Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Trying To Clean Up A Computer, Need Help
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 12-05-2008, 06:15 PM   #1 (permalink)
Registered User
 
Join Date: Jan 2005
Posts: 75
OS: Win XP


Trying To Clean Up A Computer, Need Help
Here is the HJT log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:54:34 PM, on 12/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\USER\Application Data\Twain\Twain.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\spoolsv.exe
C:\hjt\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/clientapps/Au...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\system32\geBtQJAS.dll
O2 - BHO: {e00a6b26-8d5f-c618-2d64-dc49316f367b} - {b763f613-94cd-46d2-816c-f5d862b6a00e} - C:\WINDOWS\system32\xossxf.dll
O2 - BHO: (no name) - {BEB8F242-5FED-4245-99ED-CD6E1FDEA2F9} - C:\WINDOWS\system32\vtUonNDT.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\USER\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [SysDriver32] C:\WINDOWS\sys_32.exe
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [Twain] C:\Documents and Settings\USER\Application Data\Twain\Twain.exe (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [SysDriver32] C:\WINDOWS\sys_32.exe (User '?')
O4 - S-1-5-21-4290049-839715340-908924317-1006 Startup: QuickLink Mobile.lnk = C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe (User '?')
O4 - Startup: QuickLink Mobile.lnk = C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/c...ploader_v6.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/onlin...meLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{93DC1673-FFB3-44D6-8722-5AE5C792E0A1}: NameServer = 85.255.113.118;85.255.112.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.118;85.255.112.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.118;85.255.112.100
O20 - Winlogon Notify: geBtQJAS - C:\WINDOWS\SYSTEM32\geBtQJAS.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 12848 bytes
Buddha61 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 12-07-2008, 09:49 AM   #2 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: Trying To Clean Up A Computer, Need Help
Hi Buddha61

I am happy to help you but could you please run the following tools, I dont want to jump in until I have a better picture of what is going on :)

=================================


Before scanning, make sure all other running programs are closed
There shouldn't be any scheduled antivirus scans running while the scan is being performed.
Do not use your computer for anything else during the scan.



====
DDS:
====

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
    1. DDS.txt
    2. Attach.txt


=====
GMER:
=====

Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...say NO.
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and make sure the Show all box is unchecked.
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries




===========================
How the logs should be furnished:
===========================

Copy/Paste the contents of 'DDS.txt' to be posted as text to your post
The other two logs ...

* attach.txt
* gmer.txt

... should be zipped/archived before attaching to the post







When posting your reply, the zipped file may be attached by clicking the [Manage Attachments] button.
It's located under [Additonal Options] on the composition page.
Browse to where you saved the file, and click Upload.






Checklist
  1. DDS.txt - copy/pasted directly into Reply box
  2. Attach.txt - attached to post
  3. gmer.txt - attached to post
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 11:02 AM   #3 (permalink)
Registered User
 
Join Date: Jan 2005
Posts: 75
OS: Win XP


Re: Trying To Clean Up A Computer, Need Help
DDS (Version 1.0) - NTFSx86
Run by USER at 12:45:37.71 on Sun 12/07/2008

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://us.rd.yahoo.com/clientapps/AutoSearch/SearchBarCU/YSetSearch/2007/06/26/*http://www.yahoo.com/ext/search/search.html
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - c:\windows\system32\geBtQJAS.dll
BHO: {b763f613-94cd-46d2-816c-f5d862b6a00e} - c:\windows\system32\xossxf.dll
BHO: {BD216009-F7E2-428C-A154-F76335A731D7} - c:\windows\system32\vtUonNDT.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Twain] c:\documents and settings\user\application data\twain\Twain.exe
uRun: [SysDriver32] c:\windows\sys_32.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\quickl~1.lnk - c:\program files\alltel\quicklink mobile\QuickLink Mobile.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 85.255.113.118;85.255.112.100
TCP: {06BDF105-39BE-4C1F-841C-FF59FDB7180A} = 85.255.113.118;85.255.112.100
TCP: {93DC1673-FFB3-44D6-8722-5AE5C792E0A1} = 85.255.113.118;85.255.112.100
Notify: AtiExtEvent - Ati2evxx.dll
Notify: geBtQJAS - geBtQJAS.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - c:\windows\system32\geBtQJAS.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\vtUonNDT

============= SERVICES / DRIVERS ===============

RSPR?S?C?P?P?01234RSPR?S?C?P?P?01234

=============== Created Last 30 ================

2008-12-05 17:50 129,024 a------- c:\windows\system32\hcqdmu.dll
2008-12-05 17:50 129,024 a------- c:\windows\system32\peaevvww.dll
2008-12-05 17:47 120 ---sh--- c:\windows\system32\rlqagcwt.ini
2008-12-05 17:47 72,704 a------- c:\windows\system32\twcgaqlr.dll
2008-12-05 16:50 <DIR> --d----- c:\program files\Lavasoft
2008-12-05 16:48 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-05 16:48 <DIR> --d----- C:\hjt
2008-12-04 23:36 27,904 a------- c:\windows\system32\drivers\Ndisprot.sys
2008-12-04 23:36 <DIR> --dshr-- C:\resycled
2008-12-04 23:36 255 ---shr-- C:\autorun.inf
2008-12-04 23:35 2,405 a------- c:\windows\sys_32.exe
2008-12-04 23:35 2,405 a------- c:\windows\system32\~.exe
2008-12-04 19:19 114,688 a------- c:\windows\system32\dqlsatoe.dll
2008-12-04 19:06 1,482,400 ---sh--- c:\windows\system32\weitwrux.ini
2008-12-04 19:06 72,704 a------- c:\windows\system32\xurwtiew.dll
2008-12-03 19:33 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-12-03 14:55 129,024 a------- c:\windows\system32\xossxf.dll
2008-12-03 14:55 129,024 a------- c:\windows\system32\hrlnppao.dll
2008-12-03 14:52 1,423,173 ---sh--- c:\windows\system32\nbxgwxsj.ini
2008-12-01 16:29 1,375,214 ---sh--- c:\windows\system32\ivpphxpf.ini
2008-12-01 16:29 72,704 a------- c:\windows\system32\fpxhppvi.dll
2008-12-01 16:26 129,024 a------- c:\windows\system32\nstjth.dll
2008-12-01 16:26 129,024 a------- c:\windows\system32\bqkkveyb.dll
2008-12-01 12:28 1,375,205 ---sh--- c:\windows\system32\iskipkab.ini
2008-12-01 12:26 129,024 a------- c:\windows\system32\ylizrs.dll
2008-12-01 12:25 129,024 a------- c:\windows\system32\xtbsxmha.dll
2008-11-30 13:21 143 a------- c:\windows\system32\mcrh.tmp
2008-11-30 12:27 1,691,436 ---sh--- c:\windows\system32\gmbfshfg.ini
2008-11-30 12:27 72,704 a------- c:\windows\system32\gfhsfbmg.dll
2008-11-30 12:24 129,024 a------- c:\windows\system32\amklpr.dll
2008-11-30 12:24 129,024 a------- c:\windows\system32\hiototag.dll
2008-11-29 20:11 1,409 a------- c:\windows\QTFont.for
2008-11-29 20:11 54,156 a---h--- c:\windows\QTFont.qfn
2008-11-29 18:41 0 a------- c:\docume~1\user\applic~1\wklnhst.dat
2008-11-29 16:02 0 a------- c:\windows\system32\winsrc.dll.tmp
2008-11-29 14:38 <DIR> --dsh--- c:\windows\VVNFUg
2008-11-29 14:38 <DIR> --d----- c:\program files\InetGet2
2008-11-29 12:53 <DIR> --d----- c:\docume~1\user\applic~1\Twain
2008-11-29 12:22 <DIR> --d----- c:\program files\Mjcore
2008-11-29 11:57 1,691,436 ---sh--- c:\windows\system32\ofoibfis.ini
2008-11-29 11:54 129,024 a------- c:\windows\system32\ocznqs.dll
2008-11-29 11:53 129,024 a------- c:\windows\system32\tlbhgrbk.dll
2008-11-29 11:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2008-11-29 11:42 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2008-11-29 11:42 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2008-11-29 11:41 271,704 a----r-- c:\windows\system32\hpzids01.dll
2008-11-29 11:41 117,760 a------- c:\windows\system32\hpzll5mu.dll
2008-11-29 11:41 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2008-11-29 11:40 729,088 a----r-- c:\windows\system32\hpowiax7.dll
2008-11-29 11:40 581,632 a----r-- c:\windows\system32\hpotscl6.dll
2008-11-29 11:40 372,736 a----r-- c:\windows\system32\hppldcoi.dll
2008-11-29 11:40 303,104 a----r-- c:\windows\system32\hpovst15.dll
2008-11-29 11:31 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2008-11-29 11:28 <DIR> --d----- c:\program files\common files\HP
2008-11-29 11:26 <DIR> --d----- c:\program files\HP
2008-11-29 11:26 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2008-11-29 11:26 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2008-11-29 11:23 157,428 a------- c:\windows\hpoins27.dat
2008-11-29 11:23 932 -------- c:\windows\hpomdl27.dat
2008-11-28 09:01 117,248 a------- c:\windows\system32\ieupdates.exe
2008-11-28 00:48 129,024 a------- c:\windows\system32\vclphv.dll
2008-11-28 00:48 129,024 a------- c:\windows\system32\qmvqsuvf.dll
2008-11-28 00:46 1,648,525 ---sh--- c:\windows\system32\pcvbxcgk.ini
2008-11-28 00:45 875,888 a--sh--- c:\windows\system32\TDNnoUtv.ini
2008-11-28 00:45 875,760 a--sh--- c:\windows\system32\TDNnoUtv.ini2
2008-11-28 00:45 318,464 a------- c:\windows\system32\vtUonNDT.dll
2008-11-28 00:40 <DIR> --d----- c:\docume~1\user\applic~1\gadcom
2008-11-28 00:40 25,600 a------- c:\windows\system32\opnomlKe.dll
2008-11-28 00:40 25,600 a------- c:\windows\system32\geBtQJAS.dll
2008-11-28 00:40 22,528 a------- c:\windows\system32\digeste.dll
2008-11-28 00:40 22,528 a------- c:\documents and settings\user\~.exe
2008-11-19 18:11 <DIR> --d----- c:\program files\Disney Interactive
2008-11-19 18:10 1,220 a------- c:\windows\disney.ini

==================== Find3M ====================

2008-10-24 06:10 453,632 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-09-30 19:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 06:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-08-07 19:36 0 a------- c:\program files\temp01
2007-07-23 22:01 1,589 a------- c:\program files\ALLTEL Internet Accelerator Client setup.log

============= FINISH: 12:47:40.25 ===============
Attached Files
File Type: zip Attach.zip (4.5 KB, 0 views)
Buddha61 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 11:23 AM   #4 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: Trying To Clean Up A Computer, Need Help
Hi

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 12:27 PM   #5 (permalink)
Registered User
 
Join Date: Jan 2005
Posts: 75
OS: Win XP


Re: Trying To Clean Up A Computer, Need Help
ComboFix 08-12-06.06 - USER 2008-12-07 13:59:44.1 - NTFSx86

Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\All Users\Application Data\salesmonitor
c:\documents and settings\All Users\Application Data\WinAntiVirus Pro 2007
c:\documents and settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr
c:\documents and settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode
c:\documents and settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\USER\Application Data\DriveCleaner Freeware
c:\documents and settings\USER\Application Data\DriveCleaner Freeware\Logs\update.log
c:\documents and settings\USER\Application Data\FunWebProducts
c:\documents and settings\USER\Application Data\FunWebProducts\Data\USER\wffavs.dat
c:\documents and settings\USER\Application Data\gadcom
c:\documents and settings\USER\Application Data\gadcom\gadcom.exe
c:\documents and settings\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
c:\documents and settings\USER\Application Data\twain\Twain.exe
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007\avtasks.dat
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007\CookieList.dat
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007\history.db
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007\Logs\update.log
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007\Logs\wa7Support.log
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007\Logs\winav.log
c:\documents and settings\USER\Application Data\WinAntiVirus Pro 2007\PGE.dat
c:\documents and settings\USER\err.log
c:\documents and settings\USER\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\USER\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\USER\Start Menu\Programs\PlayMP3z
c:\documents and settings\USER\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk
c:\program files\Common Files\winantivirus pro 2007
c:\program files\Common Files\winantivirus pro 2007\err.log
c:\program files\FBrowserAdvisor
c:\program files\inetget2
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\program files\USS
C:\resycled
c:\resycled\boot.com
c:\windows\Downloaded Program Files\USDR6_9999_N18M1603NetInstaller.exe
c:\windows\system32\~.exe
c:\windows\system32\amklpr.dll
c:\windows\system32\axtiuncg.dll
c:\windows\system32\bfhmrd.dll
c:\windows\system32\bqkkveyb.dll
c:\windows\system32\digeste.dll
c:\windows\system32\dqlsatoe.dll
c:\windows\system32\fpxhppvi.dll
c:\windows\system32\geBtQJAS.dll
c:\windows\system32\gfhsfbmg.dll
c:\windows\system32\hcqdmu.dll
c:\windows\system32\hiototag.dll
c:\windows\system32\hpowiax7.dll
c:\windows\system32\hrlnppao.dll
c:\windows\system32\huqrenxq.dll
c:\windows\system32\ieupdates.exe
c:\windows\system32\mcrh.tmp
c:\windows\system32\nstjth.dll
c:\windows\system32\ocznqs.dll
c:\windows\system32\opnomlKe.dll
c:\windows\system32\peaevvww.dll
c:\windows\system32\qmvqsuvf.dll
c:\windows\system32\stera.job
c:\windows\system32\TDNnoUtv.ini
c:\windows\system32\TDNnoUtv.ini2
c:\windows\system32\tlbhgrbk.dll
c:\windows\system32\twcgaqlr.dll
c:\windows\system32\vclphv.dll
c:\windows\system32\vtUonNDT.dll
c:\windows\system32\wingamma.exe
c:\windows\system32\winsrc.dll.tmp
c:\windows\system32\xossxf.dll
c:\windows\system32\xtbsxmha.dll
c:\windows\system32\xurwtiew.dll
c:\windows\system32\ylizrs.dll
c:\windows\wiaserviv.log
E:\autorun.inf
E:\resycled
e:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_WASFSD


((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-07 14:07 . 2008-12-07 14:07 <DIR> dr-hs---- C:\resycled
2008-12-07 13:45 . 2008-12-07 13:45 1,479,822 --ahs---- c:\windows\system32\qxnerquh.ini
2008-12-07 12:50 . 2008-12-07 12:50 250 --a------ c:\windows\gmer.ini
2008-12-05 18:01 . 2006-03-20 14:06 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-12-05 18:01 . 2006-03-20 14:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-12-05 18:01 . 2006-03-20 14:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\toshiba
2008-12-05 18:01 . 2006-05-15 13:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-12-05 18:01 . 2006-03-20 16:52 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterVideo
2008-12-05 18:01 . 2006-05-15 13:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL
2008-12-05 18:01 . 2008-12-05 18:01 <DIR> d-------- c:\documents and settings\Administrator
2008-12-05 17:47 . 2008-12-05 17:47 120 --ahs---- c:\windows\system32\rlqagcwt.ini
2008-12-05 16:50 . 2008-12-05 16:50 <DIR> d-------- c:\program files\Lavasoft
2008-12-05 16:50 . 2008-12-05 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-05 16:48 . 2008-12-05 16:48 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-05 16:48 . 2008-12-05 19:54 <DIR> d-------- C:\hjt
2008-12-04 23:36 . 2008-12-07 13:43 27,904 --a------ c:\windows\system32\drivers\Ndisprot.sys
2008-12-04 23:35 . 2008-12-04 23:35 2,405 --a------ c:\windows\sys_32.exe
2008-12-04 19:06 . 2008-12-04 19:06 1,482,400 --ahs---- c:\windows\system32\weitwrux.ini
2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\alot
2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Yahoo!
2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\documents and settings\LocalService\Application Data\alot
2008-12-03 19:33 . 2008-10-16 17:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-03 14:52 . 2008-12-03 14:52 1,423,173 --ahs---- c:\windows\system32\nbxgwxsj.ini
2008-12-01 16:29 . 2008-12-01 17:02 1,375,214 --ahs---- c:\windows\system32\ivpphxpf.ini
2008-12-01 12:28 . 2008-12-01 12:29 1,375,205 --ahs---- c:\windows\system32\iskipkab.ini
2008-11-30 12:27 . 2008-11-30 12:27 1,691,436 --ahs---- c:\windows\system32\gmbfshfg.ini
2008-11-29 20:11 . 2008-12-03 19:20 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-29 20:11 . 2008-11-29 20:11 1,409 --a------ c:\windows\QTFont.for
2008-11-29 18:41 . 2008-11-29 18:41 <DIR> d-------- c:\documents and settings\USER\Application Data\Template
2008-11-29 18:41 . 2008-11-29 18:41 0 --a------ c:\documents and settings\USER\Application Data\wklnhst.dat
2008-11-29 14:38 . 2008-12-05 18:00 <DIR> d--hs---- c:\windows\VVNFUg
2008-11-29 12:53 . 2008-12-07 14:02 <DIR> d-------- c:\documents and settings\USER\Application Data\Twain
2008-11-29 11:57 . 2008-11-29 11:57 1,691,436 --ahs---- c:\windows\system32\ofoibfis.ini
2008-11-29 11:53 . 2008-11-29 11:53 <DIR> d-------- c:\documents and settings\USER\Application Data\HP
2008-11-29 11:46 . 2008-11-29 11:46 <DIR> d-------- c:\documents and settings\USER\Application Data\HPAppData
2008-11-29 11:44 . 2008-11-29 11:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-11-29 11:42 . 2008-11-29 11:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-29 11:42 . 2007-10-30 04:25 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-11-29 11:42 . 2007-10-30 04:25 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-11-29 11:41 . 2007-11-08 09:52 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-11-29 11:41 . 2007-10-20 21:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll
2008-11-29 11:41 . 2007-10-30 04:25 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-11-29 11:40 . 2007-10-30 04:11 581,632 -ra------ c:\windows\system32\hpotscl6.dll
2008-11-29 11:40 . 2007-10-30 04:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2008-11-29 11:40 . 2007-10-30 04:11 303,104 -ra------ c:\windows\system32\hpovst15.dll
2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-29 11:31 . 2008-11-29 11:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-29 11:28 . 2008-11-29 11:28 <DIR> d-------- c:\program files\Common Files\HP
2008-11-29 11:26 . 2008-11-29 11:31 <DIR> d-------- c:\program files\HP
2008-11-29 11:26 . 2004-08-04 02:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-29 11:26 . 2004-08-04 02:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-11-29 11:23 . 2008-11-29 11:44 157,428 --a------ c:\windows\hpoins27.dat
2008-11-29 11:23 . 2008-01-18 10:56 932 --------- c:\windows\hpomdl27.dat
2008-11-28 00:46 . 2008-11-28 01:23 1,648,525 --ahs---- c:\windows\system32\pcvbxcgk.ini
2008-11-28 00:40 . 2008-11-28 00:40 22,528 --a------ c:\documents and settings\USER\~.exe
2008-11-19 18:11 . 2008-11-19 18:16 <DIR> d-------- c:\program files\Disney Interactive
2008-11-19 18:10 . 2008-11-19 18:17 1,220 --a------ c:\windows\disney.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 23:56 --------- d-----w c:\program files\Google
2008-12-05 23:26 --------- d-----w c:\program files\TOSHIBA
2008-11-22 18:50 --------- d-----w c:\documents and settings\USER\Application Data\U3
2008-11-19 23:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 23:16 --------- d-----w c:\program files\QuickTime
2008-10-25 07:08 --------- d-----w c:\documents and settings\USER\Application Data\Yahoo!
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-08-08 00:36 0 ----a-w c:\program files\temp01
2007-07-24 03:01 1,589 ----a-w c:\program files\ALLTEL Internet Accelerator Client setup.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"SysDriver32"="c:\windows\sys_32.exe" [2008-12-04 2405]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-03-06 356352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-02 82012]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-19 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-03 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 c:\windows\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]

c:\documents and settings\USER\Start Menu\Programs\Startup\
QuickLink Mobile.lnk - c:\program files\Alltel\QuickLink Mobile\QuickLink Mobile.exe [2007-06-26 1493144]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 176128]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-03-20 155648]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - c:\resycled\boot.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

BHO-{25E72675-7ABA-4984-9BAD-34CC3BA08558} - c:\windows\system32\vtUonNDT.dll
BHO-{b763f613-94cd-46d2-816c-f5d862b6a00e} - c:\windows\system32\xossxf.dll
HKLM-Run-Windows Gamma Display - c:\windows\system32\wingamma.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
TCP: NameServer = 85.255.113.118;85.255.112.100
TCP: {06BDF105-39BE-4C1F-841C-FF59FDB7180A} = 85.255.113.118;85.255.112.100
TCP: {93DC1673-FFB3-44D6-8722-5AE5C792E0A1} = 85.255.113.118;85.255.112.100

c:\windows\Downloaded Program Files\PogoWebLauncher.ocx - O16 -: {3107C2A8-9F0B-4404-A58B-21BD85268FBC}
hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

c:\windows\Downloaded Program Files\PTGameLauncher.dll - O16 -: {EF148DBB-5B6D-4130-B2A1-661571E86260}
hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
c:\windows\Downloaded Program Files\PTGameLauncher.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 14:20:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxpqltoiqh.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\acs.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2008-12-07 14:25:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 19:25:02

Pre-Run: 42,516,275,200 bytes free
Post-Run: 42,497,634,304 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

308 --- E O F --- 2008-11-13 17:37:14
Buddha61 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 02:12 PM   #6 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: Trying To Clean Up A Computer, Need Help
Hi Buddha61

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

===============================================

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

===============================================


Please download FixWareout and Save it to your Desktop.

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon.

===============================================
  • Right-click FixWareout and select Run as Administrator, then click Run
  • Click Next
  • Click Install
  • Click Finish
  • A command box will open. Press any key to continue.
  • The fix will begin. Please follow the prompts.
  • You will be asked to reboot your computer. Click OK. Your system may take longer than usual to load. This is normal.
  • Click OK to "Beginning fix".
  • Click OK when finished.

Note: If you have Internet connection problems, find and double-click the registry file dnsbak.reg located here: C:\fixwareout\dnsbak.reg
and if you did, be sure to mention it to your helper.

Once the desktop loads, a text file will open (report.txt), you can close it - the file has already been saved.

Finally, please post the contents of the text file that opened earlier (you can find it at C:\fixwareout\report.txt), in your next reply.

===========================

Open notepad and carefully copy/paste all the text in the code box below into it:


Code:

File::
c:\windows\system32\dllcache\usbccgp.sys
c:\windows\system32\drivers\usbccgp.sys
c:\windows\system32\ofoibfis.ini
c:\windows\system32\pcvbxcgk.ini
c:\documents and settings\USER\~.exe
c:\windows\system32\gmbfshfg.ini
c:\windows\system32\iskipkab.ini
c:\windows\system32\ivpphxpf.ini
c:\windows\system32\nbxgwxsj.ini
c:\windows\system32\weitwrux.ini
c:\windows\sys_32.exe
c:\windows\system32\rlqagcwt.ini
c:\windows\system32\qxnerquh.ini
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

================================================

Establish an internet connection & perform an online scan with Internet Explorer at one of the following linksAnswer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.


=================

Please Run a scan with HiJackThis and save the log

=================

In your next post, please include fresh logs from:
  • C:\fixwareout\report.txt
  • ComboFix.txt
  • Kaspersky report
  • HiJackThis
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 03:38 PM   #7 (permalink)
Registered User
 
Join Date: Jan 2005
Posts: 75
OS: Win XP


Re: Trying To Clean Up A Computer, Need Help
I have tried 5 times to run the online scan. It keeps telling me I need java 1.5 or greater, and have went to the java site and downloaded the newest and it still won't run. Here are the other logs that you wanted.

Username "USER" - 12/07/2008 16:41:02 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.113.118;85.255.112.100 " <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{06BDF105-39BE-4C1F-841C-FF59FDB7180A}
"nameserver"="85.255.113.118;85.255.112.100" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{93DC1673-FFB3-44D6-8722-5AE5C792E0A1}
"nameserver"="85.255.113.118;85.255.112.100" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{06BDF105-39BE-4C1F-841C-FF59FDB7180A}
"DhcpNameServer"="85.255.113.118;85.255.112.100" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{93DC1673-FFB3-44D6-8722-5AE5C792E0A1}
"DhcpNameServer"="85.255.113.118;85.255.112.100" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"NDSTray.exe"="NDSTray.exe"
"TPSMain"="TPSMain.exe"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\DLACTRLW.exe"
"Pinger"="C:\\toshiba\\ivp\\ism\\pinger.exe"
"Tvs"="C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe"
"TFncKy"="TFncKy.exe"
"TDispVol"="TDispVol.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"YSearchProtection"="\"C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"hpqSRMon"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqSRMon.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"YSearchProtection"="C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"Search Protection"="C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"
"SysDriver32"="C:\\WINDOWS\\sys_32.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


ComboFix 08-12-06.06 - USER 2008-12-07 16:47:39.2 - NTFSx86

Running from: c:\documents and settings\USER\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt

FILE ::
c:\documents and settings\USER\~.exe
c:\windows\sys_32.exe
c:\windows\system32\dllcache\usbccgp.sys
c:\windows\system32\drivers\usbccgp.sys
c:\windows\system32\gmbfshfg.ini
c:\windows\system32\iskipkab.ini
c:\windows\system32\ivpphxpf.ini
c:\windows\system32\nbxgwxsj.ini
c:\windows\system32\ofoibfis.ini
c:\windows\system32\pcvbxcgk.ini
c:\windows\system32\qxnerquh.ini
c:\windows\system32\rlqagcwt.ini
c:\windows\system32\weitwrux.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\USER\~.exe
C:\resycled
c:\windows\sys_32.exe
c:\windows\system32\dllcache\usbccgp.sys
c:\windows\system32\drivers\usbccgp.sys
c:\windows\system32\gmbfshfg.ini
c:\windows\system32\iskipkab.ini
c:\windows\system32\ivpphxpf.ini
c:\windows\system32\nbxgwxsj.ini
c:\windows\system32\ofoibfis.ini
c:\windows\system32\pcvbxcgk.ini
c:\windows\system32\qxnerquh.ini
c:\windows\system32\rlqagcwt.ini
c:\windows\system32\weitwrux.ini
E:\autorun.inf
E:\resycled
e:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-07 16:40 . 2008-12-07 16:44 <DIR> d-------- C:\fixwareout
2008-12-07 12:50 . 2008-12-07 12:50 250 --a------ c:\windows\gmer.ini
2008-12-05 18:01 . 2006-03-20 14:06 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-12-05 18:01 . 2006-03-20 14:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-12-05 18:01 . 2006-03-20 14:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\toshiba
2008-12-05 18:01 . 2006-05-15 13:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\McAfee.com Personal Firewall
2008-12-05 18:01 . 2006-03-20 16:52 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterVideo
2008-12-05 18:01 . 2006-05-15 13:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL
2008-12-05 18:01 . 2008-12-05 18:01 <DIR> d-------- c:\documents and settings\Administrator
2008-12-05 16:50 . 2008-12-05 16:50 <DIR> d-------- c:\program files\Lavasoft
2008-12-05 16:50 . 2008-12-05 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-05 16:48 . 2008-12-05 16:48 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-05 16:48 . 2008-12-05 19:54 <DIR> d-------- C:\hjt
2008-12-04 23:36 . 2008-12-07 13:43 27,904 --a------ c:\windows\system32\drivers\Ndisprot.sys
2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\alot
2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Yahoo!
2008-12-03 19:37 . 2008-12-03 19:37 <DIR> d-------- c:\documents and settings\LocalService\Application Data\alot
2008-12-03 19:33 . 2008-10-16 17:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-29 20:11 . 2008-12-03 19:20 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-29 20:11 . 2008-11-29 20:11 1,409 --a------ c:\windows\QTFont.for
2008-11-29 18:41 . 2008-11-29 18:41 <DIR> d-------- c:\documents and settings\USER\Application Data\Template
2008-11-29 18:41 . 2008-11-29 18:41 0 --a------ c:\documents and settings\USER\Application Data\wklnhst.dat
2008-11-29 14:38 . 2008-12-05 18:00 <DIR> d--hs---- c:\windows\VVNFUg
2008-11-29 12:53 . 2008-12-07 14:02 <DIR> d-------- c:\documents and settings\USER\Application Data\Twain
2008-11-29 11:53 . 2008-11-29 11:53 <DIR> d-------- c:\documents and settings\USER\Application Data\HP
2008-11-29 11:46 . 2008-11-29 11:46 <DIR> d-------- c:\documents and settings\USER\Application Data\HPAppData
2008-11-29 11:44 . 2008-11-29 11:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2008-11-29 11:42 . 2008-11-29 11:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-29 11:42 . 2007-10-30 04:25 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2008-11-29 11:42 . 2007-10-30 04:25 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2008-11-29 11:41 . 2007-11-08 09:52 271,704 -ra------ c:\windows\system32\hpzids01.dll
2008-11-29 11:41 . 2007-10-20 21:25 117,760 --a------ c:\windows\system32\hpzll5mu.dll
2008-11-29 11:41 . 2007-10-30 04:25 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2008-11-29 11:40 . 2007-10-30 04:11 581,632 -ra------ c:\windows\system32\hpotscl6.dll
2008-11-29 11:40 . 2007-10-30 04:25 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2008-11-29 11:40 . 2007-10-30 04:11 303,104 -ra------ c:\windows\system32\hpovst15.dll
2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\program files\Hewlett-Packard
2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2008-11-29 11:31 . 2008-11-29 11:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-29 11:31 . 2008-11-29 11:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2008-11-29 11:28 . 2008-11-29 11:28 <DIR> d-------- c:\program files\Common Files\HP
2008-11-29 11:26 . 2008-11-29 11:31 <DIR> d-------- c:\program files\HP
2008-11-29 11:23 . 2008-11-29 11:44 157,428 --a------ c:\windows\hpoins27.dat
2008-11-29 11:23 . 2008-01-18 10:56 932 --------- c:\windows\hpomdl27.dat
2008-11-19 18:11 . 2008-11-19 18:16 <DIR> d-------- c:\program files\Disney Interactive
2008-11-19 18:10 . 2008-11-19 18:17 1,220 --a------ c:\windows\disney.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-05 23:56 --------- d-----w c:\program files\Google
2008-12-05 23:26 --------- d-----w c:\program files\TOSHIBA
2008-11-22 18:50 --------- d-----w c:\documents and settings\USER\Application Data\U3
2008-11-19 23:16 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 23:16 --------- d-----w c:\program files\QuickTime
2008-10-25 07:08 --------- d-----w c:\documents and settings\USER\Application Data\Yahoo!
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-08-08 00:36 0 ----a-w c:\program files\temp01
2007-07-24 03:01 1,589 ----a-w c:\program files\ALLTEL Internet Accelerator Client setup.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-03-06 356352]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-03-02 82012]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-19 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-03 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-06-01 c:\windows\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]

c:\documents and settings\USER\Start Menu\Programs\Startup\
QuickLink Mobile.lnk - c:\program files\Alltel\QuickLink Mobile\QuickLink Mobile.exe [2007-06-26 1493144]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 176128]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-03-20 155648]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BearShare\\BearShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - c:\resycled\boot.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SysDriver32 - c:\windows\sys_32.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
TCP: NameServer = 85.255.113.118;85.255.112.100
TCP: {93DC1673-FFB3-44D6-8722-5AE5C792E0A1} = 85.255.113.118;85.255.112.100

c:\windows\Downloaded Program Files\PogoWebLauncher.ocx - O16 -: {3107C2A8-9F0B-4404-A58B-21BD85268FBC}
hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB

c:\windows\Downloaded Program Files\PTGameLauncher.dll - O16 -: {EF148DBB-5B6D-4130-B2A1-661571E86260}
hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
c:\windows\Downloaded Program Files\PTGameLauncher.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 16:49:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxpqltoiqh.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(516)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-07 16:50:49
ComboFix-quarantined-files.txt 2008-12-07 21:50:47
ComboFix2.txt 2008-12-07 19:25:08

Pre-Run: 42,531,819,520 bytes free
Post-Run: 42,506,780,672 bytes free

210 --- E O F --- 2008-11-13 17:37:14


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:35:48 PM, on 12/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-4290049-839715340-908924317-1006\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User '?')
O4 - S-1-5-21-4290049-839715340-908924317-1006 Startup: QuickLink Mobile.lnk = C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe (User '?')
O4 - Startup: QuickLink Mobile.lnk = C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/Pog...rInstaller.CAB
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSC...ws-i586-jc.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/onlin...meLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{93DC1673-FFB3-44D6-8722-5AE5C792E0A1}: NameServer = 85.255.113.118;85.255.112.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.118;85.255.112.100
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.118;85.255.112.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.118;85.255.112.100
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 12217 bytes
Buddha61 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 03:41 PM   #8 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: Trying To Clean Up A Computer, Need Help
Hi ya

Please try and do a scan here

ESET Online Scanner
Please go to the following link ESET Online Scanner Link
Tick the box YES, I accept the Terms Of Use
Click the Start button
Now click the Install button
Click Start

The scanner engine will initialise and update
Do Not tick the box Remove found threats
Click the Scan button

The scan will now run, please be patient
When the scan finishes click the Details tab
Copy and paste the contents of the %ProgramFiles%\EsetOnlineScanner\log.txt back here.

Just to make sure there are no remnants

thank you
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 03:59 PM   #9 (permalink)
Registered User
 
Join Date: Jan 2005
Posts: 75
OS: Win XP


Re: Trying To Clean Up A Computer, Need Help
Is it possible that scanner is down? i am getting a cannot display the page error on 2 machines.
Buddha61 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 04:07 PM   #10 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: Trying To Clean Up A Computer, Need Help
no I could get to it okay are you using internet explorer if not try with it if tha t doesn't work try doing an online scan try this one

Perform an online scan with Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Follow the prompts to install the ActiveX controls
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.




failing that follow my instuctions below I want to make sure you are clean before I let you go I know it is a pain but we dont wnt you to get reinfected again

Download DDS and save it to your desktop.

Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
-----------------------------------------------------

Please include the following logs in your thread:
  • Contents of the DDS.txt posted as text in your reply
  • Attach the Attach.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 06:21 PM   #11 (permalink)
Registered User
 
Join Date: Jan 2005
Posts: 75
OS: Win XP


Re: Trying To Clean Up A Computer, Need Help
was able to get the trend micro to run.

here are the requested logs


DDS (Version 1.0) - NTFSx86
Run by USER at 20:17:10.56 on Sun 12/07/2008

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\quickl~1.lnk - c:\program files\alltel\quicklink mobile\QuickLink Mobile.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 85.255.113.118;85.255.112.100
TCP: {93DC1673-FFB3-44D6-8722-5AE5C792E0A1} = 85.255.113.118;85.255.112.100
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

RSPR?S?C?P?P?01234RSPR?S?C?P?P?01234

=============== Created Last 30 ================

2008-12-07 19:10 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2008-12-07 19:03 <DIR> --d----- c:\documents and settings\user\.housecall6.6
2008-12-07 19:00 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-07 17:10 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-07 16:49 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2008-12-07 16:49 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2008-12-07 16:40 <DIR> --d----- C:\fixwareout
2008-12-07 13:57 <DIR> a-dshr-- C:\cmdcons
2008-12-07 13:55 161,792 a------- c:\windows\SWREG.exe
2008-12-07 13:55 98,816 a------- c:\windows\sed.exe
2008-12-07 12:50 250 a------- c:\windows\gmer.ini
2008-12-05 16:50 <DIR> --d----- c:\program files\Lavasoft
2008-12-05 16:48 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-05 16:48 <DIR> --d----- C:\hjt
2008-12-04 23:36 27,904 a------- c:\windows\system32\drivers\Ndisprot.sys
2008-12-03 19:33 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-11-29 20:11 1,409 a------- c:\windows\QTFont.for
2008-11-29 20:11 54,156 a---h--- c:\windows\QTFont.qfn
2008-11-29 18:41 0 a------- c:\docume~1\user\applic~1\wklnhst.dat
2008-11-29 14:38 <DIR> --dsh--- c:\windows\VVNFUg
2008-11-29 12:53 <DIR> --d----- c:\docume~1\user\applic~1\Twain
2008-11-29 11:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2008-11-29 11:42 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2008-11-29 11:42 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2008-11-29 11:41 271,704 a----r-- c:\windows\system32\hpzids01.dll
2008-11-29 11:41 117,760 a------- c:\windows\system32\hpzll5mu.dll
2008-11-29 11:41 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2008-11-29 11:40 581,632 a----r-- c:\windows\system32\hpotscl6.dll
2008-11-29 11:40 372,736 a----r-- c:\windows\system32\hppldcoi.dll
2008-11-29 11:40 303,104 a----r-- c:\windows\system32\hpovst15.dll
2008-11-29 11:31 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2008-11-29 11:28 <DIR> --d----- c:\program files\common files\HP
2008-11-29 11:26 <DIR> --d----- c:\program files\HP
2008-11-29 11:23 157,428 a------- c:\windows\hpoins27.dat
2008-11-29 11:23 932 -------- c:\windows\hpomdl27.dat
2008-11-19 18:11 <DIR> --d----- c:\program files\Disney Interactive
2008-11-19 18:10 1,220 a------- c:\windows\disney.ini

==================== Find3M ====================

2008-10-24 06:10 453,632 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-09-30 19:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 06:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-08-07 19:36 0 a------- c:\program files\temp01
2007-07-23 22:01 1,589 a------- c:\program files\ALLTEL Internet Accelerator Client setup.log

============= FINISH: 20:18:04.00 ===============
Attached Files
File Type: txt Attach.txt (10.8 KB, 2 views)
Buddha61 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 06:27 PM   #12 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: Trying To Clean Up A Computer, Need Help
Hi ya

Your logs are clean :)

=================

The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u



To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.


IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
MAKING INTERNET EXPLORER SAFER


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

=================

Follow the list above and the potential for infection will reduce dramatically.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 06:40 PM   #13 (permalink)
Registered User
 
Join Date: Jan 2005
Posts: 75
OS: Win XP


Re: Trying To Clean Up A Computer, Need Help
Thanks a bunch for the help. It was a computer a friend gave me. I don't think that I will be getting it infected again :)
Buddha61 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2008, 06:44 PM   #14 (permalink)
Analyst, Security Team
 
alba's Avatar
 
Join Date: Feb 2005
Location: Eire
Posts: 2,006
OS: Vista, Ubuntu 8.04


Re: Trying To Clean Up A Computer, Need Help
Teh infections would have come from limewire annd maybe bearshare if you still wish to use them please rad the post for advice

http://www.techsupportforum.com/secu...e-sharing.html

Good luck and safe surfing
__________________


Member of UNITE

If I have helped you in anyway, please DONATE to TSF Go raibh maith agat
alba is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:05 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85