Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

purityscan [CLOSED]

Started by esotsm_9 , May 17 2008 11:25 AM

  • This topic is locked This topic is locked

#1
esotsm_9
Posted 17 May 2008 - 11:25 AM

esotsm_9

    New Member

  • Member
  • Pip
  • 2 posts
Hi, I was running avg yesterday and discovered purtiyscan trojan. I have followed the guidelines in the forum and have my combofix and hijack this log.
I'd really appreciate it if you could help me out, this f**kin thing is driving me nuts :)

HIJACK THIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:07:05, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\HP\TVPlay\TVPService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\tomas.PC217622645863\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: zPlanner.lnk = C:\Program Files\zPlanner\zPlanner.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CyberLink Media Library Service(HP TVPlay) - Cyberlink - C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 7941 bytes

COMBOFIX

ComboFix 08-05-15.3 - tomas 2008-05-16 23:43:53.1 - NTFSx86
Running from: C:\Documents and Settings\tomas.PC217622645863\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\tomas.PC217622645863\Application Data\ShoppingReport
C:\Documents and Settings\tomas.PC217622645863\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\tomas.PC217622645863\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\tomas.PC217622645863\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\tomas.PC217622645863\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\tomas.PC217622645863\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\tomas.PC217622645863\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\tomas.PC217622645863\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-14 16:02 . 2008-05-14 16:02 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-14 15:21 . 2008-05-17 00:01 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-14 14:50 . 2008-05-16 11:17 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-14 14:50 . 2008-05-14 16:05 <DIR> d-------- C:\Documents and Settings\tomas.PC217622645863\Application Data\AVGTOOLBAR
2008-05-14 14:50 . 2008-05-14 14:50 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-14 14:50 . 2008-05-14 14:50 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-14 14:50 . 2008-05-14 14:50 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-14 14:50 . 2008-05-14 14:50 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-14 14:49 . 2008-05-14 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-14 14:31 . 2008-05-14 14:31 <DIR> d-------- C:\Program Files\AVG
2008-05-07 09:25 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-22 13:00 . 2008-04-22 13:00 <DIR> d-------- C:\Program Files\Mini-stream
2008-04-22 12:36 . 2008-04-22 12:36 <DIR> d-------- C:\Program Files\RM Converter
2008-04-22 11:03 . 2008-04-22 11:03 <DIR> d-------- C:\Documents and Settings\tomas.PC217622645863\Application Data\Apple Computer
2008-04-22 10:07 . 2008-04-22 10:07 <DIR> d-------- C:\Program Files\eRightSoft
2008-04-21 10:05 . 2008-04-21 10:10 <DIR> d-------- C:\Program Files\Ultra Video Joiner
2008-04-21 10:05 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-04-21 10:05 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-04-20 22:58 . 2008-04-20 22:58 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2008-04-20 22:58 . 2008-04-20 22:58 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-07 08:25 --------- d-----w C:\Program Files\Java
2008-04-28 06:35 --------- d-----w C:\Program Files\Qtrax_20080125
2008-04-14 13:01 --------- d-----w C:\Program Files\DVDVideoSoft
2008-04-14 13:01 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-04-12 09:29 --------- d-----w C:\Documents and Settings\tomas.PC217622645863\Application Data\dvdcss
2008-04-11 14:14 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-11 14:14 --------- d-----w C:\Program Files\NCH Software
2008-04-10 08:16 --------- d-----w C:\Program Files\Magic M4A to MP3 Converter
2008-04-08 15:22 --------- d-----w C:\Program Files\AshongSoft
2008-04-01 20:00 --------- d-----w C:\Program Files\Disc2Phone
2008-03-30 22:33 --------- d-----w C:\Program Files\Alarm
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-23 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-03-23 23:25 --------- d-----w C:\Documents and Settings\tomas.PC217622645863\Application Data\River Past G5
2008-03-23 13:33 --------- d-----w C:\Documents and Settings\tomas.PC217622645863\Application Data\Movies Extractor Scout
2008-03-21 16:36 --------- d-----w C:\Program Files\RESIDENT EVIL
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-03 07:53 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:29 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-16 23:26 0 ----a-w C:\Documents and Settings\tomas.PC217622645863\Application Data\wklnhst.dat
2007-10-23 23:39 64,048 ----a-w C:\Documents and Settings\Tomas\PROGRAM1.EXE
2007-05-13 19:39 62,536 ----a-w C:\Documents and Settings\Tomas\CIRCLES.EXE
2007-05-13 19:27 84,883 ----a-w C:\Documents and Settings\Tomas\BUFFON.EXE
2007-05-13 14:25 74,834 ----a-w C:\Documents and Settings\Tomas\SPRINGS.EXE
2007-05-13 14:22 74,814 ----a-w C:\Documents and Settings\Tomas\SPRING.EXE
2007-04-24 18:24 62,234 ----a-w C:\Documents and Settings\Tomas\EVO5.EXE
2007-04-23 19:22 57,282 ----a-w C:\Documents and Settings\Tomas\EVO.EXE
2007-04-19 18:07 84,550 ----a-w C:\Documents and Settings\Tomas\FISH1.EXE
2007-04-16 22:42 63,087 ----a-w C:\Documents and Settings\Tomas\SOLAR.exe
2007-03-25 01:56 122 ----a-w C:\Documents and Settings\Tomas\Application Data\wklnhst.dat
2001-03-20 13:29 84,318 ----a-w C:\Documents and Settings\Tomas\GAME1.EXE
2007-03-23 06:42 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-14 14:50 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-14 14:50 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-14 14:50 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 21:05 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 21:50 729178]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 11:39 94208]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 08:57 405504]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 14:26 233534]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 17:45 507904]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
"TVPService"="C:\Program Files\HP\TVPlay\TVPService.exe" [2006-04-03 14:34 135168]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-22 12:24 185896]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-04-20 22:58 2729584]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-14 14:49 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 01:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\TVPlay\\TVPlay.exe"=
"C:\\Program Files\\HP\\TVPlay\\TVPService.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-14 14:50]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-14 14:50]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-14 14:49]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-14 14:50]
R2 CyberLink Media Library Service(HP TVPlay);CyberLink Media Library Service(HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe" [2006-04-03 14:34]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-04-20 22:58]
R2 TVPCapSvc;CyberLink Background Capture Service (CBCS HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe" [2006-04-03 14:35]
R2 TVPSched;CyberLink Task Scheduler (CTS HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe" [2006-04-03 14:35]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 10:06]
S2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-04-20 22:58]
S3 MODBDA2;DiBcom MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\modbda2.sys [2005-06-04 01:56]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 10:42:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\rundll32.exe
"2008-05-11 01:02:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-14 20:02:00 C:\WINDOWS\Tasks\WebReg 20071207210240.job"
- C:\Program Files\Hewlett-Packard\webreg\bin\hpqwrg.exeC/TaskName 20071207210240 /N
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 00:02:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????8????|?P???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-17 0:05:25
ComboFix-quarantined-files.txt 2008-05-16 23:05:13

Pre-Run: 13,356,343,296 bytes free
Post-Run: 18,747,420,672 bytes free

185 --- E O F --- 2008-05-14 23:32:29
  • 0

Advertisements

#2
greyknight17
Posted 17 May 2008 - 02:12 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)

Do you know what these are for? Do NOT run them if unsure. Delete them instead.

C:\Documents and Settings\Tomas\PROGRAM1.EXE
C:\Documents and Settings\Tomas\CIRCLES.EXE
C:\Documents and Settings\Tomas\BUFFON.EXE
C:\Documents and Settings\Tomas\SPRINGS.EXE
C:\Documents and Settings\Tomas\SPRING.EXE
C:\Documents and Settings\Tomas\EVO5.EXE
C:\Documents and Settings\Tomas\EVO.EXE
C:\Documents and Settings\Tomas\FISH1.EXE
C:\Documents and Settings\Tomas\SOLAR.exe
C:\Documents and Settings\Tomas\GAME1.EXE

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::
C:\WINDOWS\system32\Smab0.dll
C:\WINDOWS\Tasks\At1.job
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far?
  • 0

#3
esotsm_9
Posted 17 May 2008 - 02:48 PM

esotsm_9

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
HI Greyknight, thanks for gettin back to me, appreciate it,

Those programs are just c++ programs I created myself for college, they've been there for a while, so I know thats not the problem.
The computer can't seem to run more than one program at a time, and music and video files skip. I think this is because purityscan is causing Hardware Interrupts is using 90 - 100% of my cpu a lot of the time.

I deleted the file you identified, here is the combofix log






ComboFix 08-05-15.3 - tomas 2008-05-17 21:29:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.410 [GMT 1:00]
Running from: C:\Documents and Settings\tomas.PC217622645863\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\tomas.PC217622645863\Desktop\CFscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\Smab0.dll
C:\WINDOWS\Tasks\At1.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Smab0.dll
C:\WINDOWS\Tasks\At1.job
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.

2008-05-14 16:02 . 2008-05-14 16:02 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-14 15:21 . 2008-05-17 18:10 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-14 14:50 . 2008-05-17 17:36 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-14 14:50 . 2008-05-14 16:05 <DIR> d-------- C:\Documents and Settings\tomas.PC217622645863\Application Data\AVGTOOLBAR
2008-05-14 14:50 . 2008-05-14 14:50 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-14 14:50 . 2008-05-14 14:50 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-14 14:50 . 2008-05-14 14:50 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-14 14:50 . 2008-05-14 14:50 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-14 14:49 . 2008-05-14 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-14 14:31 . 2008-05-14 14:31 <DIR> d-------- C:\Program Files\AVG
2008-05-07 09:25 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-22 13:00 . 2008-04-22 13:00 <DIR> d-------- C:\Program Files\Mini-stream
2008-04-22 12:36 . 2008-04-22 12:36 <DIR> d-------- C:\Program Files\RM Converter
2008-04-22 11:03 . 2008-04-22 11:03 <DIR> d-------- C:\Documents and Settings\tomas.PC217622645863\Application Data\Apple Computer
2008-04-22 10:07 . 2008-04-22 10:07 <DIR> d-------- C:\Program Files\eRightSoft
2008-04-21 10:05 . 2008-04-21 10:10 <DIR> d-------- C:\Program Files\Ultra Video Joiner
2008-04-21 10:05 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-04-21 10:05 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-04-20 22:58 . 2008-04-20 22:58 <DIR> d-------- C:\Program Files\SpeedBit Video Accelerator
2008-04-20 22:58 . 2008-04-20 22:58 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-07 08:25 --------- d-----w C:\Program Files\Java
2008-04-28 06:35 --------- d-----w C:\Program Files\Qtrax_20080125
2008-04-14 13:01 --------- d-----w C:\Program Files\DVDVideoSoft
2008-04-14 13:01 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-04-12 09:29 --------- d-----w C:\Documents and Settings\tomas.PC217622645863\Application Data\dvdcss
2008-04-11 14:14 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-11 14:14 --------- d-----w C:\Program Files\NCH Software
2008-04-10 08:16 --------- d-----w C:\Program Files\Magic M4A to MP3 Converter
2008-04-08 15:22 --------- d-----w C:\Program Files\AshongSoft
2008-04-01 20:00 --------- d-----w C:\Program Files\Disc2Phone
2008-03-30 22:33 --------- d-----w C:\Program Files\Alarm
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-23 23:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-03-23 23:25 --------- d-----w C:\Documents and Settings\tomas.PC217622645863\Application Data\River Past G5
2008-03-23 13:33 --------- d-----w C:\Documents and Settings\tomas.PC217622645863\Application Data\Movies Extractor Scout
2008-03-21 16:36 --------- d-----w C:\Program Files\RESIDENT EVIL
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-03 07:53 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2007-12-16 23:26 0 ----a-w C:\Documents and Settings\tomas.PC217622645863\Application Data\wklnhst.dat
2007-10-23 23:39 64,048 ----a-w C:\Documents and Settings\Tomas\PROGRAM1.EXE
2007-05-13 19:39 62,536 ----a-w C:\Documents and Settings\Tomas\CIRCLES.EXE
2007-05-13 19:27 84,883 ----a-w C:\Documents and Settings\Tomas\BUFFON.EXE
2007-05-13 14:25 74,834 ----a-w C:\Documents and Settings\Tomas\SPRINGS.EXE
2007-05-13 14:22 74,814 ----a-w C:\Documents and Settings\Tomas\SPRING.EXE
2007-04-24 18:24 62,234 ----a-w C:\Documents and Settings\Tomas\EVO5.EXE
2007-04-23 19:22 57,282 ----a-w C:\Documents and Settings\Tomas\EVO.EXE
2007-04-19 18:07 84,550 ----a-w C:\Documents and Settings\Tomas\FISH1.EXE
2007-04-16 22:42 63,087 ----a-w C:\Documents and Settings\Tomas\SOLAR.exe
2007-03-25 01:56 122 ----a-w C:\Documents and Settings\Tomas\Application Data\wklnhst.dat
2001-03-20 13:29 84,318 ----a-w C:\Documents and Settings\Tomas\GAME1.EXE
2007-03-23 06:42 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-17_ 0.04.45.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-14 14:50 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-14 14:50 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-14 14:50 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 21:05 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 21:50 729178]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 11:39 94208]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 08:57 405504]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 14:26 233534]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 17:45 507904]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 19:05 734264]
"TVPService"="C:\Program Files\HP\TVPlay\TVPService.exe" [2006-04-03 14:34 135168]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-22 12:24 185896]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-04-20 22:58 2729584]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-14 14:49 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 01:39:30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\TVPlay\\TVPlay.exe"=
"C:\\Program Files\\HP\\TVPlay\\TVPService.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-14 14:50]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-14 14:50]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-14 14:49]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-14 14:50]
R2 CyberLink Media Library Service(HP TVPlay);CyberLink Media Library Service(HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\CLML_NTService\CLMLServer.exe" [2006-04-03 14:34]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-04-20 22:58]
R2 TVPCapSvc;CyberLink Background Capture Service (CBCS HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe" [2006-04-03 14:35]
R2 TVPSched;CyberLink Task Scheduler (CTS HP TVPlay);"C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe" [2006-04-03 14:35]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 10:06]
S2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-04-20 22:58]
S3 MODBDA2;DiBcom MOD3000 TV receiver;C:\WINDOWS\system32\Drivers\modbda2.sys [2005-06-04 01:56]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-11 01:02:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-17 20:02:00 C:\WINDOWS\Tasks\WebReg 20071207210240.job"
- C:\Program Files\Hewlett-Packard\webreg\bin\hpqwrg.exeC/TaskName 20071207210240 /N
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 21:36:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????8????|?P???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-17 21:39:32
ComboFix-quarantined-files.txt 2008-05-17 20:38:55
ComboFix2.txt 2008-05-16 23:05:27

Pre-Run: 19,960,487,936 bytes free
Post-Run: 19,948,425,216 bytes free

182 --- E O F --- 2008-05-17 12:52:52
  • 0

#4
greyknight17
Posted 18 May 2008 - 07:54 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you still get the lag issues? If so, run the following scans:

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Perform an online scan with Internet Explorer at Panda ActiveScan http://www.pandasoft.../activescan.htm

* Click on 'Scan your PC' button. There should be a popup - if you have a pop-up blocker, make sure it's not blocking it.
* Click 'Check Now' & a pop-up window will appear.
* Enter your Country, State and E-mail Address & click 'Scan Now' - begin downloading Panda's ActiveX controls (8 MB size).
* Begin the scan by selecting My Computer.
* If it finds any malware, it will offer you a report. Ignore any entry it finds (since it wants you to buy the program for removal) as we will address this later.
* Click on see report. Then click Save report.
* Post that log in your next reply.
  • 0

#5
greyknight17
Posted 24 May 2008 - 06:38 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP