1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: I need a lot of help

Discussion in 'Virus & Other Malware Removal' started by cheyanne5657, Sep 26, 2008.

Thread Status:
Not open for further replies.
  1. cheyanne5657

    cheyanne5657 Thread Starter

    Joined:
    Sep 26, 2008
    Messages:
    3
    Ok so I know my compute has trojans and infections, but don't know how to rid of them and make my computer work better. I don't know what the infections are cause malware says NO, but I heard I have a trojan stubby, whatever that is. So I was hoping maybe somebody could tell me where to begin. I have tried and spent hours upon hours researching each file but there is just to many to know what is what. :eek::eek::eek:
     
  2. cheyanne5657

    cheyanne5657 Thread Starter

    Joined:
    Sep 26, 2008
    Messages:
    3
    Okay so since no response I thought maybe if I put more information here I might get a response. Here is my Hijackthis log....

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:50:24 AM, on 10/7/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\cleanmgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    --
    End of file - 6022 bytes


    Also I ran spyware doctor and it comes back with 7 infections, 1 of which is C:\WINDOWS\inf\morphstb.inf, the other 6 are spyware and in the folder C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\Error Protector Free and \Data.
    Now when I type the C:\WINDOWS\inf\morphstb.inf in the RUN and click browse it comes up with 2 files IEM and unregmp2. When I run regedit under inf I get HKEY_CLASSES_ROOT\.inf\PersistentHandler. I haven't deleted anything as I said I am a beginner. If anybody can help please do...
     
  3. cheyanne5657

    cheyanne5657 Thread Starter

    Joined:
    Sep 26, 2008
    Messages:
    3
    I ran combofix, it deleted the files I was referencing. Here is the report

    ComboFix 08-10-06.06 - Compaq_Owner 2008-10-07 10:20:00.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1127 [GMT -4:00]
    Running from: C:\Documents and Settings\Compaq_Owner.JODY\Desktop\ComboFix.exe
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\All Users\Application Data\ErrorProtector Free
    C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\Abbr
    C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\ActivationCode
    C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\HOURS
    C:\Documents and Settings\All Users\Application Data\ErrorProtector Free\Data\ProductCode
    C:\Documents and Settings\Compaq_Owner\Application Data\ErrorProtector Free
    C:\Documents and Settings\Compaq_Owner\Application Data\ErrorProtector Free\Logs\update.log
    C:\WINDOWS\Downloaded Program Files\setup.inf
    D:\Autorun.inf
    .
    ((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
    .
    2008-10-07 09:45 . 2008-10-07 10:17 <DIR> d-------- C:\327882R2FWJFW
    2008-10-07 09:34 . 2008-10-07 09:37 <DIR> d-------- C:\Program Files\Exterminate It!
    2008-10-07 09:16 . 2008-10-07 09:16 <DIR> d-------- C:\Program Files\Trend Micro
    2008-10-06 16:14 . 2008-10-06 16:14 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.JODY\Application Data\Uniblue
    2008-10-06 09:19 . 2008-10-06 09:19 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.JODY\Application Data\Template
    2008-09-26 21:49 . 2008-10-07 10:15 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-09-26 21:49 . 2008-09-26 21:50 <DIR> d-------- C:\Program Files\Common Files\PC Tools
    2008-09-26 21:49 . 2008-09-26 21:49 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.JODY\Application Data\PC Tools
    2008-09-26 21:49 . 2008-09-26 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
    2008-09-26 21:49 . 2008-07-28 11:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
    2008-09-26 21:49 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-09-26 21:49 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-09-26 21:49 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-09-26 21:49 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-09-26 19:34 . 2008-09-26 19:34 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.JODY\Application Data\MSNInstaller
    2008-09-18 19:18 . 2008-10-07 10:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-13 14:09 . 2008-09-13 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-09-13 06:59 . 2008-09-13 06:59 <DIR> d-------- C:\Program Files\Microsoft Calculator Plus
    2008-09-11 16:41 . 2008-09-13 16:08 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.JODY\Application Data\Yahoo!
    2008-09-10 05:12 . 2008-09-10 05:12 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.JODY\Application Data\Windows Search
    2008-09-07 05:21 . 2008-09-07 05:21 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.JODY\Application Data\Windows Desktop Search
    2008-09-07 05:20 . 2008-09-07 05:20 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
    2008-09-07 05:20 . 2008-09-07 05:20 <DIR> d-------- C:\Program Files\Windows Desktop Search
    2008-09-07 05:19 . 2008-03-07 13:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
    2008-09-07 05:19 . 2008-03-07 13:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
    2008-09-07 05:19 . 2008-03-07 13:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
    2008-09-07 05:18 . 2008-09-07 05:18 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-06 21:54 --------- d-----w C:\Program Files\Uniblue
    2008-09-27 00:56 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
    2008-09-27 00:49 --------- d-----w C:\Program Files\Common Files\Real
    2008-09-18 21:50 155,995 ----a-w C:\WINDOWS\java\Packages\SZZR9RXR.ZIP
    2008-09-13 17:32 --------- d-----w C:\Program Files\Yahoo!
    2008-09-05 01:19 --------- d-----w C:\Documents and Settings\Compaq_Owner.JODY\Application Data\Malwarebytes
    2008-09-05 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-05 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-09-02 01:19 --------- d-----w C:\Documents and Settings\Compaq_Owner.JODY\Application Data\AdobeUM
    2008-09-01 22:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
    2008-09-01 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-09-01 22:16 98,304 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\PluginCtrl.dll
    2008-09-01 22:16 69,632 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\msxmlwrapper.dll
    2008-09-01 22:16 5,632 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\GUI.dll
    2008-09-01 22:16 434,176 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\motivede.dll
    2008-09-01 22:16 28,672 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\InetWrap.dll
    2008-09-01 22:16 159,744 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\PCHButton.exe
    2008-09-01 22:16 139,264 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\ContentUpdater.exe
    2008-09-01 22:15 77,824 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\WinVerifyTrust.dll
    2008-09-01 22:15 69,632 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\msxmlwrapper.dll
    2008-09-01 22:15 36,864 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\gnu.dll
    2008-09-01 22:15 344,064 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\api.dll
    2008-09-01 22:15 32,768 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\pchapi.dll
    2008-09-01 22:15 315,392 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\pchmsxml.dll
    2008-09-01 22:15 3,072 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\pchealthde.exe
    2008-09-01 22:15 213,089 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\motive.zip
    2008-09-01 22:15 155,877 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\js.zip
    2008-09-01 22:15 114,688 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Presario\XPHWWRF4Duet\plugin\bin\jsharpde\ZipLib.dll
    2008-09-01 08:55 --------- d-----w C:\Program Files\Java
    2008-09-01 08:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-01 08:53 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-09-01 00:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-08-31 23:57 --------- d-----w C:\Program Files\Symantec
    2008-08-31 23:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-08-31 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-31 23:28 4,086 --sha-r C:\WINDOWS\system32\drivers\HP_PJ534AA-ABA SR1250NX NA440_YC_Pres_QMXK444_E44NAheRET4_4_IGrouper_SASUSTeK Computer INC._V1.xx_B3.09_T041011_WXH2_L409_M1536_J164_7Intel_8Pentium 4_92.93_111063044_N10EC8139_P_Z_K_A_U80862658_G10DE0391.MRK
    2008-08-31 06:12 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
    2008-08-29 10:36 --------- d-----w C:\Program Files\Bonjour
    2008-08-27 19:33 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AVGTOOLBAR
    2008-08-17 21:40 --------- d-----w C:\Program Files\AVG
    2008-08-16 04:13 0 ----a-w C:\Documents and Settings\Compaq_Owner\jagex_runescape_preferences.dat
    2008-08-09 01:30 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\iWin
    2008-08-08 21:16 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\GameHouse
    2008-08-08 21:16 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Eyeblaster
    2008-08-08 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
    2008-08-08 01:32 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts
    2008-08-07 19:20 --------- d-----w C:\Program Files\MySpace
    2008-07-21 20:14 9,728 ----a-w C:\WINDOWS\system32\RtNicProp32.dll
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2007-02-14 04:35 536 -c--a-w C:\Program Files\Shortcut to microsoft frontpage.lnk
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
    "nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
    backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
    --a------ 2003-09-12 23:13 98304 C:\WINDOWS\system32\ps2.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a--c--- 2004-08-10 11:28 98304 C:\Program Files\QuickTime\qttask.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
    --a------ 2003-12-18 02:31 118784 C:\WINDOWS\CREATOR\Remind_XP.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2004-08-10 11:04 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
    --a------ 2005-09-21 15:32 2807808 C:\WINDOWS\ALCWZRD.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2005-09-22 13:36 14854144 C:\WINDOWS\RTHDCPL.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    --a------ 2005-09-21 10:24 86016 C:\WINDOWS\SOUNDMAN.EXE
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 160792]
    R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-04 36224]
    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder
    2008-09-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 15:21]
    2008-10-06 C:\WINDOWS\Tasks\RegCure Program Check.job
    - C:\Program Files\RegCure\RegCure.exe []
    .
    - - - - ORPHANS REMOVED - - - -
    HKLM-Run-VTTimer - VTTimer.exe
    MSConfigStartUp-KBD - C:\HP\KBD\KBD.EXE

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com
    R0 -: HKCU-Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
    R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
    R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-07 10:22:45
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2008-10-07 10:24:16
    ComboFix-quarantined-files.txt 2008-10-07 14:24:12
    Pre-Run: 138,646,908,928 bytes free
    Post-Run: 138,641,223,680 bytes free
    205 --- E O F --- 2008-09-10 09:45:23

    New Hijackthis report...................
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:26:03 AM, on 10/7/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    --
    End of file - 4667 bytes

    I think the problem is fixed. (y)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/753674

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice