First day on site. I have been trying to sort out this laptop by removing the above malware but seem to have no joy. I used your Combi Fix and produced a log. I cant seem to get much that makes sense to me in terms of removal (not that bright)
I am not subject to pop up ups but takes my home page to http//quicknews.info and also wondering what other risks I am facing.Would apprciate any help on this.
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.646 [GMT 3:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup.\msconfig.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\system\svchost.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))
2007-08-13 19:55 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-13 09:01 185,406 --a------ C:\WINDOWS\system\YMworm.exe
2007-08-12 17:51 <DIR> d-------- C:\DOCUME~1\JOHNRE~1\WINDOWS
2007-08-12 15:37 <DIR> d-------- C:\Program Files\YouSendIt
2007-08-12 15:34 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-08-12 15:34 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-08-12 15:34 <DIR> d-------- C:\Program Files\Replay Converter
2007-08-12 15:08 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-08-12 15:07 <DIR> d-------- C:\Program Files\Replay AV 8
2007-08-12 14:48 <DIR> d-------- C:\DOCUME~1\JOHNRE~1\APPLIC~1\GetRightToGo
2007-08-07 19:53 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-05 15:29 10 --a------ C:\WINDOWS\system32\deposit.dll
2007-08-04 21:26 <DIR> d-------- C:\Program Files\ScanSoft
2007-08-04 21:26 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-08-04 21:04 <DIR> d-------- C:\DOCUME~1\JOHNRE~1\APPLIC~1\JustVoip
2007-08-04 19:33 <DIR> d-------- C:\Program Files\iTunes
2007-08-04 19:33 <DIR> d-------- C:\Program Files\iPod
2007-08-01 15:59 98,304 -ra------ C:\WINDOWS\system32\hpzjsn01.dll
2007-08-01 15:59 311,296 -ra------ C:\WINDOWS\system32\hptcpmui.dll
2007-08-01 15:59 28,672 -ra------ C:\WINDOWS\system32\hpzjfw01.dll
2007-08-01 15:58 266,240 -ra------ C:\WINDOWS\system32\hptcpmon.dll
2007-08-01 15:58 135,168 -ra------ C:\WINDOWS\system32\hptcpmib.dll
2007-08-01 15:46 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-07-20 19:30 <DIR> d-------- C:\Program Files\QuickTime
2007-07-19 20:33 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-13 20:03 --------- d-------- C:\DOCUME~1\JOHNRE~1\APPLIC~1\Skype
2007-08-13 19:33 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-12 18:35 --------- d-------- C:\Program Files\RegCure
2007-08-12 18:27 --------- d-------- C:\Program Files\XoftSpySE
2007-08-12 15:37 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-11 21:29 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-04 19:27 --------- d-------- C:\Program Files\Apple Software Update
2007-08-03 16:52 --------- d-------- C:\Program Files\Google
2007-08-01 16:02 --------- d-------- C:\Program Files\Hewlett-Packard
2007-07-09 16:27 --------- d-------- C:\Program Files\Common Files\Skype
2007-07-06 22:39 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-14 15:49 --------- d-------- C:\Program Files\FolderMatch
2007-06-14 01:18 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-06-14 01:18 249856 --------- C:\WINDOWS\Setup1.exe
2007-06-14 00:46 --------- d-------- C:\DOCUME~1\JOHNRE~1\APPLIC~1\Salty Brine
2007-06-13 21:37 --------- d-------- C:\Program Files\PCPitstop
2007-05-24 09:03 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-16 18:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 18:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 18:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 18:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 18:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 18:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-16 00:37 19186427 --------- C:\New Folder.exe
2007-05-14 15:57 241664 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2007-03-19 00:16 42936 --a------ C:\DOCUME~1\JOHNRE~1\APPLIC~1\GDIPFONTCACHEV1.DAT
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 04:22]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-26 08:04]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 11:46]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 12:34]
"LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 12:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 19:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 00:22]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 18:44]
"Task Manager"="C:\WINDOWS\system\svchost.exe" []
"Yahoo Messenger"="C:\WINDOWS\system\svchost32.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 10:17]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 18:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2005-10-05 02:14:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
R1 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R3 CAMCAUD;Conexant AMC Audio;C:\WINDOWS\system32\drivers\camc6aud.sys
R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camc6hal.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys
R3 usbvideo;USB Video Device (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys
S3 CSVirtA;Cisco Systems SSL VPN Adapter;C:\WINDOWS\system32\DRIVERS\CSVirtA.sys
S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS
*Newly Created Service* - COMHOST
Contents of the 'Scheduled Tasks' folder
2007-08-04 16:28:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-10 17:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - John Reid.job
2007-08-13 17:02:31 C:\WINDOWS\Tasks\RegCure Program Check.job
2007-08-09 00:00:00 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2007-08-13 17:02:31 C:\WINDOWS\Tasks\XoftSpySE 2.job - C:\Program Files\XoftSpySE\XoftSpy.exe
2007-08-11 00:00:00 C:\WINDOWS\Tasks\XoftSpySE.job - C:\Program Files\XoftSpySE\XoftSpy.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 20:02:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-13 20:05:57 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-13 20:05
Sign In
Create Account
