There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot bsod computer connection cpu crash css dell desktop dma driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware hijackthis hjt install internet internet explorer itunes keyboard laptop macro malware monitor motherboard network networking outlook outlook 2003 outlook 2007 outlook express pio problem problems router seo server slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp winxp wireless
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: not-a-virus:hoax and Downloader


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Page 1 of 2 1 2 >
 
Thread Tools
sup2a's Avatar
Computer Specs
Senior Member with 1,045 posts.
  
Join Date: Oct 2007
Location: A-town -- South Australia
Experience: Intermediate-Advanced
23-Mar-2008, 05:52 PM #1
Post Solved: not-a-virus:hoax and Downloader
when i went to Kaspersky online scanner it picked up not-a-virus:hoax and not-virus: downloader but the thing is it seems to be in quarantine when i had nortons on the system when i first bought this computer (1-2 years ago) none fo the other programs picked this up including hijackthis anyway heres the log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 24, 2008 12:00:31 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/03/2008
Kaspersky Anti-Virus database records: 655169
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 105292
Number of viruses found: 4
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 01:51:53

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50AE0B3F.dll Infected: not-virus:Hoax.Win32.Renos.gb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\595113BE.exe Infected: not-a-virus: Downloader.Win32.WinFixer.o skipped


there are quite a few more but as i was using the programs half of them said they were being used and the others say locked and i know they are no infected

note: i had Smitfraud C back in the day, after looking in the trend micro database its looks a lot like it.....and by the looks of the scan it looks as though Nortons picked it up and put it in quarantine... i think correct me if im wrong
__________________
"Friends dont let friends use Internet Explorer" Firefox is free and so much better!
"People ask me, how can I create positive change in my life? I say let someone in traffic! Just start with that!" --Serj Tankian
Post doesn't sound quite right or make any sense? refresh! i probably edited!
In South Australia? Need a new computer? Ask me about a custom build!
Last edited by sup2a : 23-Mar-2008 05:57 PM.
Cookiegal's Avatar
Administrator with 53,603 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
24-Mar-2008, 10:52 AM #2
This one would be related to SmitfraudFix and is falsely flagged and quarantined (this happens frequently):

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50AE0B3F.dll Infected: not-virus:Hoax.Win32.Renos.gb skipped

This one is not related to SFF but is also in Norton's quarantine folder.

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\595113BE.exe Infected: not-a-virus: Downloader.Win32.WinFixer.o skipped

If you're not using Norton anymore, I assume you uninstalled it via the Control Panel. If so then you can delete this folder (unless you have other Symantec products in which case just empty the quarantine folder):

C:\Documents and Settings\All Users\Application Data\Symantec

You may have other infected files. I would recommend posting a HijackThis log.

Click here to download HJTsetup.exe.
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
sup2a's Avatar
Computer Specs
Senior Member with 1,045 posts.
  
Join Date: Oct 2007
Location: A-town -- South Australia
Experience: Intermediate-Advanced
25-Mar-2008, 01:35 AM #3
thanx for that... i was not the one to remove Nortons it was someone trying to be helpful in removing the infection on the computer at the time (SmitFraud) ended up making it a little more difficult (guess that one of the reasons, there is a section like this on the forum)

as for a hiajckthis log i had one...or a few checked recently but i have installed a load of software lately so i guess it would pay to have another checked hope you dont mind Winpatrol made this one...saves a bit of time....

Log created by WinPatrol version 14.0.2007.1:14.0.2007.1
Scan saved at 4:02:36 PM, on 3/25/2008
Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\Avast4\aswUpdSv.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\COMMON FILES\Apple\MOBILE DEVICE SUPPORT\bin\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\Bonjour\MDNSRESPONDER.EXE
C:\PROGRAM FILES\COMMON FILES\Real\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\Google\Common\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\PROGRAM FILES\Java\JRE1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\Creative\SBAudigy\SURROUND MIXER\CTSysVol.exe
C:\PROGRAM FILES\SONY ERICSSON\Mobile2\APPLICATION LAUNCHER\APPLICATION LAUNCHER.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\zlclient.exe
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\PROGRAM FILES\PC-DOCTOR 5 FOR WINDOWS\PCDSMARTMONITOR.EXE
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\COMMON FILES\TELECA SHARED\CAPABILITYMANAGER.EXE
C:\PROGRAM FILES\QUICKTIME\QTTask.exe
C:\PROGRAM FILES\iTunes\ITUNESHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
C:\PROGRAM FILES\HP\DIGITAL IMAGING\bin\hpqtra08.exe
C:\DOCUMENTS AND SETTINGS\Sup2a\Desktop\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\LxrSII1s.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\Avast4\ashMaiSv.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAM FILES\iPod\bin\IPODSERVICE.EXE
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\msnmsgr.exe
C:\PROGRAM FILES\HP\DIGITAL IMAGING\bin\hpqste08.exe
C:\PROGRAM FILES\COMMON FILES\TELECA SHARED\Generic.exe
C:\PROGRAM FILES\SONY ERICSSON\Mobile2\MOBILE PHONE MONITOR\EPMWORKER.EXE
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\usnsvc.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe
C:\hp\KBD\kbd.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\atiptaxx.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} -
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1]C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002]C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL]RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard]C:\WINDOWS\SMINST\Recguard.exe
O4 - HKLM\..\Run: [HPBootOp]C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run
O4 - HKLM\..\Run: [HP Software Update]C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPHUPD08]C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [NeroFilterCheck]C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe]C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [PCDrSmartMonitor]C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe -r
O4 - HKLM\..\Run: [SunJavaUpdateSched]C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [P17Helper]Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol]C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg]C:\WINDOWS\Updreg.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite]C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions
O4 - HKLM\..\Run: [ZoneAlarm Client]C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [googletalk]C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!]C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task]C:\Program Files\QuickTime\QTTask.exe -atboottime
O4 - HKLM\..\Run: [iTunesHelper]C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer]C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk=C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk=C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk=C:\Documents and Settings\Sup2a\Desktop\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre1.6.0_03\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} (http://download.microsoft.com/downlo...38C922/wmv9VCM) - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1177844018062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) - http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) - http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management - - C:\WINDOWS\System32\appmgmts.dll
O23 - Service: avast! iAVS4 Control Service - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service
O23 - Service: avast! Web Scanner - - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar Secure II - - LxrSII1s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor - - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

--- Additional WinPatrol Info ---
Default Browser: Firefox - Firefox version 2.0.0.12
MSIE: Internet Explorer (7.00.6000.16608)
Firefox 2.0.0.12 installed in C:\Program Files\Mozilla Firefox.
36 IE Cookies in Folder: C:\Documents and Settings\Sup2a\Cookies\
42 Mozilla Cookies in Folder: C:\Documents and Settings\Sup2a\Application Data\Mozilla\FireFox\Profiles\jtuf2umf.default

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS3: BootExecute = autocheck autochk *
WP01 - HKLM\CS1: PendingFileRenameOperations = \??\C:\WINDOWS\system32\ZoneLabs\spyware.dat.zlbak
WP01 - HKLM\CCS: PendingFileRenameOperations = \??\C:\WINDOWS\system32\ZoneLabs\spyware.dat.zlbak
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [AppleSoftwareUpdate.job]C:\Program Files\Apple Software Update\SoftwareUpdate.exe Never

WP32 - Hidden File: C:\BOOT.BAK
WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\cmldr
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\sqmdata00.sqm
WP32 - Hidden File: C:\sqmnoopt00.sqm
WP32 - Hidden File: C:\WINDOWS\QTFont.qfn
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\drivers\103C_HP_CPC_EY928AA-ABG SR1920AN AP630_YC_0Pres_QAUD628_E63APheREA1_48_IAsterope_SHewleet-Packard_V1.0_B3.16_T060622_WXH2_L409_M448_J160_7Intel_8Celeron_93.07_#06082 9_N10EC8139_Z11C10620_G10025A61.MRK
WP32 - Hidden File: C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
WP32 - Hidden File: C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
WP32 - Hidden File: C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
WP32 - Hidden File: C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\mlfcache.dat
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\zllictbl.dat
WP32 - Hidden File: C:\Documents and Settings\Sup2a\Local Settings\Temp\CTZapTest.txt
WP32 - Hidden File: C:\Documents and Settings\Sup2a\Local Settings\Temp\TempFolder.aab\Macromedia.lok

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [WinZip File]C:\DOCUME~1\SUP2A\DESKTOP\WINZIP\winzip32.exe %1
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Word Document]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Outlook Item]C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [Windows Media Player]C:\Program Files\Windows Media Player\wmplayer.exe %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
WP33 - File Type .SBS: [Spyware supplemental file]C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe %1
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Excel Worksheet]C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE /e

Memory currently in use: 40%
Physical Memory Free: 893,116 KB
Paging File Free: 1,565,200 KB
Virtual Memory Free: 2,053,776 KB


--
End of file
__________________
"Friends dont let friends use Internet Explorer" Firefox is free and so much better!
"People ask me, how can I create positive change in my life? I say let someone in traffic! Just start with that!" --Serj Tankian
Post doesn't sound quite right or make any sense? refresh! i probably edited!
In South Australia? Need a new computer? Ask me about a custom build!
Cookiegal's Avatar
Administrator with 53,603 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
25-Mar-2008, 03:16 PM #4
Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
sup2a's Avatar
Computer Specs
Senior Member with 1,045 posts.
  
Join Date: Oct 2007
Location: A-town -- South Australia
Experience: Intermediate-Advanced
25-Mar-2008, 07:36 PM #5
as this computer is a Compaq it did not come with a windows disc does this mean i cannot install the recovery console? is this a problem?
Cookiegal's Avatar
Administrator with 53,603 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
25-Mar-2008, 07:41 PM #6
No, not at all. If you read the instructions they tell you how to install it if you don't have the CD. It involves downloading a file from Microsoft.
sup2a's Avatar
Computer Specs
Senior Member with 1,045 posts.
  
Join Date: Oct 2007
Location: A-town -- South Australia
Experience: Intermediate-Advanced
26-Mar-2008, 02:14 AM #7
ahh sorry just skimmed through the writing...ill have it done by tomorrow im a little busy right now
Cookiegal's Avatar
Administrator with 53,603 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
26-Mar-2008, 08:30 AM #8
That's fine.
sup2a's Avatar
Computer Specs
Senior Member with 1,045 posts.
  
Join Date: Oct 2007
Location: A-town -- South Australia
Experience: Intermediate-Advanced
27-Mar-2008, 03:08 AM #9
thanx for that... heres the log

ComboFix 08-03-25.4 - Sup2a 2008-03-27 17:21:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.941 [GMT 10.5:30]
Running from: C:\Documents and Settings\Sup2a\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent


((((((((((((((((((((((((( Files Created from 2008-02-27 to 2008-03-27 )))))))))))))))))))))))))))))))
.

2008-03-26 16:53 . 2008-03-26 16:53 582 --a------ C:\WINDOWS\eReg.dat
2008-03-26 16:49 . 2008-03-27 17:15 <DIR> d-------- C:\Documents and Settings\Sup2a\Application Data\SiteAdvisor
2008-03-26 16:49 . 2008-03-26 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-03-26 16:49 . 2008-03-26 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-03-26 16:37 . 2008-03-26 16:39 <DIR> d-------- C:\Program Files\Maxis
2008-03-24 09:06 . 2008-03-24 09:06 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2008-03-24 09:06 . 2008-03-24 09:06 3,587 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2008-03-24 09:01 . 2008-03-24 09:01 <DIR> d-------- C:\Program Files\Illustrate
2008-03-24 09:01 . 2008-03-24 09:01 <DIR> d-------- C:\Documents and Settings\Sup2a\Application Data\AccurateRip
2008-03-24 09:01 . 2008-03-24 09:06 1,071,480 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-24 09:01 . 2008-03-24 09:01 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-03-24 09:01 . 2008-03-24 09:01 12,896 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-03-23 21:37 . 2008-03-23 21:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-23 21:37 . 2008-03-23 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-23 13:28 . 2008-03-23 13:31 <DIR> d-------- C:\Program Files\4Movy DVD Video Converter
2008-03-23 13:28 . 2008-03-23 13:30 <DIR> d-------- C:\Documents and Settings\Sup2a\Application Data\dvdcss
2008-03-23 13:28 . 2002-07-17 08:03 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-03-23 13:28 . 2002-07-17 07:05 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-03-22 15:17 . 2008-03-22 15:17 86,780 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-20 23:00 . 2008-03-20 23:00 <DIR> d-------- C:\Program Files\Safari
2008-03-20 19:43 . 2008-03-27 17:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-20 19:43 . 2008-03-20 19:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-20 19:42 . 2008-03-20 19:43 <DIR> d-------- C:\Program Files\iTunes
2008-03-20 19:42 . 2008-03-20 19:42 <DIR> d-------- C:\Program Files\iPod
2008-03-20 19:42 . 2008-03-20 19:42 <DIR> d-------- C:\Program Files\Bonjour
2008-03-20 19:41 . 2008-03-20 19:42 <DIR> d-------- C:\Program Files\QuickTime
2008-03-20 19:40 . 2008-03-20 19:40 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-20 19:39 . 2008-03-20 19:39 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-03-20 19:39 . 2008-03-20 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-20 19:39 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-03-07 17:06 . 2008-03-07 17:06 <DIR> d-------- C:\Documents and Settings\Family day care\Application Data\WinPatrol
2008-03-07 16:57 . 2008-03-07 16:57 <DIR> d-------- C:\Documents and Settings\Family day care\Application Data\Teleca
2008-03-07 16:56 . 2008-03-07 16:56 <DIR> d-------- C:\Documents and Settings\Family day care\Application Data\Sony Ericsson
2008-03-07 16:44 . 2008-03-07 16:44 48,640 --a------ C:\WINDOWS\system32\drivers\B10USBDMB.sys
2008-03-07 16:44 . 2007-10-07 17:08 2,728 --a------ C:\WINDOWS\system32\mini_spectrum2.swf
2008-03-05 16:24 . 2008-03-05 16:24 <DIR> d-------- C:\Program Files\Free iPod Video Converter
2008-03-05 16:24 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-03-05 16:24 . 2005-02-27 21:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-03-05 16:24 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-02-29 23:22 . 2008-02-29 23:22 <DIR> d-------- C:\Documents and Settings\Sup2a\Application Data\WinBatch
2008-02-29 22:43 . 2008-02-29 22:43 <DIR> d-------- C:\Program Files\ToniArts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 06:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-24 08:57 --------- d-----w C:\Program Files\Windows Live
2008-03-20 22:39 --------- d-----w C:\Documents and Settings\Sup2a\Application Data\Apple Computer
2008-03-20 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-16 06:53 --------- d-----w C:\Program Files\My_Pix
2008-02-29 12:41 --------- d-----w C:\Documents and Settings\Sup2a\Application Data\uTorrent
2008-02-27 06:51 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-19 09:20 --------- d-----w C:\Program Files\Audacity
2008-02-08 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-05 07:34 --------- d-----w C:\Program Files\Java
2008-02-05 05:23 --------- d-----w C:\Documents and Settings\Sup2a\Application Data\WinPatrol
2008-02-05 05:22 --------- d-----w C:\Program Files\BillP Studios
2008-01-27 04:21 --------- d-----w C:\Program Files\Alwil Software
2007-09-16 07:32 8,636 ----a-w C:\Program Files\DeIsL1.isu
2006-02-18 17:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2001-02-20 11:34 5,396 ----a-w C:\Program Files\README.TXT
1999-11-12 05:59 6,166 ----a-w C:\Program Files\killwin.cfg
1999-11-12 04:52 80,534 ----a-w C:\Program Files\picker.exe
1999-11-12 00:16 80,384 ----a-w C:\Program Files\killwin.exe
1998-03-05 04:58 1,458,432 ----a-w C:\Program Files\SLIDESHO.EXE
1998-03-03 08:04 1,330,304 ----a-w C:\Program Files\Kidpix.exe
1998-03-03 08:03 1,777,792 ----a-w C:\Program Files\Pickerb.exe
1998-03-03 07:54 804,608 ----a-w C:\Program Files\Stmpmatr.exe
1998-03-03 07:45 743,424 ----a-w C:\Program Files\MOOPIES.EXE
1998-03-03 07:38 597,504 ----a-w C:\Program Files\Puppets.exe
1998-03-01 15:14 2,047,744 ----a-w C:\Program Files\KPSTUDIO.DLL
1998-02-27 03:10 449,536 ----a-w C:\Program Files\WACKY.EXE
1998-02-24 12:32 8,451 ----a-w C:\Program Files\SPANISH.HLP
1998-02-13 12:30 8,068 ----a-w C:\Program Files\SSHELP.HLP
1998-02-13 12:30 7,775 ----a-w C:\Program Files\STAMHELP.HLP
1998-02-13 12:30 6,105 ----a-w C:\Program Files\TVHELP.HLP
1998-02-13 12:29 7,399 ----a-w C:\Program Files\KPHELP.HLP
1998-02-13 12:29 7,217 ----a-w C:\Program Files\PUPPHELP.HLP
1998-02-13 12:29 7,068 ----a-w C:\Program Files\MOOPHELP.HLP
1998-02-13 12:29 6,929 ----a-w C:\Program Files\KIDPIX.HLP
1997-12-15 15:41 10,746,880 ----a-w C:\Program Files\KPSOUNDS.DLL
1997-12-15 15:08 2,241,193 ----a-w C:\Program Files\WAVSOUND.R
1997-12-15 10:42 41,088 ----a-w C:\Program Files\NWIPXSPX.DLL
1997-12-15 10:41 9,660 ----a-w C:\Program Files\MONET16.DLL
1997-11-21 10:39 16,896 ----a-w C:\Program Files\USRL16D.DLL
1997-11-19 18:31 144,973 ----a-w C:\Program Files\TCLASS45.DLL
1997-08-07 16:16 153,824 ----a-w C:\Program Files\OWL31.DLL
1995-12-14 16:21 6,656 ----a-w C:\Program Files\FBVTIMER.DLL
1995-12-14 16:21 30,208 ----a-w C:\Program Files\FBVNGN.EXE
1995-12-14 16:20 46,080 ----a-w C:\Program Files\FBVSPCH.DLL
1995-08-29 05:52 220,672 ----a-w C:\Program Files\BC450RTL.DLL
1995-06-15 12:54 207,918 ----a-w C:\Program Files\KPFONTS.DAT
1995-06-05 16:39 226,013 ----a-w C:\Program Files\V02_FONT.DAT
1993-04-20 11:46 84,448 ----a-w C:\Program Files\PCDLIB.DLL
1992-10-05 02:00 130,224 ----a-w C:\Program Files\BWCC.DLL
1992-06-10 05:10 29,536 ----a-w C:\Program Files\DIB.DRV
2006-11-25 04:57 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:30 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 02:04 1415824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:30 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:30 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:30 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:30 455168]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 15:24 16010240 C:\WINDOWS\RTHDCPL.EXE]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 15:44 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 16:04 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-08-18 23:00 49152]
"HPHUPD08"="C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-12-22 18:43 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-02 12:29 180269]
"PCDrSmartMonitor"="C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2006-02-02 11:24 360448]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"P17Helper"="P17.dll" [2005-05-03 22:08 64512 C:\WINDOWS\system32\P17.dll]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 17:10 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 07:52 3739648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 23:30 79224]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 16:08 316728]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-06-02 11:56:05 27136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-08-18 23:20:30 282624]
WinZip Quick Pick.lnk - C:\Documents and Settings\Sup2a\Desktop\WinZip\WZQKPICK.EXE [2006-11-09 15:45:15 122880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Sup2a\\Desktop\\Games\\HL\\hl.exe"=
"C:\\Documents and Settings\\Sup2a\\Desktop\\Games\\Q3A\\quake3.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 LxrSII1d;Secure II Driver;C:\WINDOWS\system32\Drivers\LxrSII1d.sys [2005-05-19 16:48]
R3 PCD5SRVC{8A863ACB-F5F6CC6A-05010003};PCD5SRVC{8A863ACB-F5F6CC6A-05010003} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2006-02-08 12:08]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 07:05]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-06-20 14:57]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 20:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-07 15:11]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 10:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 10:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 10:42]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 10:42]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 10:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-03-20 09:10:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 17:30:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{8A863ACB-F5F6CC6A-05010003}]
"ImagePath"="\??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-03-27 17:34:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-27 07:04:22
.
2008-03-20 06:33:23 --- E O F ---
__________________
"Friends dont let friends use Internet Explorer" Firefox is free and so much better!
"People ask me, how can I create positive change in my life? I say let someone in traffic! Just start with that!" --Serj Tankian
Post doesn't sound quite right or make any sense? refresh! i probably edited!
In South Australia? Need a new computer? Ask me about a custom build!
Last edited by sup2a : 27-Mar-2008 03:22 AM.
sup2a's Avatar
Computer Specs
Senior Member with 1,045 posts.
  
Join Date: Oct 2007
Location: A-town -- South Australia
Experience: Intermediate-Advanced
27-Mar-2008, 03:12 AM #10
i was wondering, there were infections right? if so could any of them download/upload a lot of data? also could any of these compromise my details on any sites? oh and what can i do with Combofix? as this computer is shared i try to make it as secure as possible and if the other users were to touch combofix...

Log created by WinPatrol version 14.0.2007.1:14.0.2007.1
Scan saved at 5:39:42 PM, on 3/27/2008
Platform: Windows XP SP2 Home Edition Service Pack 2 (Build 2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\Avast4\aswUpdSv.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\COMMON FILES\Apple\MOBILE DEVICE SUPPORT\bin\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\Bonjour\MDNSRESPONDER.EXE
C:\PROGRAM FILES\Google\Common\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSrvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\Avast4\ashMaiSv.exe
C:\PROGRAM FILES\ALWIL SOFTWARE\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP BOOT OPTIMIZER\HPBootOp.exe
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\COMMON FILES\Real\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\Java\JRE1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\Creative\SBAudigy\SURROUND MIXER\CTSysVol.exe
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\zlclient.exe
C:\PROGRAM FILES\PC-DOCTOR 5 FOR WINDOWS\PCDSMARTMONITOR.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\PROGRAM FILES\QUICKTIME\QTTask.exe
C:\PROGRAM FILES\iTunes\ITUNESHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
C:\PROGRAM FILES\Adobe\ACROBAT 7.0\Reader\READER_SL.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\bin\hpqtra08.exe
C:\DOCUMENTS AND SETTINGS\Sup2a\Desktop\WinZip\WZQKPICK.EXE
C:\PROGRAM FILES\iPod\bin\IPODSERVICE.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\bin\hpqste08.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\COMMON FILES\TELECA SHARED\Generic.exe
C:\PROGRAM FILES\SONY ERICSSON\Mobile2\MOBILE PHONE MONITOR\EPMWORKER.EXE
C:\WINDOWS\system32\notepad.exe
C:\PROGRAM FILES\MOZILLA FIREFOX\firefox.exe
C:\hp\KBD\kbd.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\atiptaxx.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1]C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002]C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL]RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard]C:\WINDOWS\SMINST\Recguard.exe
O4 - HKLM\..\Run: [HPBootOp]C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run
O4 - HKLM\..\Run: [HP Software Update]C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPHUPD08]C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [NeroFilterCheck]C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe]C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [PCDrSmartMonitor]C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe -r
O4 - HKLM\..\Run: [SunJavaUpdateSched]C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [P17Helper]Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [CTSysVol]C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg]C:\WINDOWS\Updreg.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite]C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions
O4 - HKLM\..\Run: [ZoneAlarm Client]C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [googletalk]C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avast!]C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinPatrol]C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task]C:\Program Files\QuickTime\QTTask.exe -atboottime
O4 - HKLM\..\Run: [iTunesHelper]C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe]C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer]C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk=C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk=C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk=C:\Documents and Settings\Sup2a\Desktop\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [Java (Sun)] Java (Sun) - C:\Program Files\Java\jre1.6.0_03\bin
O11 - Options group: [] -
O14 - IERESET.INF: START_PAGE_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
O14 - IERESET.INF: SEARCH_PAGE_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O14 - IERESET.INF:HKCU, Start Page = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Page_URL = %START_PAGE_URL%
O14 - IERESET.INF:HKLM, Default_Search_URL = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKLM, Search Page = %SEARCH_PAGE_URL%
O14 - IERESET.INF:HKCU, Search Page = %SEARCH_PAGE_URL%
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} (http://download.microsoft.com/downlo...38C922/wmv9VCM) - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1177844018062
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.5.0_10) - http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.5.0_11) - http://java.sun.com/update/1.5.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
O21 - WPDShServiceObj - WPDShServiceObj Class - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Management - - C:\WINDOWS\System32\appmgmts.dll
O23 - Service: avast! iAVS4 Control Service - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service
O23 - Service: avast! Web Scanner - - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar Secure II - - LxrSII1s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor - - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

--- Additional WinPatrol Info ---
Default Browser: Firefox - Firefox version 2.0.0.13
MSIE: Internet Explorer (7.00.6000.16608)
Firefox 2.0.0.13 installed in C:\Program Files\Mozilla Firefox.
36 IE Cookies in Folder: C:\Documents and Settings\Sup2a\Cookies\
162 Mozilla Cookies in Folder: C:\Documents and Settings\Sup2a\Application Data\Mozilla\FireFox\Profiles\jtuf2umf.default

WP00 - HKLM\CS1: BootExecute = autocheck autochk *
WP00 - HKLM\CCS: BootExecute = autocheck autochk *
WP00 - HKLM\CS3: BootExecute = autocheck autochk *
WP02 - HKLM\CCS: Command = C:\WINDOWS\system32\cmd.exe

WP03 - Windows Automatic Update = 4:Automatically download recommended updates for my computer and install them.


WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix: Default = http://
WP08 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes: www = http://

WP31 - Scheduled Tasks: [AppleSoftwareUpdate.job]C:\Program Files\Apple Software Update\SoftwareUpdate.exe Never

WP32 - Hidden File: C:\BOOT.BAK
WP32 - Hidden File: C:\boot.ini
WP32 - Hidden File: C:\cmldr
WP32 - Hidden File: C:\hiberfil.sys
WP32 - Hidden File: C:\IO.SYS
WP32 - Hidden File: C:\MSDOS.SYS
WP32 - Hidden File: C:\NTDETECT.COM
WP32 - Hidden File: C:\ntldr
WP32 - Hidden File: C:\pagefile.sys
WP32 - Hidden File: C:\sqmdata00.sqm
WP32 - Hidden File: C:\sqmnoopt00.sqm
WP32 - Hidden File: C:\WINDOWS\QTFont.qfn
WP32 - Hidden File: C:\WINDOWS\WindowsShell.Manifest
WP32 - Hidden File: C:\WINDOWS\winnt.bmp
WP32 - Hidden File: C:\WINDOWS\winnt256.bmp
WP32 - Hidden File: C:\WINDOWS\system32\cdplayer.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\config\default.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\default.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SAM.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\SECURITY.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\software.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\system.tmp.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\TempKey.LOG
WP32 - Hidden File: C:\WINDOWS\system32\config\userdiff.LOG
WP32 - Hidden File: C:\WINDOWS\system32\drivers\103C_HP_CPC_EY928AA-ABG SR1920AN AP630_YC_0Pres_QAUD628_E63APheREA1_48_IAsterope_SHewleet-Packard_V1.0_B3.16_T060622_WXH2_L409_M448_J160_7Intel_8Celeron_93.07_#06082 9_N10EC8139_Z11C10620_G10025A61.MRK
WP32 - Hidden File: C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
WP32 - Hidden File: C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
WP32 - Hidden File: C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
WP32 - Hidden File: C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
WP32 - Hidden File: C:\WINDOWS\system32\logonui.exe.manifest
WP32 - Hidden File: C:\WINDOWS\system32\mlfcache.dat
WP32 - Hidden File: C:\WINDOWS\system32\ncpa.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\nwc.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\Restore\filelist.xml
WP32 - Hidden File: C:\WINDOWS\system32\sapi.cpl.manifest
WP32 - Hidden File: C:\WINDOWS\system32\WindowsLogon.manifest
WP32 - Hidden File: C:\WINDOWS\system32\wuaucpl.cpl.manifest

WP33 - File Type .AVI: [Video Clip]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:8 /Open %L
WP33 - File Type .BAT: [MS-DOS Batch File]%1 %*
WP33 - File Type .CAB: [WinZip File]C:\DOCUME~1\SUP2A\DESKTOP\WINZIP\winzip32.exe %1
WP33 - File Type .CAT: [Security Catalog]rundll32.exe cryptext.dll,CryptExtOpenCAT %1
WP33 - File Type .CHM: [Compiled HTML Help file]C:\WINDOWS\hh.exe %1
WP33 - File Type .COM: [MS-DOS Application]%1 %*
WP33 - File Type .CMD: [Windows NT Command Script]%1 %*
WP33 - File Type .DOC: [Microsoft Word Document]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
WP33 - File Type .EXE: [Application]%1 %*
WP33 - File Type .INF: [Setup Information]C:\WINDOWS\System32\NOTEPAD.EXE %1
WP33 - File Type .JS: [JScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .LOG: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .MSI: [Windows Installer Package]C:\WINDOWS\System32\msiexec.exe /i %1 %*
WP33 - File Type .MSG: [Outlook Item]C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE /f %1
WP33 - File Type .MID: [MIDI Sequence]C:\Program Files\Windows Media Player\wmplayer.exe /Open %L
WP33 - File Type .MP3: [MP3 Format Sound]C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:6 /Open %L
WP33 - File Type .PIF: [Shortcut to MS-DOS Program]%1 %*
WP33 - File Type .RAM: [Windows Media Player]C:\Program Files\Windows Media Player\wmplayer.exe %1
WP33 - File Type .REG: [Registration Entries]regedit.exe %1
WP33 - File Type .RTF: [Rich Text Format]C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde
WP33 - File Type .SBS: [Spyware supplemental file]C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe %1
WP33 - File Type .SCR: [Screen Saver]%1 /S
WP33 - File Type .TXT: [Text Document]C:\WINDOWS\system32\NOTEPAD.EXE %1
WP33 - File Type .URL: [Internet Shortcut]rundll32.exe ieframe.dll,OpenURL %l
WP33 - File Type .VBS: [VBScript Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .VBE: [VBScript Encoded Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSF: [Windows Script File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .WSH: [Windows Script Host Settings File]C:\WINDOWS\System32\WScript.exe %1 %*
WP33 - File Type .XLS: [Microsoft Excel Worksheet]C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE /e

Memory currently in use: 39%
Physical Memory Free: 910,668 KB
Paging File Free: 1,608,032 KB
Virtual Memory Free: 2,053,736 KB


--
End of file
__________________
"Friends dont let friends use Internet Explorer" Firefox is free and so much better!
"People ask me, how can I create positive change in my life? I say let someone in traffic! Just start with that!" --Serj Tankian
Post doesn't sound quite right or make any sense? refresh! i probably edited!
In South Australia? Need a new computer? Ask me about a custom build!
Cookiegal's Avatar
Administrator with 53,603 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
28-Mar-2008, 12:15 PM #11
Before we continue please do this:

Open HijackThis and click on "Config" and then on the "Misc Tools" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


Also, how old is this computer?

Was it upgraded from another operating system? If so, which one?
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
sup2a's Avatar
Computer Specs
Senior Member with 1,045 posts.
  
Join Date: Oct 2007
Location: A-town -- South Australia
Experience: Intermediate-Advanced
28-Mar-2008, 05:25 PM #12
its a little old around 1-2 years cant remember exactly... im preatty sure it hasnt been upgraded...i bought it new with xp a few (note: itsa compaq from officeworks if it makes any difference)...months i think before vista was released...why do you ask?

Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
Age of Empires III
Agere Systems PCI-SV92PP Soft Modem
Aimersoft Audio Converter(Build 1.1.32)
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Audacity 1.0.0
Avanquest update
avast! Antivirus
Bonjour
BRAINtastic
CashBook
Catz (remove only)
CD Fun&Learning Think Fast
CodecInstaller 2.8.1
Compatibility Pack for the 2007 Office system
Creative System Information
Customer Experience Enhancement
dBpoweramp m4a Codec
dBpoweramp Music Converter
Disc2Phone
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EasyCleaner
Enhanced Multimedia Keyboard Solution
ffdshow [rev 1790] [2008-01-17]
Free iPod Video Converter 1.34
Google Talk (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB929120)
Hotfix for Windows XP (KB935448)
HP Boot Optimizer
HP DVD Play 2.1
HP Extended Capabilities 5.3
HP Imaging Device Functions 7.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Premier Software 6.5
HP Solution Center & Imaging Support Tools 5.3
HP Update
iriver plus 3 (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 3
Kaspersky Online Scanner
KC Softwares VideoInspector
Kid Pix Studio Deluxe
K-Lite Codec Pack 2.82 Standard
Little Fighter 2.5 - v2.0
Luxor - Amun Rising
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motorola Driver Installation
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox (2.0.0.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero OEM
Nero Suite
PC-Doctor 5 for Windows
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Secur