View Full Version : my laptop does not seem to be working properly
mdayton09
2009-08-04, 13:41
i use Mozilla firefox and i am often redirected to the wrong site. this is my log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:45 AM, on 8/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\sysregi.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [Nod32 Runtime] sysregi.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 9902 bytes
Hi mdayton09
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post
mdayton09
2009-08-06, 07:14
I would like to try to clean it. the laptop is old and i recently reformatted the os and i'm going to buy a new laptop soon.
as for the passwords, I suspected that's what it was and already changed passwords and have attempted to not use this laptop for sensitive purposes. I
mostly use it for watching movies, music, word processing, and checking email. nothing very security sensitive and once i have my new laptop it will be solely for movies and music. i would rather not have to redownload all my music so cleaning it would be preferred
Did you change them from known clean computer?
If not, you will have to do it again.
mdayton09
2009-08-06, 08:57
yes i did
Good.
Next I will have to ask if this is a personal computer?
mdayton09
2009-08-06, 16:39
yes it is
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
mdayton09
2009-08-06, 22:25
ComboFix 09-08-06.01 - Marissa 08/06/2009 13:12.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.120 [GMT -7:00]
Running from: c:\documents and settings\Marissa\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\SW_Win2146X32.DLL
c:\windows\system32\sysregi.exe
c:\windows\welik.exe
.
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.
2009-08-04 11:27 . 2009-08-04 11:27 -------- d-----w- c:\program files\ERUNT
2009-08-04 11:15 . 2009-08-04 11:15 -------- d-----w- c:\program files\Trend Micro
2009-07-18 19:21 . 2009-07-18 19:22 -------- d-----w- c:\program files\Safari
2009-07-18 19:19 . 2009-07-18 19:19 -------- d-----w- c:\program files\iPod
2009-07-18 19:19 . 2009-07-18 19:20 -------- d-----w- c:\program files\iTunes
2009-07-18 19:13 . 2009-07-18 19:13 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 14:38 . 2009-05-05 00:22 -------- d-----w- c:\documents and settings\Marissa\Application Data\uTorrent
2009-07-28 01:23 . 2009-05-05 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-19 18:10 . 2009-05-05 00:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 19:19 . 2009-05-05 00:19 -------- d-----w- c:\program files\Common Files\Apple
2009-07-05 21:12 . 2009-07-05 21:12 -------- d--h--w- c:\program files\InstallJammer Registry
2009-07-05 21:11 . 2009-07-05 21:11 1490358 ----a-w- c:\windows\Cursors\uninstall.exe
2009-07-04 17:51 . 2009-07-04 17:51 -------- d-----w- c:\program files\RocketDock
2009-07-01 10:53 . 2009-05-05 00:49 -------- d-----w- c:\program files\Stardock
2009-07-01 10:52 . 2009-05-05 00:53 -------- d-----w- c:\program files\Common Files\Stardock
2009-07-01 10:50 . 2009-07-01 10:50 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-06-29 16:25 . 2009-05-05 00:50 -------- d-----w- c:\program files\Rainlendar2
2009-06-29 16:06 . 2009-06-29 16:06 -------- d-----w- c:\program files\Softinterface, Inc
2009-06-29 15:30 . 2009-06-29 15:30 -------- d-----w- c:\program files\Aspose
2009-06-24 02:34 . 2009-05-05 00:22 -------- d-----w- c:\documents and settings\Marissa\Application Data\Apple Computer
2009-06-20 05:39 . 2009-05-11 05:47 -------- d-----w- c:\documents and settings\Marissa\Application Data\dvdcss
2009-06-20 04:11 . 2009-06-20 04:10 -------- d-----w- c:\program files\QuickTime
2009-06-05 18:42 . 2009-05-05 00:20 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 18:42 . 2009-05-05 00:20 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-04 14:13 . 2009-06-29 16:06 741376 ----a-w- c:\windows\system32\C-XLS.dll
2004-03-16 00:51 . 2004-03-16 00:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 17:32 . 2006-01-23 17:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
.
------- Sigcheck -------
[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 12:00 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiskChk help"="c:\documents and settings\All Users\proto.dll" [2009-05-05 27136]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2006-07-18 58880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
c:\documents and settings\Marissa\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-5-4 184320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-07-01 10:55 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 gpib420;GPIB Analyzer;c:\windows\system32\drivers\gpib420.sys [2/13/2006 11:45 AM 31334]
R2 GpibPrtK;Gpib Port;c:\windows\system32\drivers\GpibPrtK.sys [2/13/2006 11:45 AM 199783]
R2 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.dll [7/27/2005 8:58 AM 10829]
R2 nidevldu;nidevldu;system32\nipalsm.exe --> system32\nipalsm.exe [?]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [7/13/2006 12:04 PM 159232]
R2 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfk.dll [7/20/2006 12:19 AM 200704]
R2 niemrk;niemrk;c:\windows\system32\drivers\niemrk.dll [7/20/2006 6:50 PM 370176]
R2 nifslk;nifslk;c:\windows\system32\drivers\nifslk.dll [7/16/2006 3:16 AM 81920]
R2 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpk.dll [7/16/2006 12:55 AM 20480]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [7/18/2006 9:34 AM 71680]
R2 niswdk;niswdk;c:\windows\system32\drivers\niswdk.dll [7/16/2006 12:16 AM 496640]
R2 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrk.dll [7/20/2006 6:50 PM 1746432]
R2 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxk.dll [7/16/2006 2:22 AM 19968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/4/2009 6:48 PM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [5/4/2009 5:36 PM 192896]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrk.dll [7/16/2006 12:50 AM 171520]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2k.dll [7/13/2006 12:58 PM 248832]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrk.dll [7/16/2006 12:05 AM 137728]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstsk.dll [7/16/2006 12:07 AM 51712]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdk.dll [7/16/2006 12:42 AM 506880]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigk.dll [7/16/2006 2:22 AM 240128]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiork.dll [7/16/2006 12:57 AM 790528]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/5/2009 7:29 AM 33176]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsark.dll [7/20/2006 6:39 PM 648192]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrk.dll [7/20/2006 6:50 PM 500224]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [6/5/2006 6:03 PM 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [6/5/2006 6:03 PM 151683]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftk.dll [7/16/2006 12:39 AM 164864]
S3 nismbusk;nismbusk;c:\windows\system32\drivers\nismbusk.sys [7/18/2006 9:51 AM 51200]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdk.dll [7/16/2006 12:42 AM 43008]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrk.dll [7/20/2006 6:50 PM 1026560]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2k.dll [6/6/2006 12:21 AM 163328]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrk.dll [7/16/2006 12:57 AM 111616]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWK.sys [7/14/2006 11:57 AM 8704]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciK.sys [7/14/2006 11:56 AM 48128]
S3 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiK.sys [7/14/2006 11:56 AM 10752]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrk.dll [7/20/2006 6:50 PM 434688]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Rainlendar2 - c:\program files\Rainlendar2\Rainlendar2.exe
HKLM-Run-Nod32 Runtime - sysregi.exe
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Marissa\Application Data\Mozilla\Firefox\Profiles\ql6wxnpl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1<mpl=default<mplcache=2
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 13:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
? [52056]
? [9428]
? [22680]
? [7780]
? [4864]
? [9772]
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????4?7?6?5??????? ?,?B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Completion time: 2009-08-06 13:22
ComboFix-quarantined-files.txt 2009-08-06 20:22
Pre-Run: 1,663,647,744 bytes free
Post-Run: 2,321,178,624 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
193
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:29 PM, on 8/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users\proto.dll" run
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\Object Desktop\ObjectDock\ObjectDock.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 9561 bytes
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
mdayton09
2009-08-07, 07:34
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
AIM Toolbar
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AviSynth 2.5
AVRStudio4
Bonjour
Broadcom 802.11 Wireless LAN Adapter
Broadcom Wireless Utility
Conexant AC-Link Audio
Download Updater (AOL LLC)
ERUNT 1.1j
HijackThis 2.0.2
HP Help and Support
HP Quick Launch Buttons 6.30 J1
HP Software Update
HP Wireless Assistant 1.01 C1
InterVideo DVD Check
InterVideo WinDVD
IsoBuster 2.5
iTunes
Mac OS X Cursors
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
MobileMe Control Panel
Mozilla Firefox (3.0.13)
MSN
National Instruments Software
NI EULA Depot
NI MDF Support
overland
Photosmart 140,240,7200,7600,7700,7900 Series
PL-2303 USB-to-Serial
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
RocketDock 1.3.5
Safari
SoftV90 Data Fax Modem with SmartCP
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TBS WMP Plug-in
Texas Instruments PCIxx21/x515 drivers.
Videora iPod Converter 4.07
Viewpoint Media Player
VLC media player 0.9.9
WinAVR 20090313 (remove only)
WindowBlinds
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Internet Explorer 8
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB892559
YouTube Downloader App 1.02
Sorry, I never got email notification from this one.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\documents and settings\Marissa\Application Data\uTorrent
c:\Program Files\uTorrent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Please also upload this file - c:\windows\system32\drivers\tcpip.sys to http://virusscan.jotti.org and post back results.
mdayton09
2009-08-15, 19:31
ComboFix 09-08-10.06 - Marissa 08/15/2009 10:09.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.214 [GMT -7:00]
Running from: c:\documents and settings\Marissa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Marissa\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Marissa\Application Data\uTorrent
c:\documents and settings\Marissa\Application Data\uTorrent\Alan Jackson.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Confessions of a Shopaholic[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Demi.Lovato.-.Dont.Forget.(2008).Pop.WwW.Mixermusic.net.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\dht.dat
c:\documents and settings\Marissa\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Marissa\Application Data\uTorrent\Dollhouse.S01E13.Unaired.DVDRip.XviD-REWARD.avi.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Due West.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Duplicity.2009.Eng.Telesync.XviD-LTT.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Fast and Furious (2009) TELESYNC XviD OPTiC-MFD™.avi.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Growing Up Is Getting Old.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Hannah Montana The Movie (2009) [OST] [PBX].torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Harry.Potter-The.Half.Blood.Prince.TS.XVID-STG.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Ice.Age.3.Dawn.Of.The.Dinosaurs.2009.TS.XviD-Fatal.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Jason Michael Carroll - Growing Up Is Getting Old (2009) [VIPER666].torrent
c:\documents and settings\Marissa\Application Data\uTorrent\labView 8.2.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\microsoft office 2007.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Microsoft Office Project Professional 2007 v12.0.4518.1 [RH].torrent
c:\documents and settings\Marissa\Application Data\uTorrent\My Best Friends Wedding 1997 DVDRip.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Night At The Museum Battle Of The Smithsonian 2009 TELESYNC AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Marissa\Application Data\uTorrent\P.S. I Love You (PSP, iPod, Zune).torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Public.Enemies.TELESYNC.XviD-ORC.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Push.2009.HDRip.XviD-NoRARs™.avi.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\QuickBooks Pro 2008.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Rascal Flatts - Unstoppable (2009) - Country [www.torrentazos.com].torrent
c:\documents and settings\Marissa\Application Data\uTorrent\resume.dat
c:\documents and settings\Marissa\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Marissa\Application Data\uTorrent\rss.dat
c:\documents and settings\Marissa\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Marissa\Application Data\uTorrent\settings.dat
c:\documents and settings\Marissa\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Marissa\Application Data\uTorrent\Slumdog Millionaire (2008) Soundtrack - A.R. Rahman.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Star Trek 2009 TELESYNC AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Talladega.Nights[2006][Unrated.Edition]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\The International[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\The Lord of the Rings - Extended Trilogy.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\The.Day.The.Earth.Stood.Still[2008]DvDrip-aXXo.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\The.Ugly.Truth.Cam.Xvid-TheStash.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Top 500 Country Music Songs.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Trace Adkins - X.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Twilight[2008]DvDrip-aXXo.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Marissa\Application Data\uTorrent\VA-Promo_Only_Canada_Country_Radio_June-2009-XXL.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\VA-Promo_Only_Country_Radio_August-2009-XXL.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\VA-Promo_Only_Country_Radio_July-2009-XXL.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\VA-Promo_Only_Country_Radio_June-2009-XXL.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\VA-Promo_Only_Country_Radio_May-2009-XXL.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\VA-Promo_Only_Country_Radio_September-2009-XXL.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Valkyrie[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Warehouse.13.S01E04.Magnetism-notv.(Ev1l51xty51x).avi.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\When Harry Met Sally.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\WindowBlinds Enhanced v6.2 + 101 Themes + Patch By ChattChitto.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Yes.Man.2008.DvDRip-FxM.torrent
c:\documents and settings\Marissa\Application Data\uTorrent\Zac Brown Band [2008] The Foundation [MP3's@320KBPS] Country [h33t][DJ Macdaddy].torrent
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
.
((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))
.
2009-08-04 11:27 . 2009-08-04 11:27 -------- d-----w- c:\program files\ERUNT
2009-08-04 11:15 . 2009-08-04 11:15 -------- d-----w- c:\program files\Trend Micro
2009-07-18 19:21 . 2009-07-18 19:22 -------- d-----w- c:\program files\Safari
2009-07-18 19:19 . 2009-07-18 19:19 -------- d-----w- c:\program files\iPod
2009-07-18 19:19 . 2009-07-18 19:20 -------- d-----w- c:\program files\iTunes
2009-07-18 19:13 . 2009-07-18 19:13 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 01:23 . 2009-05-05 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-19 18:10 . 2009-05-05 00:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 19:19 . 2009-05-05 00:19 -------- d-----w- c:\program files\Common Files\Apple
2009-07-05 21:12 . 2009-07-05 21:12 -------- d--h--w- c:\program files\InstallJammer Registry
2009-07-05 21:11 . 2009-07-05 21:11 1490358 ----a-w- c:\windows\Cursors\uninstall.exe
2009-07-04 17:51 . 2009-07-04 17:51 -------- d-----w- c:\program files\RocketDock
2009-07-01 10:53 . 2009-05-05 00:49 -------- d-----w- c:\program files\Stardock
2009-07-01 10:52 . 2009-05-05 00:53 -------- d-----w- c:\program files\Common Files\Stardock
2009-07-01 10:50 . 2009-07-01 10:50 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-06-29 16:25 . 2009-05-05 00:50 -------- d-----w- c:\program files\Rainlendar2
2009-06-29 16:06 . 2009-06-29 16:06 -------- d-----w- c:\program files\Softinterface, Inc
2009-06-29 15:30 . 2009-06-29 15:30 -------- d-----w- c:\program files\Aspose
2009-06-24 02:34 . 2009-05-05 00:22 -------- d-----w- c:\documents and settings\Marissa\Application Data\Apple Computer
2009-06-20 05:39 . 2009-05-11 05:47 -------- d-----w- c:\documents and settings\Marissa\Application Data\dvdcss
2009-06-20 04:11 . 2009-06-20 04:10 -------- d-----w- c:\program files\QuickTime
2009-06-05 18:42 . 2009-05-05 00:20 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 18:42 . 2009-05-05 00:20 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-04 14:13 . 2009-06-29 16:06 741376 ----a-w- c:\windows\system32\C-XLS.dll
2004-03-16 00:51 . 2004-03-16 00:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 17:32 . 2006-01-23 17:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
.
------- Sigcheck -------
[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-04 12:00 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-06_20.20.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-07-29 18:45 59842 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-08-11 18:33 59842 c:\windows\system32\perfc009.dat
+ 2009-08-11 18:29 . 2009-08-11 18:29 20480 c:\windows\ERDNT\AutoBackup\8-11-2009\Users\00000002\UsrClass.dat
+ 2004-08-04 12:00 . 2009-08-11 18:33 395768 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-07-29 18:45 395768 c:\windows\system32\perfh009.dat
+ 2009-08-11 18:29 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\8-11-2009\ERDNT.EXE
+ 2009-08-11 18:29 . 2009-08-11 18:29 3166208 c:\windows\ERDNT\AutoBackup\8-11-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DiskChk help"="c:\documents and settings\All Users\proto.dll" [2009-05-05 27136]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\bcmntray" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2006-07-18 58880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
c:\documents and settings\Marissa\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-5-4 184320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-07-01 10:55 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 gpib420;GPIB Analyzer;c:\windows\system32\drivers\gpib420.sys [2/13/2006 11:45 AM 31334]
R2 GpibPrtK;Gpib Port;c:\windows\system32\drivers\GpibPrtK.sys [2/13/2006 11:45 AM 199783]
R2 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.dll [7/27/2005 8:58 AM 10829]
R2 nidevldu;nidevldu;system32\nipalsm.exe --> system32\nipalsm.exe [?]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [7/13/2006 12:04 PM 159232]
R2 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfk.dll [7/20/2006 12:19 AM 200704]
R2 niemrk;niemrk;c:\windows\system32\drivers\niemrk.dll [7/20/2006 6:50 PM 370176]
R2 nifslk;nifslk;c:\windows\system32\drivers\nifslk.dll [7/16/2006 3:16 AM 81920]
R2 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpk.dll [7/16/2006 12:55 AM 20480]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [7/18/2006 9:34 AM 71680]
R2 niswdk;niswdk;c:\windows\system32\drivers\niswdk.dll [7/16/2006 12:16 AM 496640]
R2 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrk.dll [7/20/2006 6:50 PM 1746432]
R2 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxk.dll [7/16/2006 2:22 AM 19968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/4/2009 6:48 PM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [5/4/2009 5:36 PM 192896]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrk.dll [7/16/2006 12:50 AM 171520]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2k.dll [7/13/2006 12:58 PM 248832]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrk.dll [7/16/2006 12:05 AM 137728]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstsk.dll [7/16/2006 12:07 AM 51712]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdk.dll [7/16/2006 12:42 AM 506880]
R3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigk.dll [7/16/2006 2:22 AM 240128]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiork.dll [7/16/2006 12:57 AM 790528]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [5/5/2009 7:29 AM 33176]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsark.dll [7/20/2006 6:39 PM 648192]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrk.dll [7/20/2006 6:50 PM 500224]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [6/5/2006 6:03 PM 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [6/5/2006 6:03 PM 151683]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftk.dll [7/16/2006 12:39 AM 164864]
S3 nismbusk;nismbusk;c:\windows\system32\drivers\nismbusk.sys [7/18/2006 9:51 AM 51200]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdk.dll [7/16/2006 12:42 AM 43008]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrk.dll [7/20/2006 6:50 PM 1026560]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2k.dll [6/6/2006 12:21 AM 163328]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrk.dll [7/16/2006 12:57 AM 111616]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWK.sys [7/14/2006 11:57 AM 8704]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciK.sys [7/14/2006 11:56 AM 48128]
S3 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiK.sys [7/14/2006 11:56 AM 10752]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrk.dll [7/20/2006 6:50 PM 434688]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Marissa\Application Data\Mozilla\Firefox\Profiles\ql6wxnpl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1<mpl=default<mplcache=2
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 10:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????4?7?6?5??????? ?,?B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Completion time: 2009-08-15 10:21
ComboFix-quarantined-files.txt 2009-08-15 17:21
ComboFix2.txt 2009-08-06 20:22
Pre-Run: 1,148,747,776 bytes free
Post-Run: 1,103,753,216 bytes free
240
.......................................................................................................
Filename: tcpip.sys
Status:
Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Tue 4 Aug 2009 00:34:34 (CET) Permalink
Looks like there are some programs to uninstall as they are not legit.
Uninstall these:
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
WindowBlinds
Post back a fresh uninstall list afterwards and we will continue.
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
Everyone else please begin a New Topic.