Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Random sounds playing through iexplorer.exe

Started by steve_o_ice , Aug 11 2009 04:33 PM

  • Please log in to reply

#1
steve_o_ice
Posted 11 August 2009 - 04:33 PM

steve_o_ice

    New Member

  • Member
  • Pip
  • 1 posts
Hi, this is my first post and hopefully I will be descriptive enough to receive help.
I just received a horrible virus that now randomly loads iexplore.exe and plays noises. However, no windows open or anything. I know it is through this because when I open task manager and close that task, that the noise then goes away. Please help me it is driving me crazy!

Below is the Hijack Log and Combo-Fix Log.

Thank you!
-Stephen

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:37 PM, on 8/11/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Stephen\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....NPUplden-us.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8552 bytes



ComboFix 09-08-10.06 - Stephen 08/11/2009 20:22.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1982.1284 [GMT -4:00]
Running from: c:\users\Stephen\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1188938763-780217356-4040173663-500
c:\$recycle.bin\S-1-5-21-2769266890-3668698308-309083660-500
C:\LHTEAAB.tmp
c:\windows\Installer\4627645.msi
c:\windows\RM.exe
c:\windows\system32\drivers\SKYNETbdkofxlg.sys
c:\windows\system32\drivers\UACabxutjvpnp.sys
c:\windows\system32\msxml71.dll
c:\windows\system32\net.net
c:\windows\system32\SKYNETbihnfvpv.dll
c:\windows\system32\SKYNETdogqngbq.dll
c:\windows\system32\SKYNETepqmiwij.dat
c:\windows\system32\SKYNETpjeekgfm.dat
c:\windows\system32\UACbvcyugyvon.dll
c:\windows\system32\UACgxutrwhbes.dat
c:\windows\system32\UACiiqrpcicbe.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjofshgkqab.dll
c:\windows\system32\UACposgmqdyqs.dll
c:\windows\system32\UACxnxejpdhav.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETnsusukpm
-------\Service_UACd.sys
-------\Legacy_SKYNETnsusukpm
-------\Legacy_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.

2009-08-12 00:35 . 2009-08-12 01:25 -------- d-----w- c:\users\Stephen\AppData\Local\temp
2009-08-12 00:35 . 2009-08-12 00:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-02 23:01 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-02 23:01 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-02 23:01 . 2008-06-20 01:18 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-02 23:01 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-02 23:01 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-02 23:01 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-02 23:01 . 2008-06-20 01:18 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-02 22:50 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-02 22:50 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-02 22:50 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-02 22:50 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-02 22:49 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-02 22:41 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-08-02 22:40 . 2008-06-05 04:50 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-08-02 22:40 . 2008-06-05 04:50 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-08-02 22:40 . 2008-11-27 04:42 269824 ----a-w- c:\windows\system32\schannel.dll
2009-08-02 22:35 . 2009-04-23 13:01 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-07-30 21:54 . 2009-07-30 21:54 207872 ----a-w- c:\users\Stephen\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-07-30 21:54 . 2009-07-30 21:54 207872 ----a-w- c:\users\Stephen\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-07-30 21:54 . 2009-07-30 21:54 207872 ----a-w- c:\users\Stephen\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-07-30 21:54 . 2009-07-30 21:54 207872 ----a-w- c:\users\Stephen\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 01:25 . 2009-08-02 23:37 28029 ----a-w- c:\progra~2\nvModes.dat
2009-08-12 00:36 . 2008-02-14 06:26 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-11 19:43 . 2009-06-21 22:55 -------- d-----w- c:\users\Stephen\AppData\Roaming\DNA
2009-08-11 19:43 . 2009-06-21 22:55 -------- d-----w- c:\program files\DNA
2009-08-08 01:59 . 2008-03-11 04:15 -------- d-----w- c:\users\Stephen\AppData\Roaming\LimeWire
2009-08-03 15:27 . 2008-02-15 21:49 151416 ----a-w- c:\users\Stephen\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-03 00:19 . 2008-05-30 12:20 -------- d-----w- c:\progra~2\NVIDIA
2009-08-03 00:14 . 2008-02-16 02:25 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-02 23:30 . 2008-02-14 07:30 -------- d-----w- c:\program files\Microsoft Works
2009-08-02 23:29 . 2008-02-14 07:33 -------- d-----w- c:\progra~2\Microsoft Help
2009-08-02 23:14 . 2008-09-21 19:47 -------- d-----w- c:\program files\Microsoft SQL Server
2009-08-01 20:12 . 2008-02-14 06:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-01 19:40 . 2008-09-23 01:19 -------- d-----w- c:\progra~2\Media Center Programs
2009-08-01 19:38 . 2008-07-02 00:06 -------- d-----w- c:\program files\THQ
2009-07-30 21:54 . 2008-05-30 11:33 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-30 21:54 . 2008-05-30 11:33 -------- d-----w- c:\users\Stephen\AppData\Roaming\SystemRequirementsLab
2009-07-18 12:17 . 2009-08-02 22:42 827392 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 12:10 . 2009-08-02 22:42 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-07-18 12:10 . 2009-08-02 22:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 12:07 . 2009-08-02 22:42 72704 ----a-w- c:\windows\system32\admparse.dll
2009-07-18 10:00 . 2009-08-02 22:42 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 08:34 . 2009-08-02 22:42 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-07-11 23:48 . 2008-02-14 07:14 -------- d-----w- c:\progra~2\Roxio
2009-06-30 19:36 . 2009-07-28 18:04 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe
2009-06-30 19:10 . 2009-07-28 18:04 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe
2009-06-30 19:03 . 2009-07-28 18:04 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe
2009-06-30 16:44 . 2009-07-28 18:04 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe
2009-06-26 22:36 . 2009-07-28 18:04 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe
2009-06-22 01:46 . 2009-06-21 22:56 -------- d-----w- c:\users\Stephen\AppData\Roaming\BitTorrent
2009-06-21 22:55 . 2009-06-21 22:55 -------- d-----w- c:\program files\BitTorrent
2009-06-15 15:23 . 2009-08-02 22:41 24064 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 15:22 . 2009-08-02 22:41 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:21 . 2009-08-02 22:41 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 15:20 . 2009-08-02 22:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-06-15 13:03 . 2009-08-02 22:41 289792 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Stephen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Stephen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Stephen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Sprint media monitor.lnk]
path=c:\users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sprint media monitor.lnk
backup=c:\windows\pss\Sprint media monitor.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{846B6448-48BA-42BF-95C4-5140346688CA}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{F4EF8254-4E5B-4952-9833-DC8428097650}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{4DD3BF92-37CE-4EA8-A5A7-E78E3B124E4C}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DFFCC6FD-4C28-4B89-89C5-4B7696A0002F}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{90219B99-721F-4638-9001-798A3500C344}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CE3BC2DC-2ABB-4E3C-9E3A-31D696752ADF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{FE8879B7-0658-46AE-B3A2-C26DD9932C40}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3DDF2E6F-DF30-4555-B02E-829584D40B73}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EC721093-AEC4-4567-8200-039C2421847E}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F0BC4863-33F6-454D-B916-CE613F2EC87A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C55D98C3-CED6-4A28-983C-DE5AF90BB2B9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7E87A3A5-842C-4557-915B-20FFF0506C33}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{56085566-5067-4C67-BF86-8E48A464FEAB}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{570075C7-1CA0-4092-9FD3-1F4AD425FC12}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{7A8C839A-0C2C-4F40-963B-D8B256B0E205}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C781D183-FABE-4E3A-9C69-A713767CF3F1}"= UDP:c:\program files\Steam\Steam.exe:Steam
"{18E361C7-A3E7-4F67-87C0-8E24C65E163B}"= TCP:c:\program files\Steam\Steam.exe:Steam
"TCP Query User{62E386AC-47EF-47CD-B4E1-1801C4D03469}c:\\program files\\red storm entertainment\\ravenshield\\system\\ravenshield.exe"= UDP:c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe:ravenshield
"UDP Query User{F1868F11-B0FC-44CE-B19C-447E71E2FFC3}c:\\program files\\red storm entertainment\\ravenshield\\system\\ravenshield.exe"= TCP:c:\program files\red storm entertainment\ravenshield\system\ravenshield.exe:ravenshield
"{BAF75A9E-1D09-4A53-AFD7-D6EF0284453C}"= UDP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes
"{53A52AB8-C65B-46BF-8485-CD8C1644188D}"= TCP:c:\program files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes
"{11BC7BB9-3E92-4E45-895E-39EA4666E344}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B2D99E61-39FC-4EE7-94C9-76FB47087697}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AFFEC8FA-1D2E-408E-BF87-DCFADE21A190}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3E192AA0-FA16-4DB3-91D4-72170E003C27}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{73E7643C-3C53-42A4-B0C6-49C534ABA199}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{62F2BEAD-FA48-4149-A9C0-C9EDF8F18D78}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{16030245-10BF-461D-AAFF-7E5A8FB041D7}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{4F01EBA0-37E9-443F-AD2E-19C1196EF538}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{30CF4644-FAC2-436E-9633-56DE260B3A3A}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 6:50 PM 30312]
R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 12:49 AM 204800]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2/14/2008 3:21 AM 212280]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\8coarlwx.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 21:25
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2712)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-08-12 21:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-12 01:30

Pre-Run: 72,118,681,600 bytes free
Post-Run: 71,996,530,688 bytes free

292 --- E O F --- 2009-08-02 23:37

Edited by steve_o_ice, 11 August 2009 - 07:51 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP