GaaraOfSand
Thread Starter
- Joined
- Oct 27, 2007
- Messages
- 5
ComboFix 07-10-29.1 - Bear 2007-10-30 15:24:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.231 [GMT 8:00]Running from: C:\Documents and Settings\Bear\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Bear\My Documents\internet.lnk
C:\Program Files\meex.exe
C:\temp\svchost.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.
2007-10-30 15:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 15:23 32 ---hs---- C:\Program Files\DLD.DAT
2007-10-29 17:11 42,496 --a------ C:\WINDOWS\system32\sexit.dat
2007-10-29 16:33 <DIR> d-------- C:\temp
2007-10-29 16:29 28,601 ---hs---- C:\Program Files\meex.exe
2007-10-29 16:11 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-28 14:28 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-28 12:07 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-27 18:45 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\CyberLink
2007-10-27 15:16 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-17 01:16 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\Leadertech
2007-10-02 22:44 <DIR> d-------- C:\Program Files\EA GAMES
2007-10-02 20:18 <DIR> d-------- C:\Program Files\Valve
2007-10-02 05:52 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\Sports Interactive
2007-10-02 05:49 <DIR> d-------- C:\Program Files\Zero G Registry
2007-10-02 05:49 <DIR> d-------- C:\Program Files\Sports Interactive
2007-10-01 02:14 1,060 --a------ C:\WINDOWS\unins000.dat
2007-09-30 22:40 <DIR> d-------- C:\Program Files\AuditionSEA
2007-09-30 21:02 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2007-09-30 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-09-26 06:55 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-09-25 13:45 <DIR> d-------- C:\Program Files\Take2 Interactive
2007-09-17 13:17 <DIR> d-------- C:\Documents and Settings\Bear\UserData
2007-09-16 16:36 <DIR> d-------- C:\Program Files\Ares
2007-09-13 21:47 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\HP
2007-09-13 17:14 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-09-13 17:14 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\NHN Corporation
2007-09-13 17:14 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-13 17:08 <DIR> d-------- C:\ijji
2007-09-13 17:07 <DIR> d--h----- C:\Documents and Settings\Bear\Application Data\ijjigame
2007-09-13 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-09-13 16:56 <DIR> d-------- C:\Program Files\DriftCity
2007-09-13 13:34 <DIR> d-------- C:\Documents and Settings\Bear\keel
2007-09-13 13:32 <DIR> d-------- C:\Documents and Settings\Bear\oni
2007-09-13 13:31 <DIR> d-------- C:\Program Files\AsiaSoft Online
2007-09-13 13:31 <DIR> d-------- C:\Documents and Settings\Bear\Contacts
2007-09-13 13:17 1,412 --a------ C:\WINDOWS\mozver.dat
2007-09-13 13:16 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-13 13:14 <DIR> d-------- C:\Program Files\MSN Messenger
2007-09-13 12:46 <DIR> d---s---- C:\Documents and Settings\Bear\Temporary Internet Files
2007-09-13 12:46 <DIR> d---s---- C:\Documents and Settings\Bear\History
2007-09-13 12:45 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\Symantec
2007-09-13 12:41 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-09-13 12:41 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-09-13 12:41 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-09-13 12:41 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-09-13 12:41 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-09-13 12:41 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-09-13 12:41 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-09-13 12:41 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-09-13 12:41 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-27 07:29 --------- d-----w C:\Program Files\Google
2007-10-16 14:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-13 19:27 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-13 19:27 --------- d-----w C:\Program Files\Synaptics
2007-09-13 19:27 --------- d-----w C:\Program Files\Symantec
2007-09-13 19:27 --------- d-----w C:\Program Files\Sonic
2007-09-13 19:26 --------- d-----w C:\Program Files\Oberon Media
2007-09-13 19:25 --------- d-----w C:\Program Files\Norton Internet Security
2007-09-13 19:25 --------- d-----w C:\Program Files\NetWaiting
2007-09-13 19:24 --------- d-----w C:\Program Files\muvee Technologies
2007-09-13 19:24 --------- d-----w C:\Program Files\Microsoft Works
2007-09-13 19:24 --------- d-----w C:\Program Files\Microsoft Money 2005
2007-09-13 19:24 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-13 19:23 --------- d-----w C:\Program Files\Intel
2007-09-13 19:23 --------- d-----w C:\Program Files\HPQ
2007-09-13 19:23 --------- d-----w C:\Program Files\HP
2007-09-13 19:23 --------- d-----w C:\Program Files\Hewlett-Packard
2007-09-13 19:22 --------- d-----w C:\Program Files\DivX
2007-09-13 19:22 --------- d-----w C:\Program Files\CONEXANT
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\Oberon Media
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\Java
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-13 19:21 --------- d-----w C:\Program Files\Common Files\HP
2007-09-13 19:21 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-09-13 05:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-09-13 05:06 --------- d-----w C:\Program Files\Java
2007-09-13 04:46 1,787 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario V3000 (RL376PA#UUF)_YN_0Pres_Q2CE7022BF6_E433343372_46_I30B2_SWistron_V61.44_BF.13_T061117_WXH2_L409_M503_J60_7Intel_8T2250_91.73_#070112_N14E44311_(RL376PA#UUF)_XMOBILE_CN10_Z_2F.13_G808627A2.MRK
2007-07-30 11:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 11:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 11:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 11:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 11:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 11:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 11:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 11:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 11:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 11:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 11:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 11:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 11:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 11:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 11:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-09 13:09 584,192 ----a-w C:\WINDOWS\system32\rpcrt4(2).dll
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 13:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-23 19:07 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 22:27]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [2005-09-30 20:33]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-03 14:59]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 13:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 16:18]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 21:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 21:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 21:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 21:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 21:00]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"mvpgtdf"="C:\Program Files\Common Files\System\qnegbyv.exe" [2005-08-25 06:09]
"vqrycmb"="C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe" [2005-08-25 06:09]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-13 12:48]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-17 05:54]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-25 00:39:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQLiveUpdate.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQSC.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQUpdateCenter.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rstrui.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Timwp.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
R2 Messager;Messager;c:\temp\svchost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35d1a31-85f8-11dc-b7eb-0016d31c3b0a}]
Auto\command - F:\auto.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
explore\Command - F:\vqrycmb.exe
open\Command - F:\vqrycmb.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35d1a32-85f8-11dc-b7eb-0016d31c3b0a}]
Auto\command - auto.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
explore\Command - G:\vqrycmb.exe
open\Command - G:\vqrycmb.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - MESSAGER
.
Contents of the 'Scheduled Tasks' folder
"2007-01-12 12:17:18 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 15:27:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? [email protected][email protected]? [email protected][email protected]
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-30 15:27:21
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:44 PM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\System\qnegbyv.exe
C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\temp\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mvpgtdf] C:\Program Files\Common Files\System\qnegbyv.exe
O4 - HKLM\..\Run: [vqrycmb] C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Messager - Unknown owner - c:\temp\svchost.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8805 bytes
I'm Not Sure Why Everytime I Go To My Thread Firefox Automatically Closes. So I Decided To Start A New Thread. This Is Regarding Worms Virus
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.231 [GMT 8:00]Running from: C:\Documents and Settings\Bear\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Bear\My Documents\internet.lnk
C:\Program Files\meex.exe
C:\temp\svchost.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.
2007-10-30 15:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-30 15:23 32 ---hs---- C:\Program Files\DLD.DAT
2007-10-29 17:11 42,496 --a------ C:\WINDOWS\system32\sexit.dat
2007-10-29 16:33 <DIR> d-------- C:\temp
2007-10-29 16:29 28,601 ---hs---- C:\Program Files\meex.exe
2007-10-29 16:11 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-28 14:28 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-10-28 12:07 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-27 18:45 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\CyberLink
2007-10-27 15:16 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-17 01:16 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\Leadertech
2007-10-02 22:44 <DIR> d-------- C:\Program Files\EA GAMES
2007-10-02 20:18 <DIR> d-------- C:\Program Files\Valve
2007-10-02 05:52 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\Sports Interactive
2007-10-02 05:49 <DIR> d-------- C:\Program Files\Zero G Registry
2007-10-02 05:49 <DIR> d-------- C:\Program Files\Sports Interactive
2007-10-01 02:14 1,060 --a------ C:\WINDOWS\unins000.dat
2007-09-30 22:40 <DIR> d-------- C:\Program Files\AuditionSEA
2007-09-30 21:02 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2007-09-30 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-09-26 06:55 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-09-25 13:45 <DIR> d-------- C:\Program Files\Take2 Interactive
2007-09-17 13:17 <DIR> d-------- C:\Documents and Settings\Bear\UserData
2007-09-16 16:36 <DIR> d-------- C:\Program Files\Ares
2007-09-13 21:47 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\HP
2007-09-13 17:14 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-09-13 17:14 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\NHN Corporation
2007-09-13 17:14 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-13 17:08 <DIR> d-------- C:\ijji
2007-09-13 17:07 <DIR> d--h----- C:\Documents and Settings\Bear\Application Data\ijjigame
2007-09-13 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-09-13 16:56 <DIR> d-------- C:\Program Files\DriftCity
2007-09-13 13:34 <DIR> d-------- C:\Documents and Settings\Bear\keel
2007-09-13 13:32 <DIR> d-------- C:\Documents and Settings\Bear\oni
2007-09-13 13:31 <DIR> d-------- C:\Program Files\AsiaSoft Online
2007-09-13 13:31 <DIR> d-------- C:\Documents and Settings\Bear\Contacts
2007-09-13 13:17 1,412 --a------ C:\WINDOWS\mozver.dat
2007-09-13 13:16 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-13 13:14 <DIR> d-------- C:\Program Files\MSN Messenger
2007-09-13 12:46 <DIR> d---s---- C:\Documents and Settings\Bear\Temporary Internet Files
2007-09-13 12:46 <DIR> d---s---- C:\Documents and Settings\Bear\History
2007-09-13 12:45 <DIR> d-------- C:\Documents and Settings\Bear\Application Data\Symantec
2007-09-13 12:41 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-09-13 12:41 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-09-13 12:41 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-09-13 12:41 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-09-13 12:41 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-09-13 12:41 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-09-13 12:41 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-09-13 12:41 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-09-13 12:41 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-27 07:29 --------- d-----w C:\Program Files\Google
2007-10-16 14:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-13 19:27 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-13 19:27 --------- d-----w C:\Program Files\Synaptics
2007-09-13 19:27 --------- d-----w C:\Program Files\Symantec
2007-09-13 19:27 --------- d-----w C:\Program Files\Sonic
2007-09-13 19:26 --------- d-----w C:\Program Files\Oberon Media
2007-09-13 19:25 --------- d-----w C:\Program Files\Norton Internet Security
2007-09-13 19:25 --------- d-----w C:\Program Files\NetWaiting
2007-09-13 19:24 --------- d-----w C:\Program Files\muvee Technologies
2007-09-13 19:24 --------- d-----w C:\Program Files\Microsoft Works
2007-09-13 19:24 --------- d-----w C:\Program Files\Microsoft Money 2005
2007-09-13 19:24 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-13 19:23 --------- d-----w C:\Program Files\Intel
2007-09-13 19:23 --------- d-----w C:\Program Files\HPQ
2007-09-13 19:23 --------- d-----w C:\Program Files\HP
2007-09-13 19:23 --------- d-----w C:\Program Files\Hewlett-Packard
2007-09-13 19:22 --------- d-----w C:\Program Files\DivX
2007-09-13 19:22 --------- d-----w C:\Program Files\CONEXANT
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\Oberon Media
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\Java
2007-09-13 19:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-13 19:21 --------- d-----w C:\Program Files\Common Files\HP
2007-09-13 19:21 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-09-13 19:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-09-13 05:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-09-13 05:06 --------- d-----w C:\Program Files\Java
2007-09-13 04:46 1,787 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario V3000 (RL376PA#UUF)_YN_0Pres_Q2CE7022BF6_E433343372_46_I30B2_SWistron_V61.44_BF.13_T061117_WXH2_L409_M503_J60_7Intel_8T2250_91.73_#070112_N14E44311_(RL376PA#UUF)_XMOBILE_CN10_Z_2F.13_G808627A2.MRK
2007-07-30 11:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 11:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 11:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 11:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 11:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 11:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 11:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 11:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 11:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 11:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 11:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 11:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 11:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 11:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 11:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-09 13:09 584,192 ----a-w C:\WINDOWS\system32\rpcrt4(2).dll
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 13:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-23 19:07 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 22:27]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [2005-09-30 20:33]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-03 14:59]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 13:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 16:18]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 21:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 21:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 21:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 21:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 21:00]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"mvpgtdf"="C:\Program Files\Common Files\System\qnegbyv.exe" [2005-08-25 06:09]
"vqrycmb"="C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe" [2005-08-25 06:09]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-13 12:48]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-17 05:54]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-25 00:39:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQLiveUpdate.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQSC.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQUpdateCenter.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rstrui.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Timwp.exe]
Debugger=C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
R2 Messager;Messager;c:\temp\svchost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35d1a31-85f8-11dc-b7eb-0016d31c3b0a}]
Auto\command - F:\auto.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
explore\Command - F:\vqrycmb.exe
open\Command - F:\vqrycmb.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d35d1a32-85f8-11dc-b7eb-0016d31c3b0a}]
Auto\command - auto.exe
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
explore\Command - G:\vqrycmb.exe
open\Command - G:\vqrycmb.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - MESSAGER
.
Contents of the 'Scheduled Tasks' folder
"2007-01-12 12:17:18 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 15:27:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? [email protected][email protected]? [email protected][email protected]
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-30 15:27:21
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:44 PM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\System\qnegbyv.exe
C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\temp\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mvpgtdf] C:\Program Files\Common Files\System\qnegbyv.exe
O4 - HKLM\..\Run: [vqrycmb] C:\Program Files\Common Files\Microsoft Shared\rknkjxv.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SG&c=64&bd=presario&pf=laptop
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Messager - Unknown owner - c:\temp\svchost.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8805 bytes
I'm Not Sure Why Everytime I Go To My Thread Firefox Automatically Closes. So I Decided To Start A New Thread. This Is Regarding Worms Virus