Hijack Log

S

speedaccordinly

New Member
hey everyone, I got a nasty one here. My aunts pc is infected with spyware,viruses, popup ads, sluggishness. please check the attached log and let me know what I can do to fix this. thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:46 PM, on 1/22/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\HPQ\One-Touch\OneTouch .EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr .exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\QuickTime\qttask .exe
C:\PROGRA~1\COMMON~1\uuqr\uuqrm.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\PROGRA~1\COMMON~1\uuqr\uuqrm .exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\DOCUME~1\Sue\MYDOCU~1\APPATC~1\iexplore.exe
C:\DOCUME~1\Sue\MYDOCU~1\APPATC~1\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
F3 - REG:win.ini: load=C:\WINDOWS\System32\wvwtr.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Aaou] "C:\DOCUME~1\Sue\MYDOCU~1\APPATC~1\iexplore.exe" -vt yazb
O4 - HKCU\..\Run: [uuqr] C:\PROGRA~1\COMMON~1\uuqr\uuqrm .exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8351 bytes
 
Looks like a Vundo infection.

1. Please download this file - ComboFix to your desktop
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply together with a new HijackThis log.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall
 
Here you go. Thanks bud.

ComboFix 08-01-28.2 - Sue 2008-01-28 13:19:18.1 - NTFSx86
Running from: C:\Documents and Settings\Sue\Local Settings\Temporary Internet Files\Content.IE5\1XGYZPOP\ComboFix[1].exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\wvurqrq.dll
C:\Cpqs\Scom\srmclean.exe
C:\DOCUME~1\Sue\MYDOCU~1\APPATC~1\iexplore.exe
C:\Documents and Settings\Sue\My Documents\APPATC~1
C:\Documents and Settings\Sue\My Documents\APPATC~1\A?pPatch\
C:\Documents and Settings\Sue\My Documents\APPATC~1\iexplore .exe
C:\Documents and Settings\Sue\My Documents\APPATC~1\iexplore.exe
c:\hp\drivers\printers\photosmart\hphprld.exe
C:\PROGRA~1\COMMON~1\uuqr\uuqrm .exe
C:\PROGRA~1\SYMNET~1\SNDMon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\uuqr
C:\Program Files\Common Files\uuqr\uuqra.lck
C:\Program Files\Common Files\uuqr\uuqrd\class-barrel
C:\Program Files\Common Files\uuqr\uuqrd\vocabulary
C:\Program Files\Common Files\uuqr\uuqrh
C:\Program Files\Common Files\uuqr\uuqrl.lck
C:\Program Files\Common Files\uuqr\uuqrm .exe
C:\Program Files\Common Files\uuqr\uuqrm.exe
C:\Program Files\Common Files\uuqr\uuqrm.lck
C:\Program Files\HPQ\Default Settings\cpqset.exe
C:\Program Files\HPQ\Notebook Utilities\hptasks.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\RCX50.tmp
C:\WINDOWS\system32\RCX56.tmp
C:\WINDOWS\system32\rtwvw.ini
C:\WINDOWS\system32\rtwvw.ini2
C:\WINDOWS\system32\wvurqrq.dll
C:\WINDOWS\system32\wvwtr.dll
C:\WINDOWS\system32\wvwtr.exe
C:\WINDOWS\system32\z1
C:\WINDOWS\uuqr
C:\WINDOWS\uuqr\uuqr.dat
C:\WINDOWS\uuqr\wu

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\core


((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.

2008-01-28 12:07 . 2008-01-28 12:54 441 --a------ C:\WINDOWS\wininit.ini
2008-01-22 21:49 . 2008-01-22 21:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 21:41 . 2008-01-28 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 23:13 . 2008-01-16 23:13 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-16 23:13 . 2008-01-16 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-16 23:12 . 2008-01-16 23:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-16 21:59 . 2008-01-16 22:01 <DIR> d-------- C:\Program Files\CCleaner
2008-01-06 19:03 . 2008-01-06 19:03 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-06 18:53 . 2008-01-22 22:30 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-06 18:53 . 2005-02-24 22:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-06 18:51 . 2004-07-01 17:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-01-06 18:51 . 2004-06-30 18:59 158,720 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-01-06 18:51 . 2004-07-01 17:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-01-06 18:51 . 2004-07-01 17:08 7,680 --a------ C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-01-06 18:51 . 2004-07-01 17:08 7,680 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-01-06 18:51 . 2004-07-01 17:08 7,168 --a------ C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-01-06 18:51 . 2004-07-01 17:08 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-12-31 21:14 . 2008-01-16 23:01 386,048 --a------ C:\WINDOWS\mrofinu1000106.exe.tmp
2007-12-31 21:13 . 2008-01-17 15:47 <DIR> d--hs---- C:\WINDOWS\U3Vl
2007-12-31 21:13 . 2007-12-31 21:13 <DIR> d-------- C:\WINDOWS\system32\mr9
2007-12-31 21:13 . 2007-12-31 21:13 <DIR> d-------- C:\WINDOWS\system32\ardCo01
2007-12-31 21:13 . 2007-12-31 21:13 <DIR> d-------- C:\WINDOWS\system32\aj2
2007-12-31 21:13 . 2007-12-31 21:13 <DIR> d-------- C:\Temp\cEeer12
2007-12-31 21:13 . 2008-01-28 13:28 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 18:28 --------- d-----w C:\Program Files\SymNetDrv
2008-01-28 18:28 --------- d-----w C:\Program Files\QuickTime
2008-01-28 18:28 --------- d-----w C:\Program Files\Lexmark X6100 Series
2008-01-28 18:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-28 18:17 --------- d-----w C:\Documents and Settings\Sue\Application Data\LimeWire
2008-01-18 02:39 --------- d-----w C:\Program Files\iTunes
2008-01-18 02:39 --------- d-----w C:\Program Files\HOTALBUMMyBOX
2008-01-18 02:38 --------- d-----w C:\Program Files\Chikka
2008-01-17 04:03 145,408 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
2007-12-13 01:00 --------- d-----w C:\Program Files\KODAK
2007-12-13 00:42 15,172 ----a-w C:\WINDOWS\system32\drivers\PzWDM.sys
2007-12-13 00:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 00:42 --------- d-----w C:\Program Files\CASIO
2003-01-01 11:20 32 --sha-w C:\WINDOWS\{B6494CBC-B5A3-4AD6-8807-7EDA073C920F}.dat
2003-01-01 11:20 32 --sha-w C:\WINDOWS\system32\{1A46D2AF-AD00-409A-ABA7-17F2E5A8653C}.dat
2005-07-29 21:24 472 --sha-r C:\WINDOWS\U3Vl\oap5.vbs
.
Code: 
<pre>
----a-w            36,864 2008-01-28 17:57:02  C:\cpqs\scom\srmclean .exe
----a-w            36,864 2008-01-28 17:57:01  C:\hp\drivers\printers\photosmart\hphprld .exe
----a-w           290,816 2008-01-28 17:56:59  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w         1,650,688 2008-01-18 02:41:00  C:\Program Files\Chikka\Chikka .exe
----a-w            54,296 2008-01-28 17:57:29  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w            58,392 2008-01-28 17:57:28  C:\Program Files\Common Files\Symantec Shared\ccRegVfy .exe
----a-w           218,240 2008-01-28 17:57:44  C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt .exe
----a-w           787,096 2008-01-18 02:40:18  C:\Program Files\HOTALBUMMyBOX\MBBalloon .exe
----a-w           180,316 2008-01-28 17:56:57  C:\Program Files\HPQ\Default Settings\cpqset .exe
----a-w            45,056 2008-01-28 17:57:05  C:\Program Files\HPQ\Notebook Utilities\hptasks .exe
----a-w           282,624 2008-01-18 02:39:33  C:\Program Files\HPQ\Notebook Utilities\TvNow .exe
----a-w           102,400 2008-01-28 17:57:10  C:\Program Files\HPQ\One-Touch\OneTouch .EXE
----a-w           256,576 2008-01-18 02:40:06  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           132,496 2008-01-28 17:57:50  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w            57,344 2008-01-28 17:57:38  C:\Program Files\Lexmark X6100 Series\lxbfbmgr .exe
----a-w         1,670,144 2008-01-28 17:58:04  C:\Program Files\Messenger\msmsgs .exe
----a-w           143,360 2008-01-28 17:57:03  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe
----a-w           657,920 2008-01-28 17:11:22  C:\Program Files\QuickTime\qttask              .exe
----a-w           657,920 2008-01-23 02:34:40  C:\Program Files\QuickTime\qttask             .exe
----a-w           657,920 2008-01-18 03:34:20  C:\Program Files\QuickTime\qttask            .exe
----a-w           657,920 2008-01-18 02:39:13  C:\Program Files\QuickTime\qttask           .exe
----a-w           657,920 2008-01-17 20:49:10  C:\Program Files\QuickTime\qttask          .exe
----a-w           657,920 2008-01-17 04:01:18  C:\Program Files\QuickTime\qttask         .exe
----a-w           657,920 2008-01-17 02:35:45  C:\Program Files\QuickTime\qttask        .exe
----a-w           657,920 2008-01-13 12:45:05  C:\Program Files\QuickTime\qttask       .exe
----a-w           657,920 2008-01-13 02:08:43  C:\Program Files\QuickTime\qttask      .exe
----a-w           657,920 2008-01-11 01:18:19  C:\Program Files\QuickTime\qttask     .exe
----a-w           657,920 2008-01-09 18:08:29  C:\Program Files\QuickTime\qttask    .exe
----a-w           657,920 2008-01-07 02:54:03  C:\Program Files\QuickTime\qttask   .exe
----a-w           657,920 2008-01-06 23:25:04  C:\Program Files\QuickTime\qttask  .exe
----a-w           657,920 2008-01-04 02:13:51  C:\Program Files\QuickTime\qttask .exe
----a-w            26,112 2008-01-18 02:39:57  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w           684,032 2008-01-28 17:57:39  C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
----a-w         1,460,560 2008-01-28 17:57:57  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w           100,056 2008-01-28 17:57:41  C:\Program Files\SymNetDrv\SNDMon .exe
----a-w           634,880 2008-01-28 17:57:21  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w           110,592 2008-01-28 17:57:15  C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w         2,502,656 2008-01-18 02:41:00  C:\Program Files\Yahoo!\Messenger\ypager .exe
----a-w           145,408 2008-01-17 04:03:56  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB3A8CA4-FD2A-4A75-A2B3-F251DCC19A03}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aaou"="C:\DOCUME~1\Sue\MYDOCU~1\APPATC~1\iexplore.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-06-11 16:14 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"CARPService"="carpserv.exe" [2003-04-14 20:00 4608 C:\WINDOWS\system32\carpserv.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [ ]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [ ]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [ ]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [ ]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [ ]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [ ]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [ ]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\System32\wvwtr

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk
backup=C:\WINDOWS\pss\Digimax Viewer 2.1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MediaChecker.lnk
backup=C:\WINDOWS\pss\MediaChecker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sue^Start Menu^Programs^Startup^Scrabble Online Registration.lnk]
path=C:\Documents and Settings\Sue\Start Menu\Programs\Startup\Scrabble Online Registration.lnk
backup=C:\WINDOWS\pss\Scrabble Online Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChikkaIM]
--a------ 2008-01-17 21:38 1999872 C:\PROGRA~1\Chikka\Chikka.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-17 21:39 696320 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
--a------ 2008-01-17 21:39 1137152 C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-17 21:39 384512 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Now]
--a------ 2008-01-17 21:38 651776 C:\Program Files\HPQ\Notebook Utilities\TvNow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-01-17 21:38 2877440 C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WmdmPmSp"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"ClipSrv"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Browser"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

R0 PzWDM;PzWDM;C:\WINDOWS\System32\Drivers\PzWDM.sys [2007-12-12 19:42]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\System32\drivers\caliaud.sys [2002-11-05 10:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\System32\drivers\calihal.sys [2002-11-05 10:04]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\System32\DRIVERS\DP83815.SYS [2002-08-28 19:00]
S3 jbridgep;jbridgep;C:\DOCUME~1\Sue\LOCALS~1\Temp\jbridgep.sys []

.
Contents of the 'Scheduled Tasks' folder
"2007-02-05 00:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-28 17:05:58 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2003-09-15 23:58:44 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 13:32:49
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\carpserv.exe
.
**************************************************************************
.
Completion time: 2008-01-28 13:39:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-28 18:39:02
.
2008-01-23 02:44:03 --- E O F ---
 
  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\Program Files\QuickTime\qttask              .exe
C:\Program Files\QuickTime\qttask             .exe
C:\Program Files\QuickTime\qttask            .exe
C:\Program Files\QuickTime\qttask           .exe
C:\Program Files\QuickTime\qttask          .exe
C:\Program Files\QuickTime\qttask         .exe
C:\Program Files\QuickTime\qttask        .exe
C:\Program Files\QuickTime\qttask       .exe
C:\Program Files\QuickTime\qttask      .exe
C:\Program Files\QuickTime\qttask     .exe
C:\Program Files\QuickTime\qttask    .exe
C:\Program Files\QuickTime\qttask   .exe
C:\Program Files\QuickTime\qttask  .exe

Folder::
C:\WINDOWS\U3Vl
C:\WINDOWS\system32\mr9
C:\WINDOWS\system32\ardCo01
C:\WINDOWS\system32\aj2
C:\Temp

RenV::
C:\cpqs\scom\srmclean .exe
C:\hp\drivers\printers\photosmart\hphprld .exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
C:\Program Files\Chikka\Chikka .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy .exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt .exe
C:\Program Files\HOTALBUMMyBOX\MBBalloon .exe
C:\Program Files\HPQ\Default Settings\cpqset .exe
C:\Program Files\HPQ\Notebook Utilities\hptasks .exe
C:\Program Files\HPQ\Notebook Utilities\TvNow .exe
C:\Program Files\HPQ\One-Touch\OneTouch .EXE
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\SymNetDrv\SNDMon .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
C:\Program Files\Yahoo!\Messenger\ypager .exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB3A8CA4-FD2A-4A75-A2B3-F251DCC19A03}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aaou"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScript.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

Please post
  • The ComboFix log
  • A new HijackThis log
 
ComboFix 08-01-29.3 - Sue 2008-01-29 16:30:46.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.237 [GMT -5:00]
Running from: C:\Documents and Settings\Sue\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sue\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Temp
C:\Temp\cEeer12\skAt.log
C:\WINDOWS\system32\aj2
C:\WINDOWS\system32\aj2\bumebrpl5.exe
C:\WINDOWS\system32\ardCo01
C:\WINDOWS\system32\ardCo01\ardCo011065.exe
C:\WINDOWS\system32\mr9
C:\WINDOWS\system32\mr9\gyreo83122.exe
C:\WINDOWS\U3Vl
C:\WINDOWS\U3Vl\oap5.vbs

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-28 14:38 . 2004-03-29 20:48 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2008-01-28 14:38 . 2004-03-10 12:59 593,408 --------- C:\WINDOWS\system32\dllcache\xpsp2res.dll
2008-01-28 14:38 . 2004-03-29 20:48 548,352 --a------ C:\WINDOWS\system32\rtcdll.dll
2008-01-28 14:38 . 2004-03-29 20:48 439,808 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-01-28 14:38 . 2006-07-14 10:53 307,200 --a------ C:\WINDOWS\system32\dllcache\netapi32.dll
2008-01-28 14:38 . 2004-03-29 20:48 253,440 --a------ C:\WINDOWS\system32\h323.tsp
2008-01-28 14:38 . 2004-03-29 20:48 40,960 --------- C:\WINDOWS\system32\dllcache\evtgprov.dll
2008-01-28 14:38 . 2004-01-10 00:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-01-28 14:23 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-01-28 14:23 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-01-28 14:23 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-01-28 14:23 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-01-28 14:23 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-01-28 14:23 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-01-28 14:08 . 2008-01-28 14:45 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-28 12:07 . 2008-01-28 12:54 441 --a------ C:\WINDOWS\wininit.ini
2008-01-22 22:01 . 2005-10-20 17:33 991,232 --a------ C:\WINDOWS\system32\esent.dll
2008-01-22 21:49 . 2008-01-22 21:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 21:41 . 2008-01-28 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 23:13 . 2008-01-16 23:13 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-16 23:13 . 2008-01-16 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-16 23:12 . 2008-01-16 23:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-16 23:03 . 2008-01-16 23:03 145,408 --a------ C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-16 21:59 . 2008-01-16 22:01 <DIR> d-------- C:\Program Files\CCleaner
2008-01-06 19:03 . 2008-01-06 19:03 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-06 18:53 . 2008-01-28 14:27 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-06 18:53 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-06 18:51 . 2004-07-01 17:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-01-06 18:51 . 2004-07-01 17:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-01-06 18:51 . 2004-07-01 17:08 7,680 --a------ C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-01-06 18:51 . 2004-07-01 17:08 7,680 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-01-06 18:51 . 2004-07-01 17:08 7,168 --a------ C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-01-06 18:51 . 2004-07-01 17:08 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-12-31 21:14 . 2008-01-16 23:01 386,048 --a------ C:\WINDOWS\mrofinu1000106.exe.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 21:33 --------- d-----w C:\Program Files\QuickTime
2008-01-29 21:30 --------- d-----w C:\Program Files\SymNetDrv
2008-01-29 21:30 --------- d-----w C:\Program Files\Lexmark X6100 Series
2008-01-29 21:30 --------- d-----w C:\Program Files\iTunes
2008-01-29 21:30 --------- d-----w C:\Program Files\HOTALBUMMyBOX
2008-01-29 21:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-29 21:30 --------- d-----w C:\Program Files\Chikka
2008-01-28 19:07 --------- d-----w C:\Documents and Settings\Sue\Application Data\LimeWire
2007-12-13 01:00 --------- d-----w C:\Program Files\KODAK
2007-12-13 00:42 15,172 ----a-w C:\WINDOWS\system32\drivers\PzWDM.sys
2007-12-13 00:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 00:42 --------- d-----w C:\Program Files\CASIO
2003-01-01 11:20 32 --sha-w C:\WINDOWS\{B6494CBC-B5A3-4AD6-8807-7EDA073C920F}.dat
2003-01-01 11:20 32 --sha-w C:\WINDOWS\system32\{1A46D2AF-AD00-409A-ABA7-17F2E5A8653C}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB3A8CA4-FD2A-4A75-A2B3-F251DCC19A03}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E973AB2E-8DD3-4A8E-8837-622E930E3CAB}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:57 1460560]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2008-01-28 12:58 1670144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-06-11 16:14 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"CARPService"="carpserv.exe" [2003-05-21 15:35 4608 C:\WINDOWS\system32\carpserv.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2008-01-28 12:56 180316]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-28 12:56 290816]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2008-01-28 12:57 36864]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2008-01-28 12:57 36864]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2008-01-28 12:57 143360]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2008-01-28 12:57 45056]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2008-01-28 12:57 102400]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2008-01-28 12:57 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-28 12:57 634880]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-28 12:57 54296]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2008-01-28 12:57 58392]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2008-01-28 12:57 684032]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [2008-01-28 12:57 57344]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-01-28 12:57 100056]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2008-01-28 12:57 218240]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-28 12:57 132496]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk
backup=C:\WINDOWS\pss\Digimax Viewer 2.1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MediaChecker.lnk
backup=C:\WINDOWS\pss\MediaChecker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sue^Start Menu^Programs^Startup^Scrabble Online Registration.lnk]
path=C:\Documents and Settings\Sue\Start Menu\Programs\Startup\Scrabble Online Registration.lnk
backup=C:\WINDOWS\pss\Scrabble Online Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChikkaIM]
--a------ 2008-01-17 21:41 1650688 C:\PROGRA~1\Chikka\Chikka.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-17 21:40 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
--a------ 2008-01-17 21:40 787096 C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-01-28 12:58 1670144 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-17 21:39 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Now]
--a------ 2008-01-17 21:39 282624 C:\Program Files\HPQ\Notebook Utilities\TvNow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-01-17 21:41 2502656 C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WmdmPmSp"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"ClipSrv"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Browser"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)

R0 PzWDM;PzWDM;C:\WINDOWS\System32\Drivers\PzWDM.sys [2007-12-12 19:42]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\System32\drivers\caliaud.sys [2002-11-05 10:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\System32\drivers\calihal.sys [2002-11-05 10:04]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\System32\DRIVERS\DP83815.SYS [2002-08-28 19:00]
S3 jbridgep;jbridgep;C:\DOCUME~1\Sue\LOCALS~1\Temp\jbridgep.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 18:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-28 17:05:58 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2003-09-15 23:58:44 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 16:36:08
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A?p?????????? ??3B?????????????T?B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\MSMSGS.EXE
.
**************************************************************************
.
Completion time: 2008-01-29 16:40:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-29 21:40:23
ComboFix2.txt 2008-01-28 18:39:06
.
2008-01-28 19:46:09 --- E O F ---




HIJACK LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:58 PM, on 1/29/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8068 bytes
 
Making progress, a little more to do:

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries:

  • [*]O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
    [*]O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    [*]O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    [*]O15 - Trusted Zone: *.amaena.com
    [*]O15 - Trusted Zone: *.avsystemcare.com
    [*]O15 - Trusted Zone: *.gomyhit.com
    [*]O15 - Trusted Zone: *.imagesrvr.com
    [*]O15 - Trusted Zone: *.onerateld.com
    [*]O15 - Trusted Zone: *.safetydownload.com
    [*]O15 - Trusted Zone: *.storageguardsoft.com
    [*]O15 - Trusted Zone: *.trustedantivirus.com
    [*]O15 - Trusted Zone: *.virusschlacht.com
    [*]O15 - Trusted Zone: *.amaena.com (HKLM)
    [*]O15 - Trusted Zone: *.avsystemcare.com (HKLM)
    [*]O15 - Trusted Zone: *.gomyhit.com (HKLM)
    [*]O15 - Trusted Zone: *.imageservr.com (HKLM)
    [*]O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    [*]O15 - Trusted Zone: *.onerateld.com (HKLM)
    [*]O15 - Trusted Zone: *.safetydownload.com (HKLM)
    [*]O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
    [*]O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
    [*]O15 - Trusted Zone: *.virusschlacht.com (HKLM)
    [*]O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
Please close all open windows except for HijackThis and choose Fix checked

Once done, please do the following:
  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\WINDOWS\imsins.BAK
C:\WINDOWS\mrofinu1000106.exe.tmp

Registry:
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB3A8CA4-FD2A-4A75-A2B3-F251DCC19A03}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E973AB2E-8DD3-4A8E-8837-622E930E3CAB}]

Driver::
jbridgep
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScript.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log.
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

Please post
  • The ComboFix log
  • A new HijackThis log
  • An update on how your system is running now
 
ComboFix 08-01-29.3 - Sue 2008-01-30 16:59:27.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.169 [GMT -5:00]
Running from: C:\Documents and Settings\Sue\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sue\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\imsins.BAK
C:\WINDOWS\mrofinu1000106.exe.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\imsins.BAK
C:\WINDOWS\mrofinu1000106.exe.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_JBRIDGEP
-------\jbridgep


((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.

2008-01-29 21:46 . 2008-01-29 21:46 2,694 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-29 21:39 . 2008-01-30 15:59 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-01-29 21:39 . 2004-08-04 02:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-29 21:37 . 2008-01-29 21:37 <DIR> d-------- C:\WINDOWS\provisioning
2008-01-29 21:37 . 2008-01-29 21:37 <DIR> d-------- C:\WINDOWS\peernet
2008-01-29 21:32 . 2008-01-29 21:32 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-01-29 21:20 . 2008-01-29 21:20 <DIR> d-------- C:\WINDOWS\EHome
2008-01-29 21:08 . 2008-01-29 21:08 <DIR> d-------- C:\Program Files\Avira
2008-01-29 21:08 . 2008-01-29 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-29 17:08 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-01-29 17:08 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-01-29 17:08 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-01-29 17:08 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-01-28 14:38 . 2004-08-04 02:56 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2008-01-28 14:38 . 2004-08-04 02:56 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2008-01-28 14:38 . 2004-08-04 02:56 265,728 --a------ C:\WINDOWS\system32\h323.tsp
2008-01-28 14:38 . 2004-03-29 20:48 40,960 --------- C:\WINDOWS\system32\dllcache\evtgprov.dll
2008-01-28 14:38 . 2004-01-10 00:11 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2008-01-28 14:23 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2008-01-28 14:23 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll
2008-01-28 14:23 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-01-28 14:23 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-01-28 14:23 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-01-28 14:23 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-01-28 12:07 . 2008-01-28 12:54 441 --a------ C:\WINDOWS\wininit.ini
2008-01-22 22:01 . 2005-10-20 17:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-01-22 21:49 . 2008-01-22 21:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 21:41 . 2008-01-28 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 23:13 . 2008-01-16 23:13 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-16 23:13 . 2008-01-16 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-16 23:12 . 2008-01-16 23:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-16 21:59 . 2008-01-16 22:01 <DIR> d-------- C:\Program Files\CCleaner
2008-01-06 19:03 . 2008-01-06 19:03 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-06 18:53 . 2008-01-28 14:27 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-06 18:53 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-06 18:51 . 2004-08-04 02:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-01-06 18:51 . 2004-08-04 02:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-01-06 18:51 . 2004-08-04 02:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-01-06 18:51 . 2004-08-04 02:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-12-12 20:00 . 2007-12-12 20:00 <DIR> d-------- C:\Program Files\KODAK
2007-12-12 19:42 . 2007-12-12 19:42 <DIR> d-------- C:\Program Files\CASIO
2007-12-12 19:42 . 2003-10-02 00:00 413,696 --a------ C:\WINDOWS\system32\PICSDK.dll
2007-12-12 19:42 . 2002-11-01 00:00 114,688 --a------ C:\WINDOWS\system32\EpPicPrt.dll
2007-12-12 19:42 . 2003-10-02 00:00 91,923 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2007-12-12 19:42 . 2003-10-02 00:00 76,956 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2007-12-12 19:42 . 2002-11-01 00:00 65,536 --a------ C:\WINDOWS\system32\EPPicMgr.dll
2007-12-12 19:42 . 2003-10-02 00:00 39,121 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2007-12-12 19:42 . 2003-10-02 00:01 27,965 --a------ C:\WINDOWS\system32\EPPICPresetData_JP.dat
2007-12-12 19:42 . 2003-10-02 00:00 15,822 --a------ C:\WINDOWS\system32\EPPICLocal_JP.cfg
2007-12-12 19:42 . 2007-12-12 19:42 15,172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys
2007-12-12 19:42 . 2003-10-02 00:00 14,482 --a------ C:\WINDOWS\system32\EPPICLocal_EN.cfg
2007-12-12 19:40 . 2008-01-29 16:30 <DIR> d-------- C:\Program Files\HOTALBUMMyBOX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 21:33 --------- d-----w C:\Program Files\QuickTime
2008-01-29 21:30 --------- d-----w C:\Program Files\SymNetDrv
2008-01-29 21:30 --------- d-----w C:\Program Files\Lexmark X6100 Series
2008-01-29 21:30 --------- d-----w C:\Program Files\iTunes
2008-01-29 21:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-29 21:30 --------- d-----w C:\Program Files\Chikka
2008-01-28 19:07 --------- d-----w C:\Documents and Settings\Sue\Application Data\LimeWire
2007-12-13 00:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2003-01-01 11:20 32 --sha-w C:\WINDOWS\{B6494CBC-B5A3-4AD6-8807-7EDA073C920F}.dat
2003-01-01 11:20 32 --sha-w C:\WINDOWS\system32\{1A46D2AF-AD00-409A-ABA7-17F2E5A8653C}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:57 1460560]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-08-04 02:56 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-06-11 16:14 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"CARPService"="carpserv.exe" [2003-05-21 15:35 4608 C:\WINDOWS\system32\carpserv.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2008-01-28 12:56 180316]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-28 12:56 290816]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2008-01-28 12:57 36864]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2008-01-28 12:57 36864]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2008-01-28 12:57 143360]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2008-01-28 12:57 45056]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2008-01-28 12:57 102400]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2008-01-28 12:57 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-28 12:57 634880]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-28 12:57 54296]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2008-01-28 12:57 58392]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2008-01-28 12:57 684032]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [2008-01-28 12:57 57344]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-01-28 12:57 100056]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-28 12:57 132496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digimax Viewer 2.1.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk
backup=C:\WINDOWS\pss\Digimax Viewer 2.1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MediaChecker.lnk
backup=C:\WINDOWS\pss\MediaChecker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sue^Start Menu^Programs^Startup^Scrabble Online Registration.lnk]
path=C:\Documents and Settings\Sue\Start Menu\Programs\Startup\Scrabble Online Registration.lnk
backup=C:\WINDOWS\pss\Scrabble Online Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChikkaIM]
--a------ 2008-01-17 21:41 1650688 C:\PROGRA~1\Chikka\Chikka.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-17 21:40 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
--a------ 2008-01-17 21:40 787096 C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 02:56 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-17 21:39 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Now]
--a------ 2008-01-17 21:39 282624 C:\Program Files\HPQ\Notebook Utilities\TvNow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2008-01-17 21:41 2502656 C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WmdmPmSp"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"ClipSrv"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Browser"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)
"SNDSrvc"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2007-12-12 19:42]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 10:04]
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 10:04]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2002-08-28 19:00]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 18:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-28 17:05:58 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2003-09-15 23:58:44 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 17:06:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????3?9?8?8??`???? ??3B?????????????T?B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-01-30 17:10:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-30 22:10:26
ComboFix2.txt 2008-01-29 21:40:31
ComboFix3.txt 2008-01-28 18:39:06
.
2008-01-30 03:46:07 --- E O F ---
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:16 PM, on 1/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6499 bytes
 
Excellent, your logfile is now clean of malware.

Your logfile indicates that you are running both AntiVir and Norton. Two antivirus programs running in resident mode can conflict, actually making you less safe. I suggest you either remove one, or disable the real time protection on one and just use it as an on-demand scanner.

If you choose to remove Norton please use the Norton Removal Tool to remove it completely.

Additionally, Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update:
Updating Java:
  • Go to Start > Control Panel double-click on the Software icon > Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have next icon next to it:
    javaicon.gif

    Select it and click Remove.
  • Then Download and install the newest version from here:

Below I have included some ideas on how to prevent future infections.

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the Critical Updates for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Some good free firewalls are ZoneAlarm, Kerio, or Outpost. All of these will provide a far greater level of protection than the firewall built into Windows.
A tutorial on understanding and using firewalls may be found here.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's
Immunize and TeaTimer features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad which provides protections against malicious websites.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
 
You're welcome. Thank You for your kind offer, but this site does not accept donations and the administrators have previously indicated that they would be uncomfortable changing this policy.
 
You must log in or register to reply here.
Back
Top