Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Setting desktop background


  • This topic is locked This topic is locked
1 reply to this topic

#1 NitaRae

NitaRae

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 09 April 2009 - 11:26 AM

I use to be able to right click on an image and set it as my desktop background. Now it will not let me it says unspecified error. All i can do is change the color. I ran the combofix and here is a copy of the log but it still does not work. Can you help me please!
ComboFix 09-04-04.01 - Anita 2009-04-09 11:59:15.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.1435 [GMT -4:00]
Running from: c:\users\Anita\Pictures\ComboFix.exe
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://www.spiralfrog.com
.
((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.

2009-04-09 11:56 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-06 10:34 . 2009-04-06 10:34 <DIR> d-------- c:\program files\RegCure
2009-04-06 10:34 . 2009-04-06 10:34 393 --a------ C:\RegCure.lnk
2009-04-06 10:19 . 2009-04-06 10:21 <DIR> d-------- c:\users\Billy\AppData\Roaming\LimeWire
2009-03-27 10:56 . 2009-03-27 10:56 554,880 --a------ c:\users\Public\MyWebTattoo.exe
2009-03-18 17:46 . 2009-03-18 17:46 1,195,512 --a------ c:\windows\System32\drivers\vsapint.sys
2009-03-18 17:46 . 2009-03-18 17:46 205,328 --a------ c:\windows\System32\drivers\tmxpflt.sys
2009-03-18 17:46 . 2009-03-18 17:46 150,032 --a------ c:\windows\System32\drivers\tmcomm.sys
2009-03-18 17:46 . 2009-03-18 17:46 80,400 --a------ c:\windows\System32\drivers\tmtdi.sys
2009-03-18 17:46 . 2009-03-18 17:46 50,192 --a------ c:\windows\System32\drivers\tmevtmgr.sys
2009-03-18 17:46 . 2009-03-18 17:46 50,192 --a------ c:\windows\System32\drivers\tmactmon.sys
2009-03-18 17:46 . 2009-03-18 17:46 36,368 --a------ c:\windows\System32\drivers\tmpreflt.sys
2009-03-13 19:07 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2009-03-13 19:07 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll
2009-03-13 19:07 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2009-03-13 19:07 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll
2009-03-13 19:07 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll
2009-03-13 19:07 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2009-03-13 19:07 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2009-03-11 07:16 . 2009-03-11 07:16 24,576 --a------ c:\windows\System32\msxml3a.dll
2009-03-11 07:16 . 2009-03-11 07:16 9,062 --a------ c:\windows\System32\small1.ico
2009-03-11 07:16 . 2009-03-11 07:16 9,062 --a------ c:\windows\System32\small.ico
2009-03-11 07:15 . 2009-03-11 07:17 <DIR> d-------- c:\program files\ATT Internet Tools
2009-03-10 18:54 . 2008-12-15 23:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-10 18:54 . 2009-02-08 23:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-10 18:54 . 2008-11-27 00:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-10 18:54 . 2008-12-16 01:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-10 18:54 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-10 18:54 . 2008-12-16 01:31 4,096 --a------ c:\windows\System32\dxmasf.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 15:56 --------- d-----w c:\program files\Crawler
2009-04-08 22:47 --------- d-----w c:\program files\Norton Security Scan
2009-04-06 02:01 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-31 16:03 262,144 ----a-w C:\ntuser.dat
2009-03-31 16:02 --------- d-----w c:\programdata\Yahoo! Companion
2009-03-31 15:48 --------- d-----w c:\users\Guest\AppData\Roaming\Yahoo!
2009-03-27 21:07 --------- d-----w c:\programdata\NOS
2009-03-27 21:07 --------- d-----w c:\program files\NOS
2009-03-27 20:15 --------- d-----w c:\program files\Gateway Games
2009-03-20 00:29 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-18 22:06 --------- d-----w c:\program files\Trend Micro
2009-03-18 22:03 --------- d-----w c:\programdata\Trend Micro
2009-03-18 21:54 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-11 07:06 --------- d-----w c:\program files\Windows Mail
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-06 20:56 --------- d-----w c:\programdata\Amazon
2009-03-06 20:55 --------- d-----w c:\program files\Amazon
2009-03-06 03:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-06 03:59 1,900,544 ----a-w c:\windows\System32\usbaaplrc.dll
2009-03-04 01:27 --------- d-----w c:\users\Billy\AppData\Roaming\Printer Info Cache
2009-03-04 01:27 --------- d-----w c:\users\Billy\AppData\Roaming\Image Zone Express
2009-02-27 20:26 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 12:29 --------- d-----w c:\program files\Free Offers from Freeze.com
2009-01-11 02:12 3,422 ----a-w c:\users\Anita\AppData\Roaming\wklnhst.dat
2008-07-21 23:13 174 --sha-w c:\program files\desktop.ini
2008-03-11 03:28 336 ----a-w c:\program files\temp995.bat
2008-03-01 17:18 774,144 ----a-w c:\program files\RngInterstitial.dll
2008-12-17 11:15 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-12-17 11:15 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-12-17 11:15 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-09-18 11:18 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008091820080919\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-E5DE-C733E397B632}]
2006-02-22 19:47 1698816 --a------ c:\progra~1\VMNTOO~1\VMNTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-E5DE-C733E397B632}"= "c:\progra~1\VMNTOO~1\VMNTOO~1.DLL" [2006-02-22 1698816]

[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-e5de-c733e397b632}]
[HKEY_CLASSES_ROOT\vmntoolbar648.VMNTOOLBAR648]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"CSmileys"="c:\progra~1\Crawler\Smileys\CSmileysIM.exe" [2009-01-27 332800]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SpiralFrog"="c:\users\Public\Music\Spiralfrog.exe" [2007-12-18 163128]
"ShowWnd"="c:\windows\ShowWnd.exe" [2005-01-27 36864]
"SBC_McciTrayApp"="c:\program files\AT&T\Self Support Tool\ATTTray.exe" [2007-06-06 986208]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2007-04-23 4435968]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"ModPS2"="c:\windows\ModPS2Key.exe" [2006-11-07 53248]
"CHotkey"="c:\windows\zHotkey.exe" [2006-11-07 547840]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-03-04 1603152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Skytel"="c:\windows\Skytel.exe" [2007-04-13 1822720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"CSmileys"="c:\progra~1\Crawler\Smileys\CSmileysIM.exe" [2009-01-27 332800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-02-02 246272]
"blspcloader"="c:\program files\ATT Internet Tools\blsloader.exe" [2009-03-11 107856]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-03-18 995528]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

c:\users\Anita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-06-20 46432]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-05-10 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{31EFDBAC-DC0A-41D7-983F-50E2AED98A3E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6B0440FA-2159-442E-991F-B80E99398431}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{F9395A17-71A5-4682-92A9-F78FE003397B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0D341419-81F3-4470-951A-BCCC938064A2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{5036AFAC-6DB0-4BAF-B0D0-F15B0F1142F3}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{54016466-7819-4807-8325-A127F6AB627B}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A5A14198-23CE-4890-B6C2-F496EF74B164}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{852184C2-9621-4F5E-92D3-90D520421E9B}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{04212BE9-DB83-42B2-B465-016A76D383C3}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{A6E04A91-95A6-4476-AE16-A1C6C00E2D3F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{89C107B2-C60F-4ACB-BD9F-B78694B505E6}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{42F4A222-D54B-4EDC-BBD9-EDEA825E1FE7}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{A8C82311-9845-4DA4-BA5A-B7DADA9B660C}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes
"{4DA47C87-9542-44EA-A13B-14A56672B7E5}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes
"TCP Query User{E26F4F6C-0D9A-4F80-B48F-C84484A06A54}c:\\users\\joseph\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\o8z45d8l\\freakycreaturesdownloader[1].exe"= UDP:c:\users\joseph\appdata\local\microsoft\windows\temporary internet files\content.ie5\o8z45d8l\freakycreaturesdownloader[1].exe:freakycreaturesdownloader[1].exe
"UDP Query User{623349CF-578F-4DB2-8986-640029D62FEC}c:\\users\\joseph\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\o8z45d8l\\freakycreaturesdownloader[1].exe"= TCP:c:\users\joseph\appdata\local\microsoft\windows\temporary internet files\content.ie5\o8z45d8l\freakycreaturesdownloader[1].exe:freakycreaturesdownloader[1].exe
"{056B5392-D5C0-420D-ACB1-975044BD9706}"= UDP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader
"{39D5050D-7AA1-4C94-A599-49D4E730CEC1}"= TCP:c:\program files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:Relic Downloader

R2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-03-06 317440]
R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [2009-03-18 50192]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [2009-03-18 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-03-18 677128]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2006-11-02 2589184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4918517f-bb23-11dc-8386-806e6f6e6963}]
\shell\AutoRun\command - E:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51f7901e-d3b9-11dd-ac63-001e9078749c}]
\shell\AutoRun\command - L:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51f79091-d3b9-11dd-ac63-001e9078749c}]
\shell\AutoRun\command - L:\start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-04-04 c:\windows\Tasks\EasyShare Registration Task.job
- c:\progra~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.20.2.sxt _RegistrationOffer@16 []

2009-04-09 c:\windows\Tasks\Norton Security Scan for Anita.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-11 20:20]

2009-04-06 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-11 20:20]

2009-04-09 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 13:58]

2009-04-06 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 13:58]

2009-04-09 c:\windows\Tasks\User_Feed_Synchronization-{650C1369-8341-469C-8AB5-84E59F6AA1B6}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

2009-04-09 c:\windows\Tasks\User_Feed_Synchronization-{6ADAD992-F68D-4657-AE9C-2D5372B575C4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

2009-04-09 c:\windows\Tasks\User_Feed_Synchronization-{9E303B23-C72D-4C46-8D71-421BE0A52236}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

2009-04-09 c:\windows\Tasks\User_Feed_Synchronization-{BC0C03A7-FE94-4AE4-8956-53FFB2EA5E8A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

2009-04-09 c:\windows\Tasks\User_Feed_Synchronization-{C6B88BEF-B6DF-402D-AC73-A82FB6A4E724}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]
.
- - - - ORPHANS REMOVED - - - -

BHO-{72987858-D87C-4C9D-9093-167396FA8DBB} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
IE: {{CDAFD956-97BE-443D-8EF7-F4F094EB5766} - c:\program files\Crawler\SSaver\CSSaver.exe
LSP: c:\windows\system32\wpclsp.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://games.bellsouth.net/Gh/DeliciousWeb/zylomplayer.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 12:07:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5712)
c:\program files\ATT Internet Tools\blshook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Crawler\Smileys\CSmileysIM.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-04-09 12:13:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-09 16:13:37

Pre-Run: 419,067,404,288 bytes free
Post-Run: 420,600,930,304 bytes free

274 --- E O F --- 2009-04-06 18:22:40

BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 09 April 2009 - 04:27 PM

Hello NitaRae welcome to Bleeping Computer,

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users