Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hldrrr.exe, srosa.sys, wintems.exe, bagle virus - need help please

Started by NextStopAnywhere , Jun 28 2008 10:55 PM

  • Please log in to reply

#1
NextStopAnywhere
Posted 28 June 2008 - 10:55 PM

NextStopAnywhere

    New Member

  • Member
  • Pip
  • 7 posts
Hi...A few days ago I got hit with the bagle virus, I believe it is the same thing as hldrrr.exe, srosa.sys, wintems.exe. Sorry, I am not sure I understand how it works. I noticed immediately after trying to run a downloaded exe (stupid me!!) my McAffee security center died and I had to reinstall it. But first I ran some other apps (AVAST, Eligabla.exe, combofix) and I thought the problem was fixed. Then it hit again when I tried to boot in safemode. I went through the same steps and thought the virus was gone. And now I am hit again. I tried running a scan from pandasecurity.com but it froze for 2 hours at 10% and said it found 15 infected files. I ran avast and combofix and they don't seem to pick up anything. I am posting a hijackthis & combofix log, I really hope someone can help me fix this. Another question is this - i had been planning to reinstall Windows XP, and now I want to do so ASAP. I bought an external hard drive to backup all my files (pics, music, tv, etc). Since viruses are so insidious, how can I be sure I don't copy the virus onto the backup drive, and then back onto my pc after the windows reinstall ? I greatly apprecaite any help with all of this!

------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:24 AM, on 6/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\1141531636\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141531636\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1141533914765
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....ows-i586-jc.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - c:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O24 - Desktop Component 0: (no name) - file:///C:/Program%20Files/CASIO/Photo%20Loader/Image%20Library/20060308/PREVIEW/CIMG0310.JPG

--
End of file - 9465 bytes



------------------------------------------------------------------------------------------------------




ComboFix 08-06-20.4 - HP_Administrator 2008-06-29 0:29:24.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.929 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))
.

2008-06-28 18:09 . 2008-06-28 18:09 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-28 18:09 . 2008-06-28 18:10 <DIR> d-------- C:\Program Files\Panda Security
2008-06-28 12:23 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-28 12:22 . 2008-06-28 12:23 <DIR> d-------- C:\Program Files\Java
2008-06-28 11:52 . 2008-06-28 11:52 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SiteAdvisor
2008-06-27 13:35 . 2008-04-13 20:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-06-27 12:28 . 2008-06-28 11:52 20,278 --a------ C:\WINDOWS\system32\Config.MPF
2008-06-27 12:21 . 2008-06-28 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-06-27 12:12 . 2008-06-27 12:12 <DIR> d-------- C:\Program Files\CCleaner
2008-06-27 11:36 . 2008-06-27 14:09 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-06-27 11:05 . 2008-06-27 11:05 <DIR> d-------- C:\Program Files\EFM
2008-06-27 10:08 . 2008-06-27 11:04 <DIR> d--hs---- C:\RECYCLER(2)
2008-06-26 13:19 . 2008-06-27 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-26 11:24 . 2008-06-27 11:05 <DIR> d-------- C:\Program Files\SiteAdvisor(2)
2008-06-26 11:23 . 2008-06-26 11:26 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SiteAdvisor(2)
2008-06-26 11:18 . 2008-06-27 11:05 <DIR> d-------- C:\Program Files\Common Files\McAfee(2)
2008-06-25 15:13 . 2008-06-25 15:13 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-06-25 15:13 . 2008-06-25 15:22 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\U3
2008-06-11 06:24 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 06:24 . 2008-06-13 09:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-04 12:37 . 2008-06-04 12:37 <DIR> d-------- C:\Program Files\Virtual CD Control Tool

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 15:03 --------- d-----w C:\Program Files\Picasa2
2008-06-27 15:03 --------- d-----w C:\Program Files\Google
2008-06-25 22:16 68,096 ----a-w C:\WINDOWS\system32\dllcache\sysinfo.exe
2008-06-25 22:16 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe
2008-05-14 19:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-05-08 15:20 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Netscape
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 04:16 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-23 04:16 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-23 04:16 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-23 04:16 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-23 04:16 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-23 04:16 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-01-04 18:31 284 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\ViewerApp.dat
2004-08-10 05:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-10 05:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-07-30 08:04 1,216 --sh--w C:\WINDOWS\Twunk_16.dll
2004-07-30 08:04 1,216 --sh--w C:\WINDOWS\Twunk_32.dll
2004-08-10 05:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-10 05:00 54,784 --sha-w C:\WINDOWS\system32\msvcirt.dll
2004-08-10 05:00 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-10 05:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:38 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-10 05:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-10 05:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 01:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-05-05 05:02 684032]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 17:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 20:19 77312 C:\WINDOWS\arpwrmsg.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 16:59 143360]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 19:35 49152]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-04-25 19:36 1073152]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdateMgr.exe" [2005-09-26 20:42 61440]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 06:41 1605740]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-05 00:08 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-12-23 15:06 180269]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22 3739648]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 04:57 16855552 C:\WINDOWS\RTHDCPL.EXE]
"HostManager"="C:\Program Files\Common Files\AOL\1141531636\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-05-05 05:02 684032]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-03-12 16:46:52 368640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 03:23:26 282624]
HPAiODevice(hp officejet d series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe [2002-03-05 04:28:42 491582]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1141531636\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-04-05 17:33 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1141531636\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\1141531636\\EE\\aolsoftware.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2007-11-26 00:12]
R0 sonypvl3;sonypvl3;C:\WINDOWS\system32\drivers\sonypvl3.sys [2004-09-22 12:55]
R1 sonypvf3;sonypvf3;C:\WINDOWS\system32\drivers\sonypvf3.sys [2004-11-15 14:55]
R1 sonypvt3;sonypvt3;C:\WINDOWS\system32\drivers\sonypvt3.sys [2004-12-06 15:26]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 11:45]
R3 ICAM3NT5;Intel® PC Camera CS331;C:\WINDOWS\system32\Drivers\ICAM3D2.SYS [2001-12-03 12:57]
S1 sonypvd3;Sony DVD Handycam;C:\WINDOWS\system32\DRIVERS\sonypvd3.sys [2004-12-07 16:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Y]
\Shell\AutoRun\command - Y:\Setup.EXE

*Newly Created Service* - RKPAVPROC
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-29 00:31:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-29 0:31:54
ComboFix-quarantined-files.txt 2008-06-29 04:31:48

Pre-Run: 31,195,897,856 bytes free
Post-Run: 31,213,142,016 bytes free

168 --- E O F --- 2008-06-27 16:00:12
  • 0

Advertisements

#2
NextStopAnywhere
Posted 05 July 2008 - 08:28 PM

NextStopAnywhere

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Well, after a hellish week of running every imagineable virus & antispyware scan, I think I have the problem solved.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP