Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Your computer was infected by an unknown Trojan [CLOSED]


  • This topic is locked This topic is locked

#1
Dave62

Dave62

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

Every time I use Explorer I get the message:

Your computer was infected by an unknown Trojan.
It’s dangerous for your system (Critical files can be lost)!
Chick OK to download the Anti spyware program to clean your system

On Explorer it puts up a warning when doing a Google search that takes you to
Files Secure site to install their program, I did not Install it.

bellow is the log from HijackThis v2.0.2 & ComboFix



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:29 AM, on 3/16/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.co...n...px&id=64855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Media Player - {8388F272-9EDA-4F4E-88FD-4711CBA4BA2B} - C:\Windows\wmpdxm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11177 bytes




ComboFix 08-03-14.4 - Dave 2008-03-15 22:50:25.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.994 [GMT -5:00]
Running from: C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNP8H9KZ\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
C:\Windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

2008-03-15 19:50 . 2008-03-15 19:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-15 19:50 . 2008-03-15 19:50 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-14 00:00 . 2008-03-14 00:01 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-03-14 00:00 . 2008-03-14 00:01 <DIR> d-------- C:\ProgramData\Lavasoft
2008-03-14 00:00 . 2008-03-14 00:00 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-13 23:59 . 2008-03-13 23:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-13 23:26 . 2008-03-13 23:26 <DIR> d-------- C:\Program Files\Files-Secure
2008-03-13 22:22 . 2008-03-14 00:08 <DIR> d-a------ C:\Users\All Users\TEMP
2008-03-13 22:22 . 2008-03-14 00:08 <DIR> d-a------ C:\ProgramData\TEMP
2008-03-13 19:09 . 2008-03-13 19:10 219,648 --a------ C:\Windows\wmpdxm.dll
2008-03-13 19:09 . 2008-03-13 19:10 50 --a------ C:\amp.bat
2008-03-07 22:45 . 2008-03-08 00:31 <DIR> d-------- C:\Users\Dave\DVD
2008-02-19 17:44 . 2008-02-19 17:44 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-18 11:38 . 2008-02-18 11:38 <DIR> d-------- C:\Users\Dave\AppData\Roaming\MSNInstaller
2008-02-17 15:46 . 2008-02-17 15:46 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-17 15:46 . 2008-02-17 15:46 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-17 15:44 . 2008-02-17 15:44 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-17 15:44 . 2008-02-17 15:44 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-17 15:44 . 2008-02-17 15:44 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-17 15:44 . 2008-02-17 15:44 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-17 15:44 . 2008-02-17 15:44 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-17 15:44 . 2008-02-17 15:44 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-17 15:44 . 2008-02-17 15:44 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-17 15:43 . 2008-02-17 15:43 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 15:43 . 2008-02-17 15:43 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-17 15:43 . 2008-02-17 15:43 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-17 15:43 . 2008-02-17 15:43 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-17 15:43 . 2008-02-17 15:43 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-17 15:43 . 2008-02-17 15:43 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-17 15:43 . 2008-02-17 15:43 22,016 --a------ C:\Windows\System32\netiougc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 02:05 --------- d-----w C:\ProgramData\Symantec
2008-03-16 00:51 --------- d-----w C:\Program Files\Windows Mail
2008-02-17 20:43 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 20:43 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 20:43 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 20:43 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 20:40 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-17 20:40 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-17 20:40 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-17 20:40 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-17 20:32 --------- d-----w C:\Program Files\Google
2008-02-14 05:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-14 01:16 --------- d-----w C:\Program Files\Java
2008-02-13 05:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-26 19:39 --------- d-----w C:\ProgramData\MSScanAppDataDir
2008-01-26 18:10 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-01-26 16:55 --------- d-----w C:\Program Files\MGI
2008-01-26 16:13 --------- d-----w C:\ProgramData\Yahoo!
2008-01-26 04:46 --------- d-----w C:\Program Files\Yahoo!
2008-01-25 04:00 --------- d-----w C:\Program Files\Real
2008-01-25 04:00 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-25 04:00 --------- d-----w C:\Program Files\Common Files\Real
2008-01-20 17:04 --------- d-----w C:\Program Files\Kodak
2008-01-20 17:03 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-01-20 17:03 --------- d-----w C:\Program Files\Common Files\Kodak
2008-01-20 16:34 --------- d-----w C:\ProgramData\Kodak
2008-01-20 16:08 --------- d-----w C:\Users\Dave\AppData\Roaming\CyberLink
2008-01-19 14:54 --------- d-----w C:\Users\Dave\AppData\Roaming\InstallShield
2008-01-18 09:02 --------- d-----w C:\Program Files\Microsoft Works
2008-01-18 08:59 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-18 06:11 --------- d-----w C:\Users\Dave\AppData\Roaming\Yahoo!
2008-01-18 06:05 --------- d-----w C:\Program Files\Common Files\L&H
2008-01-18 06:04 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-11 21:47 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-07 02:34 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-07 02:34 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-07 02:34 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-07 02:34 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-07 02:34 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-07 02:34 299,008 ----a-w C:\Windows\System32\wlansec.dll
2008-01-07 02:34 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-07 02:34 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-07 02:34 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-07 02:34 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-07 02:33 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-07 02:33 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-07 02:33 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-07 02:33 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-07 02:33 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-07 02:33 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-07 02:32 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-07 02:32 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-07 02:32 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-07 02:31 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-07 02:31 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-07 02:29 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-07 02:12 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-07 02:12 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-07 02:12 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-07 02:12 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-07 02:12 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-07 02:12 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-07 02:12 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-01-07 02:12 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-07 02:12 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-06 13:23 27,240 ----a-w C:\Users\Dave\AppData\Roaming\nvModes.dat
2007-10-23 06:54 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 20:24 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8388F272-9EDA-4F4E-88FD-4711CBA4BA2B}]
2008-03-13 19:10 219648 --a------ C:\Windows\wmpdxm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
2007-08-31 13:32 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 20:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-11 16:47 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 07:34 2159104 C:\Windows\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 18:10 1783136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-02-13 20:35 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 15:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 15:05 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 15:05 81920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 22:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 17:31 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 16:54 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 02:13 218408]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-23 01:16 1006264]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 18:31 80896]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 10:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 17:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-24 23:00 185896]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 04:45 222208]

C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 06:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-10-23 02:48:53 53248]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-08-23 19:36 455968 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-02-13 20:35 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{29DA7670-1067-4EF0-89EE-9BD6B12C9B54}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CABE275A-2E71-4CD7-BEFE-592949AFE45F}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3EC86714-8387-408B-96E6-981610836165}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6F50D2C4-8E6C-46EE-88E2-254E72827181}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{39B3D989-6E77-4032-8CD7-F8CA94EF8C0D}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{45353C69-11B0-49DF-A153-FAEF489D2F33}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B9D5E06F-0DF6-4F61-A359-53B94B0B938C}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F6A10BF2-F0DE-4AAE-BFE2-504D153C766F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{170CDA6A-111A-4A9A-98ED-2A85D43D77DB}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B81F62E7-E9A4-4330-BE2B-FBF881E4FAB3}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2F635961-175D-4664-B4FD-26A3D12F4096}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{65877A56-48F2-42F3-9CF6-759DED7ADA6B}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{A25F0F3A-F0C0-4F95-B7E7-DB5B6D113CF0}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{9B3EA790-9811-4717-86B6-66315F1ECB37}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8DE7A576-AB43-4B22-9093-ACCCE3677860}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{02EBC901-E7BF-40B4-A190-ED8821F7DCBF}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{518D92A2-79A6-4614-A2AC-F78619B92A48}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080311.007\IDSvix86.sys [2008-02-13 11:18]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 22:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 22:34]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 09:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 18:40]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 19:32]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 13:30]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 16:50]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 13:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 02:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 18:33]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{623a9238-bcca-11dc-a307-001b24edbdd8}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-20 17:10:07 C:\Windows\Tasks\EasyShare Registration Task.job"
- C:\Windows\system32\rundll32.exeZC:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt [email protected]
"2008-03-07 01:11:04 C:\Windows\Tasks\HPCeeScheduleForDave.job"
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
"2008-02-19 02:38:21 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Dave.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-03-16 01:36:21 C:\Windows\Tasks\User_Feed_Synchronization-{2A91F750-1A6B-4EE5-ACAF-8B46E6AF6813}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 22:53:09
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-15 22:53:54
ComboFix-quarantined-files.txt 2008-03-16 03:53:52
.
2008-03-16 00:50:46 --- E O F ---
  • 0

Advertisements


#2
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi Dave62

welcome to geekstogo :)

sorry to keep you waiting. lets do a deeper scan of your machine for me to analyse.

(if your problem has already been resolved, could you just let me know so that i an move onto other logs to help others, thanks)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

you may need to post the logs over 2 replies to ensure all the information is posted.

andrewuk
  • 0

#3
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP