Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Started with HBE Trojan, but popups now occuring


  • This topic is locked This topic is locked
4 replies to this topic

#1 thejam

thejam

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 18 January 2009 - 02:43 PM

I actually menat BHO Trojan, I think it said BHO.HBE...

I cleaned the trojan with AVG Free in Safe Mode, but back in normal WIndows mode, I'm getting popups in Firefox. This all started when I opened Internet Explorer on the machine, and it hasn't been ran in forever according to the owner. Thinking that it must have set something already on the machine into motion.

Anyway, she's an OCD about her computer and it never has had any problems and I've been using it lately so I vouch for that, and this is the first time this has happened. I'd like to get it clean for her before she knows how bad it could be... :thumbup2:

POpups include deals to have my computer scanned for viruses and hornymatches.com and some gaming site where I can play free games. I aslo get a system message every once in awhile telling me to scan my computer by a rogue agent. Also, my system tray says that automatic updates are off, but when I check in Control panel it says they are on.




DDS (Ver_09-01-18.01) - NTFSx86
Run by Conner at 13:25:18.75 on Sun 01/18/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.76 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Documents and Settings\Conner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Conner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5da9d5e2-ad8f-48d1-b6ac-211fac035446} - c:\windows\system32\nnnnLeCV.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\yayvVMGy.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7d701f50-0507-4909-b124-713e74a09fd7}: {7df90a47-e317-421b-9094-705005f107d7} - c:\windows\system32\qkvgpm.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
uRun: [Google Update] "c:\documents and settings\conner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [GetModule34] "c:\program files\getmodule\GetModule34.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
mRun: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [7c6cbf44] rundll32.exe "c:\windows\system32\bvnjtbmk.dll",b
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: yayvVMGy - yayvVMGy.dll
AppInit_DLLs: avgrsstx.dll qkvgpm.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\yayvVMGy.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\nnnnLeCV

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\conner\applic~1\mozilla\firefox\profiles\h3blv2eg.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?auth=DQAAAHQAAACOphL1iaPclbU3MdLQarSR2mWPf5uJZ_YitO_gU1_enutDNrEuRcNbp5d_68GkSZ6ibQcaSQ8lqbgca5-mj2iavX20Od5Jwrge8jShU6cXFA8oy0nhUNLnriCgX0G2mRaihPaE9VVYuMhS6ylzXT3JaO3v-Y_QSi6Vq6O4osAL_w|http://home.myspace.com/index.cfm?fuseaction=user&MyToken=559d3429-812c-40e3-b2ad-d3c99c4be781|http://www.google.com/calendar/render?pli=1|http://www.google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\conner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\conner\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NpIpx32.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-2 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-1-28 26824]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-10 875288]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-10 231704]
R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-2 76040]
S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2008-7-30 1240576]
S3 I2obcd0p;I2obcd0p; [x]

=============== Created Last 30 ================

2009-01-17 22:22 1,403,021 ---sh--- c:\windows\system32\kmbtjnvb.ini
2009-01-17 22:22 72,704 a------- c:\windows\system32\bvnjtbmk.dll
2009-01-17 22:21 129,024 a------- c:\windows\system32\qkvgpm.dll
2009-01-17 22:21 129,024 a------- c:\windows\system32\vnfodtic.dll
2009-01-17 22:19 1,689,278 a--sh--- c:\windows\system32\VCeLnnnn.ini2
2009-01-17 22:19 1,690,055 a--sh--- c:\windows\system32\VCeLnnnn.ini
2009-01-17 22:19 302,592 a------- c:\windows\system32\nnnnLeCV.dll
2009-01-17 22:15 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-17 22:14 36,352 a------- c:\windows\system32\yayvVMGy.dll
2009-01-17 22:14 <DIR> --d----- c:\program files\GetModule
2009-01-17 22:14 <DIR> --d----- c:\program files\iCheck
2009-01-17 22:14 198,687 a------- c:\windows\system32\wpv371232248235.cpx

==================== Find3M ====================

2008-12-06 21:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-24 13:30 1,737 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_Presario V2000 (EH593AV#ABA)_YN_0Pres_QCNF6030CNS_E381913002_46_I308F_SQuanta_V46.13_BF.21_T051222_WXH3_L409_M503_J60_7Intel_8Celeron M_91.4_#050808_N10EC8139_(EH593AV#ABA)_XMOBILE_CN10_Z8086266D.MRK
2008-11-24 13:20 79,167 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 13:27:30.00 ===============

Attached Files


Edited by thejam, 18 January 2009 - 03:00 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:25 AM

Posted 19 January 2009 - 03:48 AM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 thejam

thejam
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:25 AM

Posted 19 January 2009 - 06:22 PM

THANKS!

Here is the Combo Fix log

ComboFix 09-01-18.03 - Conner 2009-01-19 7:59:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.202 [GMT -6:00]
Running from: c:\documents and settings\Conner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Conner\LOCALS~1\Temp\tmp2.tmp
c:\program files\GetModule
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\windows\system32\bvnjtbmk.dll
c:\windows\system32\gqaysgob.dll
c:\windows\system32\hbqgangx.dll
c:\windows\system32\kmbtjnvb.ini
c:\windows\system32\nnnnLeCV.dll
c:\windows\system32\qkvgpm.dll
c:\windows\system32\ujtfzq.dll
c:\windows\system32\VCeLnnnn.ini
c:\windows\system32\VCeLnnnn.ini2
c:\windows\system32\vnfodtic.dll
c:\windows\system32\wpv371232248235.cpx
c:\windows\system32\xgnagqbh.ini
c:\windows\system32\yayvVMGy.dll
c:\windows\Tasks\qtaohity.job

.
((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-17 22:15 . 2009-01-18 12:02 <DIR> d--h----- C:\$AVG8.VAULT$

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 13:55 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-15 04:22 --------- d-----w c:\documents and settings\Conner\Application Data\Skype
2009-01-15 04:04 --------- d-----w c:\documents and settings\Conner\Application Data\skypePM
2009-01-12 15:44 --------- d-----w c:\program files\Soulseek
2009-01-05 05:50 --------- d-----w c:\documents and settings\Conner\Application Data\Apple Computer
2008-12-07 03:42 --------- d-----w c:\program files\Java
2008-11-25 03:41 --------- d-----w c:\program files\TagScanner
2008-11-25 00:52 --------- d-----w c:\program files\iTunes
2008-11-25 00:52 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 00:51 --------- d-----w c:\program files\QuickTime
2008-11-25 00:51 --------- d-----w c:\program files\iPod
2008-11-25 00:51 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 00:51 --------- d-----w c:\program files\Bonjour
2008-11-25 00:50 --------- d-----w c:\program files\Apple Software Update
2008-11-24 19:30 1,737 --sha-r c:\windows\system32\drivers\103C_HP_NTBK_Presario V2000 (EH593AV#ABA)_YN_0Pres_QCNF6030CNS_E381913002_46_I308F_SQuanta_V46.13_BF.21_T051222_WXH3_L409_M503_J60_7Intel_8Celeron M_91.4_#050808_N10EC8139_(EH593AV#ABA)_XMOBILE_CN10_Z8086266D.MRK
2008-11-24 19:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 19:28 --------- d-----w c:\program files\Common Files\muvee Technologies
2008-11-24 19:19 --------- d-----w c:\program files\HPQ
2008-11-24 19:18 --------- d-----w c:\program files\InterVideo
2008-11-24 18:51 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-24 18:48 --------- d-----w c:\program files\CONEXANT
2000-06-05 23:47 32,768 ----a-w c:\program files\mozilla firefox\plugins\AppSub32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2008-04-23 1189104]
"Google Update"="c:\documents and settings\Conner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-25 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-22 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-31 86106]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-06 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-28 1261336]
"PhiBtn"="c:\windows\System32\drivers\PhiBtn.exe" [2005-08-25 155648]
"Traymin900"="c:\windows\System32\drivers\Tray900.exe" [2005-08-25 266240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-03 113664]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Conner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Conner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-02 97928]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-10 875288]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-10 231704]
R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-02 76040]
S3 camvid40;Philips SPC 900NC PC Camera;c:\windows\system32\drivers\camdrv41.sys [2008-07-30 1240576]
S3 I2obcd0p;I2obcd0p; [x]
.
Contents of the 'Scheduled Tasks' folder

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2216465038-1649518112-3209956371-1006.job
- c:\documents and settings\Conner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-25 22:38]
.
- - - - ORPHANS REMOVED - - - -

BHO-{36782a19-75f1-469d-bc73-28db7b5e0d52} - c:\windows\system32\ujtfzq.dll
BHO-{5DA9D5E2-AD8F-48D1-B6AC-211FAC035446} - c:\windows\system32\nnnnLeCV.dll
HKCU-Run-GetModule34 - c:\program files\GetModule\GetModule34.exe
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Conner\Application Data\Mozilla\Firefox\Profiles\h3blv2eg.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?auth=DQAAAHQAAACOphL1iaPclbU3MdLQarSR2mWPf5uJZ_YitO_gU1_enutDNrEuRcNbp5d_68GkSZ6ibQcaSQ8lqbgca5-mj2iavX20Od5Jwrge8jShU6cXFA8oy0nhUNLnriCgX0G2mRaihPaE9VVYuMhS6ylzXT3JaO3v-Y_QSi6Vq6O4osAL_w|http://home.myspace.com/index.cfm?fuseaction=user&MyToken=559d3429-812c-40e3-b2ad-d3c99c4be781|http://www.google.com/calendar/render?pli=1|http://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Conner\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Conner\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpIpx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 17:15:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe???????????????|?????? ?,?B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-19 17:18:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-19 23:18:03

Pre-Run: 43,565,367,296 bytes free
Post-Run: 43,630,034,944 bytes free

167 --- E O F --- 2008-09-08 02:10:55

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:25 AM

Posted 20 January 2009 - 02:06 AM

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:25 AM

Posted 26 January 2009 - 06:43 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users