after-five-minutes/
Collect::
C:\WINDOWS\oomoekeA.exe
C:\WINDOWS\system32\zbkbltcm.dllbox
C:\WINDOWS\System32\sstqr.dll
File::
C:\WINDOWS\hpoins33.dat
C:\WINDOWS\hpomdl33.dat
C:\Program Files\Internet Explorer\profsyzyzoz.html
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{ec612cba-c9e4-4197-9100-69485f1df801}=-
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjheee]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkjif]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh DDS log.

ComboFix wil generate a zipped file, similar to C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip.
Upon reboot, and if an active connection is available, it will attempt to automatically upload the malware sample for further investigation. Please allow this if one of your security programs pops up a warning.
In the event the upload fails, the sample can still be uploaded by double clicking the C:\CF-Submit.htm file (opens browser window) and click OK to start the upload. :thumbsup:

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 AceAlmighty13

AceAlmighty13
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 23 January 2009 - 11:29 PM

If it uploads automatically without notice then I'm assuming it did. I have no clue what DDS is but I have been using HJT. Here's my current Combofix log:

ComboFix 07-06-18.2 - C:\Documents and Settings\Alex Schwartz\Desktop\ComboFix.exe
"Alex Schwartz" - 2009-01-23 22:11:09 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Alex Schwartz\Desktop\CFScript.txt


((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))


2009-01-22 20:42 49,152 --a------ C:\WINDOWS\nircmd.exe
2009-01-18 14:03 <DIR> d-------- C:\DOCUME~1\ALEXSC~1\APPLIC~1\HPAppData
2009-01-05 20:28 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2009-01-04 12:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
2009-01-04 12:02 <DIR> d-------- C:\DOCUME~1\ALEXSC~1\APPLIC~1\HP
2009-01-04 12:00 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2009-01-04 11:59 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2009-01-04 11:59 271,704 -ra------ C:\WINDOWS\system32\hpzids01.dll
2009-01-04 11:58 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2009-01-04 11:58 118,272 --a------ C:\WINDOWS\system32\hpz3l692.dll
2009-01-04 11:57 974,848 -ra------ C:\WINDOWS\system32\hpost_p01c.dll
2009-01-04 11:57 729,088 -ra------ C:\WINDOWS\system32\hposwia_p01c.dll
2009-01-04 11:57 372,736 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2009-01-04 11:57 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2009-01-04 11:57 303,104 -ra------ C:\WINDOWS\system32\hposc_p01a.dll
2009-01-04 11:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
2009-01-04 11:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2009-01-04 11:17 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2009-01-04 11:16 <DIR> d-------- C:\Program Files\Common Files\HP
2009-01-04 11:03 165,205 --a------ C:\WINDOWS\hpoins33.dat
2009-01-04 11:03 1,526 --------- C:\WINDOWS\hpomdl33.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-01-24 01:59:42 -------- d-----w C:\DOCUME~1\ALEXSC~1\APPLIC~1\uTorrent
2009-01-04 18:16:30 -------- d-----w C:\Program Files\HP
2009-01-04 17:01:22 -------- d-----w C:\Program Files\Palm
2009-01-04 16:57:11 -------- d-----w C:\Program Files\Hewlett-Packard
2008-12-18 02:24:51 -------- d-----w C:\Program Files\iTunes
2008-12-18 02:23:47 -------- d-----w C:\Program Files\iPod
2008-12-18 02:23:41 -------- d-----w C:\Program Files\Common Files\Apple
2008-12-18 02:20:22 -------- d-----w C:\Program Files\Bonjour
2008-12-18 02:18:59 -------- d-----w C:\Program Files\QuickTime
2008-12-18 02:13:51 -------- d-----w C:\Program Files\Apple Software Update
2008-12-08 12:50:17 -------- d-----w C:\Program Files\Diablo II
2008-12-08 02:09:27 261 ----a-w C:\WINDOWS\system32\PavCPL.dat
2008-12-08 02:05:59 -------- d-----w C:\Program Files\Panda Security
2008-12-08 02:05:59 -------- d-----w C:\DOCUME~1\ALEXSC~1\APPLIC~1\Panda Security
2008-12-08 01:52:04 -------- d-----w C:\Program Files\Common Files\Panda Security
2008-12-08 01:26:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2008-12-05 13:04:15 -------- d-----w C:\DOCUME~1\ALEXSC~1\APPLIC~1\Move Networks
1989-12-12 15:10:10 1,126,352 --sh--r C:\WINDOWS\oomoekeA.exe
2008-02-19 04:05:17 29,646 --sh--w C:\WINDOWS\system32\zbkbltcm.dllbox


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0347C33E-8762-4905-BF09-768834316C61}=C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-03-27 23:51]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-26 23:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 01:11]
{ec612cba-c9e4-4197-9100-69485f1df801}=C:\WINDOWS\System32\jixeeghu.dll []
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}=C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 23:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"Device Detector"="C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 15:51]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 11:23]
"InCD"="//~c:\program files\nero\nero 7\incd\incd.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 17:54]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.exe" [2008-12-03 02:54]
"SCANINICIO"="C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe" [2008-07-07 14:43]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 14:16]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-11-04 10:30]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-11-20 13:20]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 21:27]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 09:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="//~c:\program files\spybot - search & destroy\teatimer.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-10-09 06:44]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Internet Explorer\profsyzyzoz.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL" [2006-10-26 23:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjheee]
ljjheee.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkjif]
opnkjif.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqr]
C:\WINDOWS\System32\sstqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\wbsrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\\WINDOWS\\System32\\vtutt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PskSvcRetail]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Alerter"=3 (0x3)
"TrkWks"=2 (0x2)
"MSDTC"=3 (0x3)
"ClipSrv"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda Gwmsrv
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


Contents of the 'Scheduled Tasks' folder
2009-01-21 06:02:00 C:\WINDOWS\tasks\Basic clean-up.job
2009-01-21 06:00:00 C:\WINDOWS\tasks\Windows Update.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 22:18:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2009-01-23 22:21:11
C:\ComboFix-quarantined-files.txt ... 2009-01-23 22:21
C:\ComboFix2.txt ... 2009-01-22 21:00
C:\ComboFix3.txt ... 2008-10-16 22:11

--- E O F ---

Here's my current HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:12 PM, on 01/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alex Schwartz\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: 0 - {22C5EC2A-A989-4814-93A3-5ED4F4B899EE} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {108fd1f5-8496-0019-7914-4e9cabc216ce} - {ec612cba-c9e4-4197-9100-69485f1df801} - C:\WINDOWS\System32\jixeeghu.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] //~c:\program files\nero\nero 7\incd\incd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] //~c:\program files\spybot - search & destroy\teatimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1228865990125
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ljjheee - ljjheee.dll (file missing)
O20 - Winlogon Notify: opnkjif - opnkjif.dll (file missing)
O20 - Winlogon Notify: sstqr - C:\WINDOWS\System32\sstqr.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\profsyzyzoz.html

--
End of file - 10746 bytes

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:10 PM

Posted 24 January 2009 - 03:41 PM

Hello AceAlmighty13,

I don't know where you got that ComboFix version dating 2007-06-18,
but if you want the command switches to work, and the malware removed accordingly,
you will have to download and use the most recent version of ComboFix to drag CFScript in. :thumbsup:

Can you repeat this procedure with the rewritten, updated ComboFix version please ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 AceAlmighty13

AceAlmighty13
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 24 January 2009 - 06:05 PM

Oops! Here's an updated log....

ComboFix 09-01-21.04 - Alex Schwartz 2009-01-24 16:22:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.976 [GMT -6:00]
Running from: c:\documents and settings\Alex Schwartz\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alex Schwartz\Desktop\CFScript.txt
AV: Panda Global Protection 2009 *On-access scanning disabled* (Updated)
FW: COMODO Firewall Pro *disabled*
FW: Panda Personal Firewall 2009 *disabled*
* Created a new restore point

FILE ::
c:\program files\Internet Explorer\profsyzyzoz.html
c:\windows\hpoins33.dat
c:\windows\hpomdl33.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
c:\documents and settings\Alex Schwartz\err.log
c:\documents and settings\All Users\Application Data\salesmonitor
c:\program files\svhost
c:\program files\Temporary
c:\temp\0c2
c:\temp\0c2\tmpFF.log
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\brr
c:\temp\brr\tmpZTF.log
c:\temp\fse
c:\temp\fse\tmpZTF.log
c:\temp\iee
c:\temp\iee\tmpZTF.log
c:\windows\hpoins33.dat
c:\windows\hpomdl33.dat
c:\windows\oomoekeA.exe
c:\windows\system32\180ax.exe
c:\windows\system32\armurpea.ini
c:\windows\system32\b02FdUe
c:\windows\system32\bumphmnd.ini
c:\windows\system32\Cache
c:\windows\system32\configs
c:\windows\system32\cstivyvn.ini
c:\windows\system32\cvpujxhj.ini
c:\windows\system32\dpglqkdn.ini
c:\windows\system32\drivers\4_stars.gif
c:\windows\system32\drivers\5_stars.gif
c:\windows\system32\drivers\alert_icon.gif
c:\windows\system32\drivers\buy_btn.gif
c:\windows\system32\drivers\close_icon.gif
c:\windows\system32\drivers\detect.htm
c:\windows\system32\drivers\download_btn.gif
c:\windows\system32\drivers\features.gif
c:\windows\system32\drivers\header_bg.gif
c:\windows\system32\drivers\icon_warning.gif
c:\windows\system32\drivers\logo_bg.gif
c:\windows\system32\drivers\perfect_cleaner_box.jpg
c:\windows\system32\drivers\perfect_cleaner_box_small.jpg
c:\windows\system32\drivers\perfect_cleaner_header.gif
c:\windows\system32\drivers\perfect_cleaner_header_small.gif
c:\windows\system32\drivers\protect.gif
c:\windows\system32\drivers\pt.htm
c:\windows\system32\drivers\remove_spyware_button.gif
c:\windows\system32\drivers\s_detect.htm
c:\windows\system32\drivers\secuity_center_logo.gif
c:\windows\system32\drivers\spy_away_box.jpg
c:\windows\system32\drivers\spy_away_box_small.jpg
c:\windows\system32\drivers\spy_away_header.gif
c:\windows\system32\drivers\spy_away_header_small.gif
c:\windows\system32\drivers\users_rating.gif
c:\windows\system32\drivers\v.gif
c:\windows\system32\drivers\x.gif
c:\windows\system32\dswhsfnm.ini
c:\windows\system32\elaryhlg.ini
c:\windows\system32\enxflbrh.ini
c:\windows\system32\f02WtR
c:\windows\system32\F2
c:\windows\system32\F3
c:\windows\system32\fcjvitbs.ini
c:\windows\system32\gtv_sd.bin
c:\windows\system32\H1
c:\windows\system32\H2
c:\windows\system32\H3
c:\windows\system32\H4
c:\windows\system32\H5
c:\windows\system32\hposwia_p01c.dll
c:\windows\system32\iaawdess.ini
c:\windows\system32\kebqirbt.ini
c:\windows\system32\lebastts.ini
c:\windows\system32\lfd32.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\mmygoivj.ini
c:\windows\system32\mvnmxewg.ini
c:\windows\system32\nGpxx01
c:\windows\system32\nlriwxvx.ini
c:\windows\system32\o02PrEz
c:\windows\system32\o05PrEz
c:\windows\system32\o09PrEz
c:\windows\system32\pac.txt
c:\windows\system32\ptanofud.ini
c:\windows\system32\qquvlkjw.ini
c:\windows\system32\ryahyffu.ini
c:\windows\system32\salm.exe
c:\windows\system32\shvkggos.ini
c:\windows\system32\slepeuwc.ini
c:\windows\system32\smsgsxxb.ini
c:\windows\system32\stfv.bin
c:\windows\system32\T11
c:\windows\system32\T5
c:\windows\system32\T9
c:\windows\system32\tajntrap.ini
c:\windows\system32\tgowuobr.ini
c:\windows\system32\thwrwvil.ini
c:\windows\system32\tjguiaxx.ini
c:\windows\system32\updatetc.exe
c:\windows\system32\vflgjbbm.ini
c:\windows\system32\vlphqxfl.ini
c:\windows\system32\w32apiw.dll
c:\windows\system32\wekjssmq.ini
c:\windows\system32\win
c:\windows\system32\X2
c:\windows\system32\X3
c:\windows\system32\X4
c:\windows\system32\X5
c:\windows\system32\X9
c:\windows\system32\ysfbaqvj.ini
c:\windows\system32\zbkbltcm.dllbox
c:\windows\uninst1014.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE
-------\Legacy_OULTRAF
-------\Legacy_TNIDRIVER
-------\Legacy_ZESOFT
-------\Service_oUltraf


((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.

2009-01-18 14:03 . 2009-01-24 15:23 <DIR> d-------- c:\documents and settings\Alex Schwartz\Application Data\HPAppData
2009-01-05 20:28 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-05 20:28 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-01-04 12:18 . 2009-01-04 12:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2009-01-04 12:02 . 2009-01-04 12:02 <DIR> d-------- c:\documents and settings\Alex Schwartz\Application Data\HP
2009-01-04 12:00 . 2008-04-15 22:05 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2009-01-04 11:59 . 2008-04-07 23:31 271,704 -ra------ c:\windows\system32\hpzids01.dll
2009-01-04 11:59 . 2008-04-15 22:05 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2009-01-04 11:58 . 2008-06-06 20:49 118,272 --a------ c:\windows\system32\hpz3l692.dll
2009-01-04 11:58 . 2008-04-15 22:05 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2009-01-04 11:57 . 2008-04-07 23:31 974,848 -ra------ c:\windows\system32\hpost_p01c.dll
2009-01-04 11:57 . 2008-04-15 22:05 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2009-01-04 11:57 . 2008-04-15 22:05 309,760 -ra------ c:\windows\system32\difxapi.dll
2009-01-04 11:57 . 2008-02-28 04:08 303,104 -ra------ c:\windows\system32\hposc_p01a.dll
2009-01-04 11:18 . 2009-01-04 11:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-01-04 11:18 . 2009-01-04 11:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-01-04 11:17 . 2009-01-04 11:17 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-01-04 11:16 . 2009-01-04 11:16 <DIR> d-------- c:\program files\Common Files\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 22:46 --------- d-----w c:\documents and settings\Alex Schwartz\Application Data\uTorrent
2009-01-24 22:38 1,132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-01-24 22:38 1,132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-01-12 04:26 251,688 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-01-12 04:26 251,688 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-01-04 18:16 --------- d-----w c:\program files\HP
2009-01-04 17:01 --------- d-----w c:\program files\Palm
2009-01-04 16:57 --------- d-----w c:\program files\Hewlett-Packard
2008-12-18 02:24 --------- d-----w c:\program files\iTunes
2008-12-18 02:24 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 02:23 --------- d-----w c:\program files\iPod
2008-12-18 02:23 --------- d-----w c:\program files\Common Files\Apple
2008-12-18 02:20 --------- d-----w c:\program files\Bonjour
2008-12-18 02:18 --------- d-----w c:\program files\QuickTime
2008-12-18 02:13 --------- d-----w c:\program files\Apple Software Update
2008-12-13 21:35 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-08 12:50 --------- d-----w c:\program files\Diablo II
2008-12-08 02:08 --------- d-----w c:\documents and settings\All Users\Application Data\Backup
2008-12-08 02:05 --------- d-----w c:\program files\Panda Security
2008-12-08 02:05 --------- d-----w c:\documents and settings\All Users\Application Data\Panda Security
2008-12-08 02:05 --------- d-----w c:\documents and settings\Alex Schwartz\Application Data\Panda Security
2008-12-08 01:52 --------- d-----w c:\program files\Common Files\Panda Security
2008-12-08 01:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-05 13:04 --------- d-----w c:\documents and settings\Alex Schwartz\Application Data\Move Networks
2008-01-08 23:33 57,195 ----a-w c:\documents and settings\Alex Schwartz\LUTZ.zip
2005-01-05 04:58 3,027 -c--a-w c:\program files\SpyKiller log4-1-0522584.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-09 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="c:\program files\Common Files\ACD Systems\EN\DevDetect.exe" [2004-09-02 221184]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-02-12 1620480]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-06-29 269104]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2009\Inicio.exe" [2008-07-07 50432]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

c:\documents and settings\Alex Schwartz\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-09-06 3581680]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\Internet Explorer\profsyzyzoz.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-06 20:16 176128 c:\progra~1\Stardock\OBJECT~2\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Alerter"=3 (0x3)
"TrkWks"=2 (0x2)
"MSDTC"=3 (0x3)
"ClipSrv"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2008-12-07 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-12-07 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-12-07 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-12-07 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-12-07 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-12-07 20:08:38 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-12-07 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-12-07 46720]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2008-12-07 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R4 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R4 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-12-07 179640]
R4 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2009\psksvc.exe [2008-12-07 28928]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-10 24652]
S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2006-09-28 36224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-01-21 c:\windows\Tasks\Basic clean-up.job
- c:\program files\Panda Security\Panda Global Protection 2009\PlaTasks.exe [2008-07-03 17:55]

2009-01-21 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2002-08-29 06:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{22C5EC2A-A989-4814-93A3-5ED4F4B899EE} - (no file)
BHO-{ec612cba-c9e4-4197-9100-69485f1df801} - c:\windows\System32\jixeeghu.dll
HKCU-Run-SpybotSD TeaTimer - files\spybot - search & destroy\teatimer.exe
HKLM-Run-InCD - files\nero\nero 7\incd\incd.exe
HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
mStart Page = about:blank
mSearch Bar =
uInternet Settings,ProxyServer = sas.r21.mchsi.com:8000
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Alex Schwartz\Application Data\Mozilla\Firefox\Profiles\w7wp5yvf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=slv5-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.democraticunderground.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Alex Schwartz\Application Data\Mozilla\Firefox\Profiles\w7wp5yvf.default\extensions\ubiquity@labs.mozilla.com\platform\WINNT_x86-msvc\components\ubiquity.dll
FF - plugin: c:\documents and settings\Alex Schwartz\Application Data\Mozilla\Firefox\Profiles\w7wp5yvf.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 16:46:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1336)
c:\windows\system32\avldr.dll
c:\progra~1\Stardock\OBJECT~2\WINDOW~1\wbsrv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Panda Security\Panda Global Protection 2009\TPSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Comodo\Firewall\cmdagent.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Panda Security\Panda Global Protection 2009\PsCtrlS.exe
c:\program files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe
c:\program files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Panda Security\Panda Global Protection 2009\PAVSRV51.EXE
c:\program files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
c:\program files\Panda Security\Panda Global Protection 2009\FIREWALL\PSHost.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\devldr32.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-24 16:55:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-24 22:55:43
ComboFix2.txt 2009-01-24 04:21:11

Pre-Run: 3,660,312,576 bytes free
Post-Run: 3,562,565,632 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noguiboot /NoExecute=OptIn

349 --- E O F --- 2008-04-29 03:41:54

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:38 PM, on 01/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Alex Schwartz\Desktop\anything.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1228865990125
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\profsyzyzoz.html

--
End of file - 10267 bytes

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:10 PM

Posted 24 January 2009 - 07:45 PM

Hello AceAlmighty13,

Looking much better now. :thumbsup:

I didn't receive any upload though. Was it blocked somehow ?
Another easy way to upload a sample file is :
Simply go to http://www.bleepingcomputer.com/submit-malware.php?channel=9
Then : 1. In the first window (Link to topic where this file was requested:) copy and paste this link :http://www.bleepingcomputer.com/forums/topic=194438
2. In the second window (Browse to the file you want to submit: ) browse to the C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip file
3. Click the Send file button :)
Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following, if still present :O24 - Desktop Component 0: (no name) - C:\Program Files\Internet Explorer\profsyzyzoz.html
Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then, you can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 11.
  • Click the Download button to the right of Java SE Runtime Environment (JRE) 6 Update 11 (first option).
  • Select your Platform (Windows version) and check the box that says: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement
  • Click "Continue" and the page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windowsi586-p.exe to install the newest version.
I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 AceAlmighty13

AceAlmighty13
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 01 February 2009 - 12:26 PM

I've also replaced both my network card and modem to see if that was the problem a few months ago and that wasn't it. I'm still having trouble with Firefox running properly. I have no idea what to do next.

#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:10 PM

Posted 02 February 2009 - 07:23 AM

Hello AceAlmighty13,

If reinstalling Firefox doesn't improve the situation,
than I'd suggest you perform a system files check :
Go to Start > Run and type (or copy/paste) : sfc /scannow and click OK/Enter.
Make sure you have your installation CD handy.

If things still are not to returning to normal,
then try installing Windows SP3 :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#11 AceAlmighty13

AceAlmighty13
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 02 February 2009 - 11:22 PM

I'm assuming you are talking about the Windows Installation CD. It's just gonna scan my files? Not delete or reformat anything. Going to school would hurt me at this point if something like reformatting or reinstalling Windows would occur.

#12 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:10 PM

Posted 03 February 2009 - 04:19 AM

Hello AceAlmighty13,

The command sfc /scannow will indeed start a scan of your system files,
and only if something is found to be damaged or corrupt, the original file will be placed back.

No formatting or reinstalling. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#13 AceAlmighty13

AceAlmighty13
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 11 February 2009 - 01:02 AM

I just realized the only Windows XP disc I have is the Recover XP disc that came with my PC. It came pre-installed on it. If it's the only thing I've got I'm assuming it's gonna have to do?

#14 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:10:10 PM

Posted 11 February 2009 - 04:21 AM

Hello AceAlmighty13,

If it contains a i386 folder with the system files,
I'd give it a try. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#15 AceAlmighty13

AceAlmighty13
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:10 PM

Posted 11 February 2009 - 05:08 PM

It does have the files I need on it. When I try scanning, after so long I get, "Files that are required for Windows to run properly must be copied to the DLL cache." When I press retry I get, "The CD you provided is the wrong CD. Please insert the Windows XP Home Edition CD-Rom into your CD-ROM drive." When I press More Information I get, "You have inserted the wrong CD. The CD-ROM drive in your system is not functioning". Both CD drives run properly and I have one XP disc and it's the one I mentioned above.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users