Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected? What do I do? Combofix


  • This topic is locked This topic is locked
1 reply to this topic

#1 keyese

keyese

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 18 June 2009 - 05:23 PM

Hi
my problems began when my computer would not hibernate, had no problems up to this point, I have a hpdv5 1134tx, was running great. I am also running trend micro security and it had SKYNET viruses in quarentine that I could not delete so I follwed their links on how to delete undeletable files and it made my problems worse. Every single process incurred a windows32\SKYNET.dll or .dat or .sys error but my computer and all programmes ran fine after I clicked the ok button. Clicking 300 ok buttons just to open up word is a little annoying however so I did some searching and came accross these forums and downloaded and ran combofix. I now have an output log and I dont know what to do now, dont want to touch my computer till I know its safe to do so although when copying log file onto usb so I could write this on another computer it does seem to be running perfect, no errors and looks good as new, but advice would be nice, so here is the log, any help would be great!!

ComboFix 09-06-18.02 - Elliot 19/06/2009 9:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.64.1033.18.3068.2268 [GMT 12:00]
Running from: c:\users\Elliot\Downloads\ComboFix.exe
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-201843298-3892108728-1949374503-500
c:\$recycle.bin\S-1-5-21-2514215731-3387847874-1875972153-500
c:\windows\sinnm21281.exe
c:\windows\system32\9fbKnM3X9WHDJ.vbs
c:\windows\system32\hkofiI9R8r9iE.vbs
c:\windows\system32\J5HTQ.vbs
c:\windows\system32\PTaDDApXbuRrZtG.vbs
c:\windows\system32\QBLN9FIOi86ebnB.vbs
c:\windows\system32\ySq5P.vbs
c:\$recycle.bin\S-1-5-21-201843298-3892108728-1949374503-500\desktop.ini
c:\$recycle.bin\S-1-5-21-2514215731-3387847874-1875972153-500\desktop.ini
c:\users\Elliot\AppData\Roaming\02000000f5b87a01609C.manifest
c:\users\Elliot\AppData\Roaming\02000000f5b87a01609O.manifest
c:\users\Elliot\AppData\Roaming\02000000f5b87a01609P.manifest
c:\users\Elliot\AppData\Roaming\02000000f5b87a01609S.manifest
c:\users\Keyes\AppData\Roaming\02000000f5b87a01609C.manifest
c:\users\Keyes\AppData\Roaming\02000000f5b87a01609O.manifest
c:\users\Keyes\AppData\Roaming\02000000f5b87a01609P.manifest
c:\users\Keyes\AppData\Roaming\02000000f5b87a01609S.manifest
c:\windows\system32\cryptdlg32.dll
c:\windows\system32\drivers\SKYNETqxwhrgdi.sys
c:\windows\system32\SKYNETewbdahpu.dll
c:\windows\system32\SKYNETiprwimcs.dat
c:\windows\system32\SKYNETngvdpjbg.dll
c:\windows\system32\SKYNETqemxgjbs.dat
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETcomwminc


((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.

2009-06-18 19:06 . 2009-06-18 19:06 -------- d-----w- c:\users\Keyes\AppData\Local\Trend Micro
2009-06-18 11:55 . 2009-06-18 11:55 -------- d-----w- c:\users\Elliot\DoctorWeb
2009-06-18 11:08 . 2009-06-18 11:10 10752 ----a-w- c:\windows\DCEBoot.exe
2009-06-16 01:52 . 2009-06-16 01:52 -------- d-----w- c:\programdata\Trymedia
2009-06-16 01:52 . 2009-06-16 09:32 -------- d-----w- c:\programdata\NeoEdge Networks
2009-06-16 01:52 . 2009-06-16 09:32 -------- d-----w- c:\program files\MostFun
2009-06-13 09:34 . 2009-06-13 09:34 -------- d-----w- c:\users\Elliot\AppData\Local\Microsoft Games
2009-06-11 09:09 . 2009-06-11 09:09 -------- d-----w- c:\users\Elliot\AppData\Local\Mozilla
2009-06-10 08:58 . 2009-06-10 08:59 -------- d-----w- c:\windows\system32\ca-ES
2009-06-10 08:58 . 2009-06-10 08:59 -------- d-----w- c:\windows\system32\eu-ES
2009-06-10 08:58 . 2009-06-10 08:59 -------- d-----w- c:\windows\system32\vi-VN
2009-06-10 07:53 . 2009-06-10 07:53 -------- d-----w- c:\windows\system32\EventProviders
2009-06-10 07:51 . 2009-04-11 06:28 327168 ----a-w- c:\windows\system32\P2PGraph.dll
2009-06-10 07:50 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-06-10 00:11 . 2009-06-10 00:11 -------- d-----w- c:\program files\iPod
2009-06-10 00:11 . 2009-06-10 00:12 -------- d-----w- c:\program files\iTunes
2009-06-10 00:10 . 2009-06-10 00:10 -------- d-----w- c:\program files\QuickTime
2009-06-10 00:01 . 2009-06-10 00:01 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-09 23:13 . 2009-04-21 11:39 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-09 23:13 . 2009-04-23 12:14 623616 ----a-w- c:\windows\system32\localspl.dll
2009-06-09 23:13 . 2009-04-23 12:15 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-06 00:07 . 2009-06-06 00:07 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-06 00:05 . 2009-06-06 00:05 -------- d-----w- c:\program files\LSI SoftModem
2009-06-04 23:42 . 2009-06-04 23:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-04 23:42 . 2009-06-04 23:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-30 03:56 . 2009-05-30 03:56 -------- d-----w- c:\program files\LimeWire
2009-05-30 02:58 . 2009-06-18 21:13 77824 ----a-w- c:\windows\system32\kdfapi.dll
2009-05-30 02:58 . 2009-06-18 21:13 53248 ----a-w- c:\windows\system32\Kdfhok.dll
2009-05-30 02:58 . 2009-06-18 21:13 192512 ----a-w- c:\windows\system32\kdfvmgr.exe
2009-05-28 07:52 . 2009-05-28 07:52 -------- d-----w- c:\users\Elliot\AppData\Roaming\RLM Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 21:53 . 2008-09-27 08:42 56862 ----a-w- c:\programdata\nvModes.dat
2009-06-18 21:31 . 2008-12-07 01:27 -------- d-----w- c:\users\Elliot\AppData\Roaming\Skype
2009-06-18 21:10 . 2008-12-14 23:16 -------- d-----w- c:\users\Elliot\AppData\Roaming\skypePM
2009-06-18 19:06 . 2008-09-27 08:49 -------- d-----w- c:\programdata\NVIDIA
2009-06-18 19:05 . 2009-06-18 19:05 104168 ----a-w- c:\users\Keyes\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-17 20:20 . 2008-07-01 06:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 20:20 . 2008-07-01 06:51 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-17 20:18 . 2008-12-07 00:06 -------- d-----w- c:\users\Elliot\AppData\Roaming\Hewlett-Packard
2009-06-17 20:14 . 2008-07-01 07:31 -------- d-----w- c:\programdata\Hewlett-Packard
2009-06-17 19:41 . 2008-12-15 09:42 -------- d-----w- c:\users\Elliot\AppData\Roaming\DNA
2009-06-17 19:25 . 2008-07-01 07:31 -------- d-----w- c:\program files\HP Games
2009-06-17 19:24 . 2008-07-01 07:31 -------- d-----w- c:\programdata\WildTangent
2009-06-16 00:03 . 2008-12-18 23:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-15 23:34 . 2008-12-15 09:42 -------- d-----w- c:\users\Elliot\AppData\Roaming\BitTorrent
2009-06-15 23:13 . 2009-05-15 06:51 -------- d-----w- c:\users\Elliot\AppData\Roaming\LimeWire
2009-06-10 08:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-10 08:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-10 08:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-10 08:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-10 08:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-10 08:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-10 08:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-10 08:58 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-10 00:11 . 2008-12-07 02:25 -------- d-----w- c:\program files\Common Files\Apple
2009-06-10 00:01 . 2008-12-13 10:16 -------- d-----w- c:\program files\DivX
2009-06-10 00:00 . 2009-04-08 21:47 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-09 23:40 . 2008-07-01 07:57 -------- d-----w- c:\programdata\Microsoft Help
2009-06-06 00:49 . 2008-12-07 00:10 104168 ----a-w- c:\users\Elliot\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-06 00:06 . 2009-03-26 08:09 -------- d-----w- c:\program files\Microsoft
2009-06-06 00:03 . 2008-12-09 14:25 -------- d-----w- c:\program files\Microsoft Works
2009-06-02 21:05 . 2009-03-19 09:10 -------- d-----w- c:\users\Elliot\AppData\Roaming\CyberLink
2009-05-05 10:24 . 2009-04-29 04:43 -------- d-----w- c:\program files\PokerStars
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-24 22:37 . 2009-04-24 22:36 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-21 08:15 . 2009-04-21 08:15 -------- d-----w- c:\program files\Veoh Networks
2009-04-11 06:33 . 2009-06-10 07:51 986600 ----a-w- c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-06-10 07:51 926184 ----a-w- c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-06-10 07:51 292840 ----a-w- c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-06-10 07:51 897000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-06-10 07:51 614376 ----a-w- c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-06-10 07:51 56320 ----a-w- c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-06-10 07:52 441344 ----a-w- c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-06-10 07:50 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-06-10 07:50 37376 ----a-w- c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-06-10 07:50 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-06-10 07:52 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-06-10 07:52 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-06-10 07:50 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-06-10 07:50 2048 ----a-w- c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-06-10 07:50 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-06-10 07:50 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-06-10 07:50 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-06-10 07:50 121344 ----a-w- c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-06-10 07:50 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-06-10 07:50 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-06-10 07:50 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-06-10 07:50 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-06-10 07:50 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-06-10 07:50 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-06-10 07:51 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-06-10 07:51 401408 ----a-w- c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-06-10 07:50 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-06-10 07:50 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-06-10 07:50 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-06-10 07:51 196096 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:43 . 2009-06-10 07:50 62208 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-04-11 04:42 . 2009-06-10 07:51 226304 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-06-10 07:50 25856 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-06-10 07:50 25856 ----a-w- c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-06-10 07:51 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-06-10 07:50 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-06-10 07:50 39424 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-06-10 07:50 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-06-10 07:52 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-06-10 07:50 16384 ----a-w- c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-06-10 07:50 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-06-10 07:50 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-06-10 07:51 149504 ----a-w- c:\windows\system32\drivers\ks.sys
2009-04-11 04:38 . 2009-06-10 07:50 17408 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-04-11 04:27 . 2009-06-10 07:50 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-04-11 04:23 . 2009-06-10 07:51 626176 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-06-10 07:50 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-06-10 07:50 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-06-10 07:50 33280 ----a-w- c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:15 . 2009-06-10 07:51 288768 ----a-w- c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-06-10 07:51 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-06-10 07:51 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-06-10 07:51 114688 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-06-10 07:51 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-06-10 07:51 225280 ----a-w- c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-06-10 07:51 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-06-10 07:51 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-06-10 07:50 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-06-10 07:50 35328 ----a-w- c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-06-10 07:50 226816 ----a-w- c:\windows\system32\drivers\udfs.sys
2008-07-01 05:37 . 2008-07-01 05:37 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 00:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w- c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-08-14 497008]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-07 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-04-03 3558648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-08 75008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-08-14 497008]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):25,7b,fb,83,aa,e9,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6FCD7EB9-4221-4B3B-A4DB-411C0E374DAD}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{143975B8-1DD9-4BBA-8F2B-0924D7060964}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{C8754C6D-7B7A-4C23-BD51-E587F11CD71D}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{669F231A-08CE-495C-BEEF-9E717AFBD347}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{85CFCB04-C5C9-4A04-B244-8489D2CBBA98}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{9F4B457A-1F4E-49BA-953A-C4EE507D9A0C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{935B6CD6-C4BD-4D0C-80FD-879A2EB93494}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{10AEFA67-9787-4413-BF5C-A8E52D86FEFD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{859DC910-F06A-4D87-824E-DDA4F2E002B4}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{3941DB2E-8BF3-41AE-A664-3AEA24CBAC46}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{D08BFDD1-E391-4CD1-8B81-F24E259D7B62}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7D54AC90-9D06-4F3A-BEA0-75C57CD8AE1B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{681AAEA6-B878-4577-813C-3D4BA535DFAE}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1FCA7351-0F34-40C5-8473-F2E8997829D6}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{F3757F67-694F-46EC-A2C6-B2E16CDA7798}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{A5E63BE3-7BA5-4E32-84E7-FC2CD036EA47}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{4C5612C7-C183-4A50-9442-BA8362D447A7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{73C42DD5-121B-46D3-B9F9-3A189D3F7E07}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{E7F6F8D1-E5C7-4AAB-81EF-F389B5E251B3}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{3B5D3FB0-6DE4-41A3-9909-61F2A966543D}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [15/08/2008 10:23 a.m. 145424]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe [27/06/2008 8:53 p.m. 77824]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19/03/2008 11:24 a.m. 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [1/07/2008 8:59 p.m. 341328]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [7/12/2008 12:34 p.m. 181584]
R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [15/08/2008 10:23 a.m. 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [7/12/2008 12:31 p.m. 497008]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [21/03/2009 6:19 a.m. 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [7/12/2008 12:31 p.m. 677128]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [15/08/2008 10:23 a.m. 256528]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [25/01/2008 1:23 a.m. 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [1/04/2008 11:14 p.m. 81296]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 3:40 p.m. 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [23/05/2008 3:29 p.m. 43552]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [1/07/2008 7:19 p.m. 193840]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-06-18 c:\windows\Tasks\User_Feed_Synchronization-{F6BDFC17-5B9F-41B9-821A-F5B88D440C53}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.xtra.co.nz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=83&bd=Pavilion&pf=cnnb
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-NZ\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Elliot\AppData\Roaming\Mozilla\Firefox\Profiles\mpefqhre.default\
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\Elliot\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 10:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-18 10:04
ComboFix-quarantined-files.txt 2009-06-18 22:04

Pre-Run: 239,177,973,760 bytes free
Post-Run: 239,183,417,344 bytes free

334 --- E O F --- 2009-06-18 18:58

BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 18 June 2009 - 05:30 PM

Hello keyese,

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users