Solved: I need a lot of help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

cheyanne5657

Thread Starter
Joined
Sep 26, 2008
Messages
3
Ok so I know my compute has trojans and infections, but don't know how to rid of them and make my computer work better. I don't know what the infections are cause malware says NO, but I heard I have a trojan stubby, whatever that is. So I was hoping maybe somebody could tell me where to begin. I have tried and spent hours upon hours researching each file but there is just to many to know what is what. :eek::eek::eek:
 

cheyanne5657

Thread Starter
Joined
Sep 26, 2008
Messages
3
Okay so since no response I thought maybe if I put more information here I might get a response. Here is my Hijackthis log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:24 AM, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 6022 bytes


Also I ran spyware doctor and it comes back with 7 infections, 1 of which is C:\WINDOWS\inf\morphstb.inf, the other 6 are spyware and in the folder C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\Error Protector Free and \Data.
Now when I type the C:\WINDOWS\inf\morphstb.inf in the RUN and click browse it comes up with 2 files IEM and unregmp2. When I run regedit under inf I get HKEY_CLASSES_ROOT\.inf\PersistentHandler. I haven't deleted anything as I said I am a beginner. If anybody can help please do...
 

cheyanne5657

Thread Starter
Joined
Sep 26, 2008
Messages
3
I ran combofix, it deleted the files I was referencing. Here is the report

ComboFix 08-10-06.06 - Compaq_Owner 2008-10-07 10:20:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1127 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Owner.JODY\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\Abbr
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\ActivationCode
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\HOURS
C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\ProductCode
C:\Documents and Settings\Compaq_Owner\Application Data\ErrorProtector Free
C:\Documents and Settings\Compaq_Owner\Application Data\ErrorProtector Free\Logs\update.log
C:\WINDOWS\Downloaded Program Files\setup.inf
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.
2008-10-07 09:45 . 2008-10-07 10:17 <DIR> d-------- C:\327882R2FWJFW
2008-10-07 09:34 . 2008-10-07 09:37 <DIR> d-------- C:\Program Files\Exterminate It!
2008-10-07 09:16 . 2008-10-07 09:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-06 16:14 . 2008-10-06 16:14 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.JODY\Application Data\Uniblue
2008-10-06 09:19 . 2008-10-06 09:19 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.JODY\Application Data\Template
2008-09-26 21:49 . 2008-10-07 10:15 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-09-26 21:49 . 2008-09-26 21:50 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-09-26 21:49 . 2008-09-26 21:49 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.JODY\Application Data\PC Tools
2008-09-26 21:49 . 2008-09-26 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-09-26 21:49 . 2008-07-28 11:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-09-26 21:49 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-26 21:49 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-26 21:49 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-26 21:49 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-09-26 19:34 . 2008-09-26 19:34 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.JODY\Application Data\MSNInstaller
2008-09-18 19:18 . 2008-10-07 10:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-13 14:09 . 2008-09-13 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-13 06:59 . 2008-09-13 06:59 <DIR> d-------- C:\Program Files\Microsoft Calculator Plus
2008-09-11 16:41 . 2008-09-13 16:08 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.JODY\Application Data\Yahoo!
2008-09-10 05:12 . 2008-09-10 05:12 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.JODY\Application Data\Windows Search
2008-09-07 05:21 . 2008-09-07 05:21 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.JODY\Application Data\Windows Desktop Search
2008-09-07 05:20 . 2008-09-07 05:20 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-09-07 05:20 . 2008-09-07 05:20 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-09-07 05:19 . 2008-03-07 13:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-09-07 05:19 . 2008-03-07 13:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-09-07 05:19 . 2008-03-07 13:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-09-07 05:18 . 2008-09-07 05:18 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 21:54 --------- d-----w C:\Program Files\Uniblue
2008-09-27 00:56 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2008-09-27 00:49 --------- d-----w C:\Program Files\Common Files\Real
2008-09-18 21:50 155,995 ----a-w C:\WINDOWS\java\Packages\SZZR9RXR.ZIP
2008-09-13 17:32 --------- d-----w C:\Program Files\Yahoo!
2008-09-05 01:19 --------- d-----w C:\Documents and Settings\Compaq_Owner.JODY\Application Data\Malwarebytes
2008-09-05 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-05 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-02 01:19 --------- d-----w C:\Documents and Settings\Compaq_Owner.JODY\Application Data\AdobeUM
2008-09-01 22:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-01 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-01 22:16 98,304 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\PluginCtrl.dll
2008-09-01 22:16 69,632 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\msxmlwrapper.dll
2008-09-01 22:16 5,632 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\GUI.dll
2008-09-01 22:16 434,176 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\motivede.dll
2008-09-01 22:16 28,672 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\InetWrap.dll
2008-09-01 22:16 159,744 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\PCHButton.exe
2008-09-01 22:16 139,264 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\ContentUpdater.exe
2008-09-01 22:15 77,824 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\WinVerifyTrust.dll
2008-09-01 22:15 69,632 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\msxmlwrapper.dll
2008-09-01 22:15 36,864 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\gnu.dll
2008-09-01 22:15 344,064 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\api.dll
2008-09-01 22:15 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\pchapi.dll
2008-09-01 22:15 315,392 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\pchmsxml.dll
2008-09-01 22:15 3,072 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\pchealthde.exe
2008-09-01 22:15 213,089 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\motive.zip
2008-09-01 22:15 155,877 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\js.zip
2008-09-01 22:15 114,688 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\ZipLib.dll
2008-09-01 08:55 --------- d-----w C:\Program Files\Java
2008-09-01 08:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-01 08:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-09-01 00:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-31 23:57 --------- d-----w C:\Program Files\Symantec
2008-08-31 23:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-31 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-31 23:28 4,086 --sha-r C:\WINDOWS\system32\drivers\HP_PJ534AA-ABA SR1250NX NA440_YC_Pres_QMXK444_E44NAheRET4_4_IGrouper_SASUSTeK Computer INC._V1.xx_B3.09_T041011_WXH2_L409_M1536_J164_7Intel_8Pentium 4_92.93_111063044_N10EC8139_P_Z_K_A_U80862658_G10DE0391.MRK
2008-08-31 06:12 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2008-08-29 10:36 --------- d-----w C:\Program Files\Bonjour
2008-08-27 19:33 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AVGTOOLBAR
2008-08-17 21:40 --------- d-----w C:\Program Files\AVG
2008-08-16 04:13 0 ----a-w C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat
2008-08-09 01:30 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\iWin
2008-08-08 21:16 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\GameHouse
2008-08-08 21:16 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Eyeblaster
2008-08-08 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-08-08 01:32 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts
2008-08-07 19:20 --------- d-----w C:\Program Files\MySpace
2008-07-21 20:14 9,728 ----a-w C:\WINDOWS\system32\RtNicProp32.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2007-02-14 04:35 536 -c--a-w C:\Program Files\Shortcut to microsoft frontpage.lnk
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2003-09-12 23:13 98304 C:\WINDOWS\system32\ps2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2004-08-10 11:28 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2003-12-18 02:31 118784 C:\WINDOWS\CREATOR\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2004-08-10 11:04 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2005-09-21 15:32 2807808 C:\WINDOWS\ALCWZRD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-09-21 10:24 86016 C:\WINDOWS\SOUNDMAN.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 160792]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-04 36224]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-09-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 15:21]
2008-10-06 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe []
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-VTTimer - VTTimer.exe
MSConfigStartUp-KBD - C:\HP\KBD\KBD.EXE

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com
R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 10:22:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-07 10:24:16
ComboFix-quarantined-files.txt 2008-10-07 14:24:12
Pre-Run: 138,646,908,928 bytes free
Post-Run: 138,641,223,680 bytes free
205 --- E O F --- 2008-09-10 09:45:23

New Hijackthis report...................
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:03 AM, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 4667 bytes

I think the problem is fixed. (y)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top