Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan horse Generic.QJZ Sort me out! Logs included.

Started by Profusion , Mar 04 2008 05:16 PM

  • Please log in to reply

#1
Profusion
Posted 04 March 2008 - 05:16 PM

Profusion

    New Member

  • Member
  • Pip
  • 3 posts
I tried deleting the file folder that holds the Searchbar info and then tried undll to rip it out, but it keeps coming back!!
Plse help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:27:07 PM, on 03/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\ALCXMNTR.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6781 bytes




ComboFix 08-03-03.6 - HP_Owner 2008-03-03 19:28:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.608 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 )))))))))))))))))))))))))))))))
.

2008-03-03 19:18 . 2008-03-03 19:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-02 11:42 . 2008-03-03 19:27 <DIR> d-------- C:\Program Files\SearchBar
2008-02-29 17:28 . 2008-02-29 17:28 <DIR> d-------- C:\WINDOWS\Sun
2008-02-29 13:46 . 2008-02-29 13:46 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\HPQ
2008-02-28 19:28 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-02-28 19:28 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\dllcache\61883.sys
2008-02-28 19:28 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2008-02-28 19:28 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\dllcache\avc.sys
2008-02-26 21:06 . 2008-02-26 21:06 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-26 18:56 . 2008-02-26 20:48 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Azureus
2008-02-26 18:56 . 2008-02-26 18:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2008-02-26 18:55 . 2008-02-26 20:50 <DIR> d-------- C:\Program Files\Azureus
2008-02-25 17:21 . 2008-02-25 17:21 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\InterVideo
2008-02-25 17:12 . 2008-02-25 17:12 <DIR> d-------- C:\temp
2008-02-25 17:11 . 2008-02-25 17:11 214 --a------ C:\WINDOWS\HP_InstantSHareJPG.ini
2008-02-25 17:08 . 2008-02-25 17:08 217 --a------ C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
2008-02-25 16:22 . 2008-02-25 16:22 221 --a------ C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2008-02-24 20:45 . 2008-02-24 20:45 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-02-24 18:36 . 2008-02-24 18:36 <DIR> d-------- C:\Program Files\Synthetic Aperture
2008-02-24 18:32 . 2004-11-15 20:45 105,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-02-24 18:32 . 2004-11-15 20:45 103,936 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-02-24 18:20 . 2008-02-24 18:20 <DIR> d-------- C:\Program Files\The Foundry
2008-02-24 18:19 . 1999-12-17 09:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-02-24 18:13 . 2008-02-24 18:13 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Grisoft
2008-02-24 18:11 . 2008-02-24 18:11 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-24 18:11 . 2008-02-24 18:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2008-02-24 18:01 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-24 17:58 . 2008-02-24 17:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-24 17:58 . 2008-03-03 19:25 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AVG7
2008-02-24 17:58 . 2008-02-24 17:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2008-02-24 17:58 . 2008-02-25 16:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
2008-02-24 17:46 . 2008-03-03 19:23 182 --a------ C:\WINDOWS\system\hpsysdrv.DAT
2008-02-24 17:44 . 2008-02-24 17:44 <DIR> d-------- C:\WINDOWS\Motorola
2008-02-24 17:44 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-02-24 17:44 . 2004-08-04 02:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-24 17:44 . 2004-08-04 01:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-24 17:36 . 2008-02-24 16:06 <DIR> d-------- C:\WINDOWS\I386
2008-02-24 17:29 . 2008-02-24 17:35 <DIR> dr-h----- C:\MSOCache
2008-02-24 17:12 . 2008-02-24 17:12 <DIR> d--hs---- C:\Documents and Settings\HP_Owner\UserData
2008-02-24 17:09 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-24 17:06 . 2008-02-24 17:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-24 16:13 . 2001-08-23 16:12 13,107,200 --a------ C:\WINDOWS\system32\oembios.bin
2008-02-24 16:08 . 2004-08-04 05:00 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2008-02-24 16:06 . 2005-09-09 20:53 2,067,968 --a------ C:\WINDOWS\system32\dllcache\cdosys.dll
2008-02-24 15:55 . 2008-02-24 15:55 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\HP
2008-02-24 15:53 . 2008-02-24 15:53 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-24 15:50 . 2004-08-04 05:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-24 15:50 . 2004-10-25 17:17 90,112 --a------ C:\WINDOWS\system32\ps2.EXE
2008-02-24 15:50 . 2008-02-24 15:50 1,802 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_ED905AA-ABA a1222n_YC_0Pavi_QMXF546_E54NAheBLU3_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.10_T051014_WXH2_L409_M1023_J250_7AMD_8Athlon 64_92.19_#080224_N10EC8139_Z10573052_G.MRK
2008-02-24 15:49 . 2005-10-07 07:07 <DIR> d-------- C:\Documents and Settings\HP_Owner\WINDOWS
2008-02-24 15:49 . 2005-10-07 07:25 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-02-24 15:49 . 2005-10-07 07:11 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2008-02-24 15:49 . 2005-10-07 07:10 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Intuit
2008-02-24 15:49 . 2005-10-07 07:06 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2008-02-24 15:48 . 2005-10-07 07:07 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-02-24 15:47 . 2005-10-07 07:07 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 21:16 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
2008-02-25 00:06 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2008-02-24 23:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-24 23:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-24 23:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-24 22:09 --------- d-----w C:\Program Files\Java
2008-02-24 21:24 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-24 21:19 --------- d-----w C:\Program Files\Common Files\Real
2008-02-24 21:06 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2008-02-24 20:50 1,802 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_ED905AA-ABA a1222n_YC_0Pavi_QMXF546_E54NAheBLU3_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.10_T051014_WXH2_L409_M1023_J250_7AMD_8Athlon 64_92.19_#080224_N10EC8139_Z10573052_G.MRK
2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 15:51 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 01:07 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 01:07 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 01:07 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 01:07 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-12-07 01:07 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2005-05-12 13:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 01:35 49152]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34 245760]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 04:56 544768 C:\WINDOWS\sm56hlpr.exe]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 19:50 253952]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 08:12 49152]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-24 17:59 579072]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-24 17:58 219136]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-24 18:26:01 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 08:23:26 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{00212521-4FEF-4AD3-B3AA-E05CDA254123}"= C:\WINDOWS\system32\search.dll [2007-09-05 10:47 95024]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 19:30:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-03 19:30:49
ComboFix-quarantined-files.txt 2008-03-04 00:30:40
ComboFix2.txt 2008-03-04 00:11:04
.
2008-02-24 22:55:33 --- E O F ---
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP