Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
I tried to do the five step process but it seems that I am unable to download certain programs. I am also unable to access my Gmail and use Google for that matter. So the panda scan is useless. Cant even download JAVA. I don't know whats wrong. The only cracked software I have was to clean up this problem. Spyware doctor and Eset NOD32.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:54 AM, on 5/23/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Vongo\VongoService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Vongo\Tray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Java\jre1.6.0\bin\javaw.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\tuvUNgFu.dll,#1
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Owner\AppData\Local\Temp\yayyWmKA.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Owner\AppData\Local\Temp\khfFYPgE.dll,#1
O4 - HKCU\..\Run: [28563021] rundll32.exe "C:\Users\Owner\AppData\Local\Temp\bqupbncq.dll",b
O4 - HKCU\..\Run: [BM2b6503bd] Rundll32.exe "C:\Users\Owner\AppData\Local\Temp\opvistdf.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5299/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11202 bytes
 

·
Registered
Joined
·
2 Posts
Discussion Starter · #2 ·
ComboFix 08-05-21.3 - Owner 05/23/2008 13:44:42.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.261 [GMT -7:00]
Running from: C:\Users\Guest\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\geBuSKBU.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.

2008-05-23 13:38 . 05/23/2008 01:38 PM <DIR> d-------- C:\Users\Guest\AppData\Roaming\Hewlett-Packard
2008-05-23 13:37 . 05/23/2008 01:37 PM <DIR> dr------- C:\Users\Guest\Searches
2008-05-23 13:36 . 05/23/2008 01:36 PM <DIR> dr------- C:\Users\Guest\Contacts
2008-05-23 13:35 . 05/23/2008 01:37 PM <DIR> dr------- C:\Users\Guest\Videos
2008-05-23 13:35 . 05/23/2008 01:37 PM <DIR> dr------- C:\Users\Guest\Saved Games
2008-05-23 13:35 . 05/23/2008 01:37 PM <DIR> dr------- C:\Users\Guest\Pictures
2008-05-23 13:35 . 05/23/2008 01:37 PM <DIR> dr------- C:\Users\Guest\Music
2008-05-23 13:35 . 05/23/2008 01:37 PM <DIR> dr------- C:\Users\Guest\Links
2008-05-23 13:35 . 05/23/2008 01:37 PM <DIR> dr------- C:\Users\Guest\Downloads
2008-05-23 13:35 . 05/23/2008 01:37 PM <DIR> dr------- C:\Users\Guest\Documents
2008-05-23 13:35 . 11/02/2006 05:37 AM <DIR> d-------- C:\Users\Guest\AppData\Roaming\Media Center Programs
2008-05-23 13:35 . 05/23/2008 01:37 PM <DIR> d--h----- C:\Users\Guest\AppData
2008-05-23 13:35 . 05/23/2008 01:37 PM <DIR> d-------- C:\Users\Guest
2008-05-23 12:14 . 05/23/2008 12:13 PM 410,976 --a------ C:\WINDOWS\System32\deploytk.dll
2008-05-23 11:54 . 05/23/2008 12:11 PM <DIR> d-------- C:\Users\Owner\.SunDownloadManager
2008-05-23 11:48 . 05/23/2008 11:48 AM <DIR> d-------- C:\ie-spyad_zo
2008-05-21 18:35 . 05/21/2008 06:35 PM <DIR> d-------- C:\Users\Owner\AppData\Roaming\WildTangent
2008-05-21 16:22 . 05/21/2008 04:22 PM <DIR> d-------- C:\WINDOWS\McAfee.com
2008-05-16 22:19 . 05/16/2008 10:30 PM 134,185 --a------ C:\WINDOWS\hpwins10.dat
2008-05-16 20:12 . 11/20/2000 03:53 PM 5,927,424 --a------ C:\WINDOWS\System32\Drs732.dll
2008-05-16 20:06 . 05/16/2008 08:06 PM <DIR> d-------- C:\Users\All Users\Xerox
2008-05-16 20:06 . 05/16/2008 08:06 PM <DIR> d-------- C:\ProgramData\Xerox
2008-05-16 19:34 . 05/16/2008 07:34 PM <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-16 19:30 . 08/17/2007 09:29 PM 118,272 --a------ C:\WINDOWS\System32\hpz3l4x6.dll
2008-05-16 19:29 . 05/16/2008 07:29 PM <DIR> d-------- C:\WINDOWS\marco
2008-05-16 19:23 . 07/10/2007 02:01 AM 1,269,760 --a------ C:\WINDOWS\hpzshl01.exe
2008-05-16 19:23 . 07/10/2007 02:01 AM 1,126,400 --a------ C:\WINDOWS\hpzmsi01.exe
2008-05-16 19:23 . 07/10/2007 01:23 AM 892,928 --a------ C:\WINDOWS\System32\hpwtiop2.dll
2008-05-16 19:23 . 07/10/2007 01:23 AM 675,840 --a------ C:\WINDOWS\System32\hpwwiax2.dll
2008-05-16 19:23 . 07/10/2007 01:23 AM 364,544 --a------ C:\WINDOWS\System32\hppldcoi.dll
2008-05-16 19:23 . 07/10/2007 01:23 AM 309,760 --a------ C:\WINDOWS\System32\difxapi.dll
2008-05-16 19:23 . 07/10/2007 01:23 AM 294,912 --a------ C:\WINDOWS\System32\hpovst11.dll
2008-05-16 19:23 . 07/10/2007 02:01 AM 258,048 --a------ C:\WINDOWS\System32\hpzids01.dll
2008-05-16 19:23 . 09/17/2007 01:48 AM 10,385 --a------ C:\WINDOWS\hpwscr10.dat
2008-05-16 19:23 . 09/17/2007 01:45 AM 1,042 --a------ C:\WINDOWS\hpwmdl10.dat
2008-05-16 14:44 . 03/03/2008 02:25 PM 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-05-16 14:43 . 05/16/2008 02:43 PM <DIR> d-------- C:\Users\Owner\AppData\Roaming\ESET
2008-05-16 14:38 . 05/16/2008 02:38 PM <DIR> d-------- C:\Users\All Users\ESET
2008-05-16 14:38 . 05/16/2008 02:38 PM <DIR> d-------- C:\ProgramData\ESET
2008-05-16 14:16 . 05/16/2008 02:16 PM 56,320 --a------ C:\WINDOWS\System32\xxyxWPih.dll
2008-05-16 14:09 . 05/16/2008 02:09 PM 56,320 --a------ C:\WINDOWS\System32\hgGaaBsQ.dll
2008-05-16 14:07 . 05/16/2008 02:07 PM 56,320 --a------ C:\WINDOWS\System32\tuvUNgFu.dll
2008-05-16 13:15 . 05/23/2008 01:29 PM <DIR> d-a------ C:\Users\All Users\TEMP
2008-05-16 13:15 . 05/23/2008 01:29 PM <DIR> d-a------ C:\ProgramData\TEMP
2008-05-15 10:37 . 05/16/2008 02:55 PM <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-15 10:37 . 05/16/2008 02:55 PM <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-14 16:39 . 05/14/2008 04:39 PM <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-14 16:12 . 05/14/2008 04:12 PM <DIR> d-------- C:\WINDOWS\PCHEALTH
2008-05-14 16:12 . 05/14/2008 04:12 PM <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-14 16:08 . 05/14/2008 04:08 PM <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-05-14 16:03 . 05/14/2008 04:03 PM <DIR> dr-h----- C:\MSOCache
2008-05-14 11:30 . 05/14/2008 11:30 AM <DIR> d-------- C:\Program Files\DiskTrix
2008-05-13 19:46 . 05/13/2008 07:46 PM <DIR> d-------- C:\Users\Owner\AppData\Roaming\.BitTornado
2008-05-13 19:46 . 05/13/2008 07:46 PM <DIR> d-------- C:\Program Files\BitTornado

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 19:30 --------- d-----w C:\Program Files\Java
2008-05-23 08:11 --------- d-----w C:\Users\Owner\AppData\Roaming\Move Networks
2008-05-22 20:58 35,291 ----a-w C:\Users\Owner\AppData\Roaming\nvModes.dat
2008-05-22 01:46 --------- d-----w C:\Program Files\HP Games
2008-05-22 01:37 --------- d-----w C:\ProgramData\WildTangent
2008-05-22 01:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-22 01:34 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-05-17 02:33 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-05-17 02:29 --------- d-----w C:\Program Files\Hp
2008-05-16 21:59 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-16 21:46 --------- d-----w C:\ProgramData\Symantec
2008-05-16 21:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-16 21:35 --------- d-----w C:\Program Files\Symantec
2008-05-15 17:28 --------- d-----w C:\Users\Owner\AppData\Roaming\Hewlett-Packard
2008-05-15 17:15 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 23:25 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 23:15 --------- d-----w C:\Program Files\Microsoft Works
2008-05-14 23:14 --------- d-----w C:\Program Files\MSBuild
2008-04-10 19:54 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-03-21 17:45 174 --sha-w C:\Program Files\desktop.ini
2008-03-21 10:02 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-03-21 10:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-15 10:02 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-15 10:02 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-13 10:19 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-03-13 10:19 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-03-13 10:19 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-03-13 10:18 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-13 10:18 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-13 10:18 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-13 10:18 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-13 10:18 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-13 10:18 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-13 10:18 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-13 10:18 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-13 10:18 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-13 10:17 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-13 10:16 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-03-13 10:16 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-03-13 10:16 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-03-13 10:16 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-03-13 10:16 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-03-13 10:16 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-03-13 10:16 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-03-13 10:15 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-03-13 10:15 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-03-13 10:15 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-03-13 10:15 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-03-13 10:15 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-03-13 10:15 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-03-13 10:15 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-03-13 10:15 12,800 ----a-w C:\Windows\System32\batt.dll
2008-03-13 10:15 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-03-13 10:15 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-03-13 10:13 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-13 10:12 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-13 10:12 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-13 10:12 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-13 10:12 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-13 10:12 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-13 10:12 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-13 10:12 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-13 10:12 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-13 10:12 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-13 10:12 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-13 10:11 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-13 10:11 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-13 10:10 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-13 10:10 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-13 10:09 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-13 10:09 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-13 10:09 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-13 10:09 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-13 10:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-13 10:08 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-03-13 10:08 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-03-13 10:08 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-03-13 10:08 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-03-13 10:08 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-03-13 10:08 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-03-13 10:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-03-13 10:08 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-03-13 10:08 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-03-13 10:08 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-03-13 10:08 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-03-13 10:07 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-03-13 10:07 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-03-13 10:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-13 10:07 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-13 10:07 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-13 10:07 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-03-13 10:07 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-13 10:07 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-03-13 10:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-13 10:07 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-13 10:07 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-03-13 10:06 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-03-13 10:05 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-03-13 10:05 5,120 ----a-w C:\Windows\System32\wmi.dll
2008-03-13 10:05 152,576 ----a-w C:\Windows\System32\imagehlp.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
05/23/2008 12:13 PM 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
05/23/2008 12:13 PM 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [03/13/2008 03:06 AM 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [11/02/2006 05:34 AM 2159104 C:\WINDOWS\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [03/20/2007 03:23 PM 1773568]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 05:35 AM 125440]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #0"="C:\WINDOWS\ehome\ehtray.exe" [11/02/2006 05:35 AM 125440]
"Application Restart #1"="C:\Program Files\Windows Defender\MSASCui.exe" [03/13/2008 03:14 AM 1006264]
"Application Restart #2"="C:\Program Files\Windows Sidebar\sidebar.exe" [03/13/2008 03:06 AM 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [02/28/2007 11:26 AM 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [02/28/2007 11:26 AM 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [02/28/2007 11:26 AM 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/12/2007 08:36 PM 827392]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/16/2005 11:11 PM 49152]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [03/28/2007 05:45 PM 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [02/13/2007 11:38 AM 159744]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 01:18 PM 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [01/10/2007 04:12 PM 317128]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [09/12/2007 06:27 PM 492912]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM 583048]
"MSServer"="C:\Windows\system32\tuvUNgFu.dll" [05/16/2008 02:07 PM 56320]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [05/23/2008 12:13 PM 136600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-04-20 01:22:40 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2AA0726C-95B7-4216-AA43-B5BDD524892F}"= C:\Windows\system32\geBuSKBU.dll [ ]
"{E23136A1-1AC4-4D1B-926F-5D537CFFF359}"= C:\Windows\system32\tuvUNgFu.dll [05/16/2008 02:07 PM 56320]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{27C7DD8C-DE25-44E2-AFAA-3C39BAD6D94A}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{62AE469B-FC3E-482F-88B9-DE6101EC1741}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{9850DBF2-A867-47A6-A467-A34444477A47}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E1094CCC-9147-4145-A6B1-12D5ADA16576}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A522C3AB-2467-4115-9D41-4CC97790C5ED}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4F0C39B0-4C88-4C96-AC2C-4F245039729B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{96D26B41-9B01-475C-9A9C-EB2F8D437737}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{284BF33D-7530-40CE-96AD-B622CE1FB05B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{465F4490-879A-430E-AD8E-248B8B222C78}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{575901B8-2962-4542-9F90-63CA5F23D364}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BB8543BF-9672-4325-9F99-50833DA67BB1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CAC7C6B7-21E8-4410-9E4F-5AE4740B4430}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1D0309F9-91DF-47C7-9F8F-5CAC0B9D6F03}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [08/05/2006 02:39 AM]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [02/16/2007 01:50 AM]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [01/03/2007 08:43 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 01:21:29 C:\Windows\Tasks\HPCeeScheduleForOwner.job"
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 13:47:36
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 05/23/2008 13:48:46
ComboFix-quarantined-files.txt 2008-05-23 20:48:43

Pre-Run: 116,220,977,152 bytes free
Post-Run: 116,823,740,416 bytes free

278 --- E O F --- 2008-05-23 18:21:45
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top