1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

winspooler virus again

Discussion in 'Virus & Other Malware Removal' started by ejspin, Apr 9, 2008.

Thread Status:
Not open for further replies.
  1. ejspin

    ejspin Thread Starter

    Joined:
    Jan 5, 2005
    Messages:
    89
    I keep getting that popup about "patch applied successfully!, if your software is still trial maybe you need to install it before patch"

    Well I've looked at the threads about winspooler and I tried to follow the directions given, but of course life isn't fair and I have errors:

    I used combo fix, and that worked fine, I then downloaded SDFix and followed all the directions given: turned off antivirus thing, and rebooted in safe mode, and then ran the program but it didn't work.

    I later found out SDFix isn't compatible with Vista, but they had a catchme.exe substitution that came with the download for Vista users. Well I ran that but it keeps freezing at the same area, and doesn't finish. Maybe my configurations aren't correct? I don't know, please someone help me.

    I will have to post all my logs in separate posts because I'm not allowed to post more than so many characters at once. I will show my HJT log, my combofix log, and my catchme logs:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:15, on 2008-04-09
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\WinSpooler.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Windows\System32\WinSpooler.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Erin\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
    O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Vongo Tray.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

    --
    End of file - 9835 bytes
     
  2. ejspin

    ejspin Thread Starter

    Joined:
    Jan 5, 2005
    Messages:
    89
    My ComboFix log:

    ComboFix 08-04-08.10 - Erin 2008-04-09 11:28:03.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.918 [GMT -5:00]
    Running from: C:\Users\Erin\Desktop\ComboFix.exe
    * Created a new restore point
    .
    TimedOut: Windir.dat
    TimedOut: progfile.dat

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\KBL.LOG

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
    .

    2008-04-09 11:28 . 2008-04-09 11:28 6,736 --a------ C:\Windows\System32\drivers\PROCEXP90.SYS
    2008-04-09 11:08 . 2004-08-30 21:00 1,478,656 --a------ C:\Windows\System32\WinSpooler.exe
    2008-04-09 11:08 . 2008-04-09 11:11 37,888 --a------ C:\Windows\System32\rar.exe
    2008-04-09 11:07 . 2008-04-09 11:11 <DIR> d-a------ C:\Users\All Users\TEMP
    2008-04-09 11:07 . 2008-04-09 11:11 <DIR> d-a------ C:\ProgramData\TEMP
    2008-04-08 20:46 . 2008-04-08 20:46 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
    2008-04-08 20:39 . 2008-04-09 11:04 <DIR> d-------- C:\Users\Erin\Incomplete
    2008-04-08 20:37 . 2008-04-09 10:59 <DIR> d-------- C:\Users\Erin\AppData\Roaming\LimeWire
    2008-04-08 20:36 . 2008-04-08 20:37 <DIR> d-------- C:\Program Files\LimeWire
    2008-04-08 17:22 . 2008-04-08 17:22 944,184 --a------ C:\Windows\System32\winload.exe
    2008-04-08 17:22 . 2008-04-08 17:22 620,088 --a------ C:\Windows\System32\ci.dll
    2008-04-08 17:22 . 2008-04-08 17:22 371,712 --a------ C:\Windows\System32\srcore.dll
    2008-04-08 17:22 . 2008-04-08 17:22 313,856 --a------ C:\Windows\System32\rstrui.exe
    2008-04-08 17:22 . 2008-04-08 17:22 40,960 --a------ C:\Windows\System32\srclient.dll
    2008-04-08 17:22 . 2008-04-08 17:22 19,000 --a------ C:\Windows\System32\kd1394.dll
    2008-04-08 17:22 . 2008-04-08 17:22 16,384 --a------ C:\Windows\System32\srdelayed.exe
    2008-04-08 17:22 . 2008-04-08 17:22 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
    2008-04-08 17:22 . 2008-04-08 17:22 6,656 --a------ C:\Windows\System32\kbd106n.dll
    2008-04-08 17:21 . 2008-04-08 17:21 2,027,008 --a------ C:\Windows\System32\win32k.sys
    2008-04-08 17:21 . 2008-04-08 17:21 296,448 --a------ C:\Windows\System32\gdi32.dll
    2008-04-08 17:20 . 2008-04-08 17:20 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
    2008-04-08 17:20 . 2008-04-08 17:20 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
    2008-04-08 14:23 . 2008-04-08 14:23 <DIR> d-------- C:\Program Files\Frameworkx
    2008-04-07 13:39 . 2008-04-07 13:39 <DIR> d-------- C:\Users\Erin\AppData\Roaming\HP
    2008-04-07 13:39 . 2008-04-07 13:39 <DIR> d-------- C:\Users\Erin\AppData\Roaming\CyberLink
    2008-04-07 13:33 . 2004-03-01 23:05 407,104 --a------ C:\Windows\System32\MSHFLXGD.OCX
    2008-04-07 13:33 . 2004-02-11 15:37 203,976 --a------ C:\Windows\System32\RICHTX32.OCX
    2008-04-07 13:33 . 2002-02-13 11:20 2,362 --a------ C:\Windows\System32\mscomct2.dep
    2008-04-07 13:32 . 2002-02-14 11:26 647,872 --a------ C:\Windows\System32\mscomct2.ocx
    2008-04-07 13:32 . 2008-04-07 13:32 645,120 --a------ C:\Windows\System32\config.gms
    2008-04-07 13:09 . 2008-04-07 13:09 <DIR> d-------- C:\Program Files\MATLAB
    2008-04-07 12:25 . 2008-04-07 12:25 <DIR> d-------- C:\Users\Erin\AppData\Roaming\Design Science
    2008-04-07 12:06 . 2008-04-07 12:07 <DIR> d-------- C:\Program Files\MathType
    2008-04-07 10:58 . 2008-04-07 10:58 194,560 --a------ C:\Windows\System32\WebClnt.dll
    2008-04-07 10:58 . 2008-04-07 10:58 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
    2008-04-07 10:56 . 2008-04-07 10:56 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
    2008-04-07 10:56 . 2008-04-07 10:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
    2008-04-07 10:55 . 2008-04-07 10:55 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
    2008-04-07 10:55 . 2008-04-07 10:55 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
    2008-04-07 10:55 . 2008-04-07 10:55 7,680 --a------ C:\Windows\System32\spwmp.dll
    2008-04-07 10:55 . 2008-04-07 10:55 4,096 --a------ C:\Windows\System32\msdxm.ocx
    2008-04-07 10:55 . 2008-04-07 10:55 4,096 --a------ C:\Windows\System32\dxmasf.dll
    2008-04-07 10:53 . 2008-04-07 10:53 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-04-07 10:53 . 2008-04-07 10:53 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-04-07 10:53 . 2008-04-07 10:53 737,792 --a------ C:\Windows\System32\inetcomm.dll
    2008-04-07 10:53 . 2008-04-07 10:53 223,232 --a------ C:\Windows\System32\WMASF.DLL
    2008-04-07 10:53 . 2008-04-07 10:53 84,480 --a------ C:\Windows\System32\INETRES.dll
    2008-04-07 10:53 . 2008-04-07 10:53 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
    2008-04-07 10:53 . 2008-04-07 10:53 2,048 --a------ C:\Windows\System32\asferror.dll
    2008-04-07 10:52 . 2008-04-07 10:52 11,776 --a------ C:\Windows\System32\sbunattend.exe
    2008-04-07 10:51 . 2008-04-07 10:51 788,992 --a------ C:\Windows\System32\rpcrt4.dll
    2008-04-07 10:51 . 2008-04-07 10:51 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
    2008-04-07 10:51 . 2008-04-07 10:51 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
    2008-04-07 10:51 . 2008-04-07 10:51 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
    2008-04-07 10:51 . 2008-04-07 10:51 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
    2008-04-07 10:50 . 2008-04-07 10:50 <DIR> d-------- C:\Program Files\MSXML 4.0
    2008-04-07 10:50 . 2008-04-07 10:50 2,048 --a------ C:\Windows\System32\tzres.dll
    2008-04-07 10:46 . 2008-04-07 10:46 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2008-04-07 07:15 . 2008-04-07 07:15 44 --a------ C:\Windows\system\hpsysdrv.dat
    2008-04-06 23:39 . 2008-04-06 23:39 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
    2008-04-06 23:39 . 2008-04-06 23:39 1,524,224 --a------ C:\Windows\System32\wucltux.dll
    2008-04-06 23:39 . 2008-04-06 23:39 549,720 --a------ C:\Windows\System32\wuapi.dll
    2008-04-06 23:39 . 2008-04-06 23:39 80,896 --a------ C:\Windows\System32\wudriver.dll
    2008-04-06 23:39 . 2008-04-06 23:39 53,080 --a------ C:\Windows\System32\wuauclt.exe
    2008-04-06 23:39 . 2008-04-06 23:39 43,352 --a------ C:\Windows\System32\wups2.dll
    2008-04-06 23:39 . 2008-04-06 23:39 33,624 --a------ C:\Windows\System32\wups.dll
    2008-04-06 23:38 . 2008-04-06 23:38 163,000 --a------ C:\Windows\System32\wuwebv.dll
    2008-04-06 23:38 . 2008-04-06 23:38 31,232 --a------ C:\Windows\System32\wuapp.exe
    2008-04-06 20:19 . 2008-04-06 20:19 <DIR> d-------- C:\Users\Erin\AppData\Roaming\Yahoo!
    2008-04-06 20:19 . 2008-04-06 20:19 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
    2008-04-06 20:19 . 2008-04-06 20:19 <DIR> d-------- C:\ProgramData\Yahoo! Companion
    2008-04-06 19:12 . 2008-04-06 19:12 <DIR> d-------- C:\Users\Erin\AppData\Roaming\MathWorks
    2008-04-06 19:12 . 2008-04-07 12:31 157 --a------ C:\Windows\matlab.ini
    2008-04-06 18:56 . 2008-04-07 12:59 <DIR> d-------- C:\MATLAB7
    2008-04-05 18:05 . 2008-04-05 18:05 <DIR> d-------- C:\Program Files\Microsoft Works
    2008-04-05 18:02 . 2008-04-05 18:02 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-04-05 17:56 . 2008-04-05 17:56 <DIR> d-------- C:\Program Files\CCleaner
    2008-04-05 16:50 . 2008-04-05 16:50 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2008-04-05 15:47 . 2008-04-05 15:47 <DIR> d-------- C:\Users\Erin\AppData\Roaming\Talkback
    2008-04-05 15:47 . 2008-04-05 15:47 0 --a------ C:\Windows\nsreg.dat
    2008-04-04 23:43 . 2008-04-04 23:43 <DIR> d-------- C:\Users\Erin\AppData\Roaming\WildTangent
    2008-04-04 21:36 . 2008-04-04 21:37 <DIR> d-------- C:\Users\All Users\AOL
    2008-04-04 21:36 . 2008-04-04 21:37 <DIR> d-------- C:\ProgramData\AOL
    2008-04-04 21:33 . 2008-04-04 21:33 <DIR> d-------- C:\Users\Erin\AppData\Roaming\Symantec
    2008-04-04 21:32 . 2008-04-04 21:32 <DIR> dr------- C:\Users\Erin\Searches
    2008-04-04 21:32 . 2008-04-04 21:32 <DIR> dr------- C:\Users\Erin\Contacts
    2008-04-04 21:32 . 2008-04-04 21:32 81 --a------ C:\Windows\System32\LOG
    2008-04-04 21:28 . 2008-04-04 21:34 <DIR> d-------- C:\Users\Erin\AppData\Roaming\Hewlett-Packard
    2008-04-04 21:27 . 2008-04-04 21:27 <DIR> d-------- C:\Program Files\Yahoo!
    2008-04-04 21:26 . 2008-04-04 21:26 <DIR> d-------- C:\Users\All Users\Electronic Arts
    2008-04-04 21:26 . 2008-04-04 21:26 <DIR> d-------- C:\ProgramData\Electronic Arts
    2008-04-04 21:17 . 2008-04-04 21:17 <DIR> d-------- C:\Users\Erin\AppData\Roaming\InstallShield
    2008-04-04 21:17 . 2008-04-04 21:17 <DIR> d-------- C:\Program Files\Broadcom
    2008-04-04 21:17 . 2008-04-04 21:17 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF807149J_E459053-003_4A_I30CC_SQuanta_V79.28_F.45_T080116_WV3-0_L409_M2038_J160_7Intel_86FD_91.60_#071125_N10EC8136;14E44315_(KL320UA#ABA)_XMOBILE_CN10_Z.MRK
    2008-04-04 21:16 . 2008-04-04 21:32 <DIR> dr------- C:\Users\Erin\Videos
    2008-04-04 21:16 . 2008-04-05 19:04 <DIR> dr------- C:\Users\Erin\Saved Games
    2008-04-04 21:16 . 2008-04-04 23:02 <DIR> dr------- C:\Users\Erin\Pictures
    2008-04-04 21:16 . 2008-04-09 11:04 <DIR> d-------- C:\Users\Erin\Music
    2008-04-04 21:16 . 2008-04-04 21:32 <DIR> dr------- C:\Users\Erin\Links
    2008-04-04 21:16 . 2008-04-04 21:32 <DIR> dr------- C:\Users\Erin\Downloads

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-09 15:51 --------- d-----w C:\ProgramData\Symantec
    2008-04-09 15:36 --------- d-----w C:\ProgramData\CyberLink
    2008-04-08 22:28 --------- d-----w C:\Program Files\Windows Mail
    2008-04-08 22:26 --------- d-----w C:\ProgramData\Microsoft Help
    2008-04-08 22:17 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-04-08 22:17 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-04-08 22:17 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-04-08 22:17 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-04-07 21:14 --------- d-----w C:\Program Files\Norton Internet Security
    2008-04-07 21:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-04-07 21:10 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
    2008-04-07 21:10 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
    2008-04-07 21:10 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
    2008-04-07 21:10 --------- d-----w C:\Program Files\Symantec
    2008-04-07 18:39 --------- d-----w C:\ProgramData\HP
    2008-04-07 16:04 --------- d-----w C:\Program Files\Windows Sidebar
    2008-04-07 15:57 905,400 ----a-w C:\Windows\System32\winresume.exe
    2008-04-07 15:54 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-04-07 15:53 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-04-07 15:53 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-04-07 15:53 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-04-07 15:53 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-04-07 12:38 --------- d-----w C:\ProgramData\WildTangent
    2008-04-05 23:05 --------- d-----w C:\Program Files\MSBuild
    2008-04-05 02:34 --------- d-----w C:\ProgramData\Hewlett-Packard
    2008-04-05 02:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-05 02:17 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF807149J_E459053-003_4A_I30CC_SQuanta_V79.28_F.45_T080116_WV3-0_L409_M2038_J160_7Intel_86FD_91.60_#071125_N10EC8136;14E44315_(KL320UA#ABA)_XMOBILE_CN10_Z.MRK
    2008-03-07 02:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
    2008-03-07 02:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
    2008-03-07 02:32 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
    2008-02-20 19:52 --------- d-----w C:\Program Files\HP Games
    2008-02-20 19:49 --------- d-----w C:\Program Files\CyberLink
    2008-02-20 19:44 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-02-20 19:43 --------- d-----w C:\Program Files\HPQ
    2008-02-20 19:41 --------- d-----w C:\Program Files\HP
    2008-02-20 19:38 --------- d-----w C:\Program Files\WinTV
    2008-02-20 19:37 --------- d-----w C:\Program Files\Intel
    2008-02-20 19:36 --------- d-----w C:\Program Files\Realtek
    2008-02-20 19:35 319,456 ----a-w C:\Windows\DIFxAPI.dll
    2008-02-20 19:35 315,392 ----a-w C:\Windows\HideWin.exe
    2008-02-20 19:34 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
    2008-02-20 19:34 --------- d-----w C:\Program Files\Motorola
    2008-02-20 19:33 --------- d-----w C:\Program Files\Synaptics
    2007-11-26 04:26 174 --sha-w C:\Program Files\desktop.ini
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    2007-08-24 21:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    2008-04-05 16:00 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
    2007-08-31 14:32 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 21:51 316784]

    [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-04-07 10:52 1232896]
    "HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 19:10 1783136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-19 10:39 141848]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-19 10:38 154136]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-19 10:39 129560]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
    "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 08:34 634880]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 08:27 4702208 C:\Windows\RtHDVCpl.exe]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 01:02 174616]
    "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 22:34 181544]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 17:31 202032]
    "OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 16:54 554320]
    "UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 02:13 218408]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-25 22:44 1006264]
    "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
    "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 19:31 80896]
    "HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
    "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 11:47 480560]
    "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 18:53 311296]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 07:00 132496]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-11-26 00:22:08 53248]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
    "Windows Printing Driver"= WinSpooler.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy]
    "<NO NAME>"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
    "EnableFirewall"= 0 (0x0)
    "<NO NAME>"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
    "<NO NAME>"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
    "<NO NAME>"=
    "C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{334D7D46-1D66-4022-9908-87E1DE0A7302}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{BB94DB1A-C77D-4DCA-92AD-54C57CE00BEE}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{024EC2AC-121D-42C7-B3BF-433BBDDF1748}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{7B7D14B1-C7CA-4E65-A56B-B4E6D0B1FF4B}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{547192FF-6A40-4864-9D00-AFECDB174310}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{391B6388-EF39-4888-80F0-848D80BEDBAC}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{F03776F8-FA59-4F49-A87C-38E4C8EA9856}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{83C3586C-66B5-4931-BFDD-44D97CCBE7FF}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{A6CFE4D9-FAAA-4D67-8343-52AB596F832C}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
    "{98755701-87BD-4173-87A6-6A8ED91A0E5D}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
    "{0B3F9B95-D909-4490-9659-7538E217CF79}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{D8278C77-ABEB-4789-8B1F-84F5A7B1931E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{C059ADFB-04AB-42A9-8452-CDEF07FA1896}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{748DA3D1-D9D0-484F-BED3-B1114D0FC3C4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{AFDAFF64-A1DD-46D9-ABA2-C99195F5E197}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{0AFD7480-F741-43F3-B348-201C2180ED12}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
    "{3BD904DF-39F8-4909-A374-5DC5EE9BA753}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080407.003\IDSvix86.sys [2008-03-20 15:37]
    R2 LiveUpdate Notice;LiveUpdate Notice;"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
    R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 22:34]
    R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 22:34]
    R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
    R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 13:30]
    R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 10:23]
    R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 14:50]
    S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-08 15:26]
    S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-03-28 18:04]
    S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 18:27]

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-08 02:04:38 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Erin.job"
    - c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
    "2008-04-09 15:40:33 C:\Windows\Tasks\User_Feed_Synchronization-{8CA77E53-875A-4632-A28C-8DDA451A8C08}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-09 11:33:30
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-04-09 11:35:45
    ComboFix-quarantined-files.txt 2008-04-09 16:35:33
    Pre-Run: 102,460,575,744 bytes free
    Post-Run: 102,433,918,976 bytes free
    .
    2008-04-08 22:26:28 --- E O F ---
     
  3. ejspin

    ejspin Thread Starter

    Joined:
    Jan 5, 2005
    Messages:
    89
    My catchme log, this is the one that doesn't finish:

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-09 13:33:33
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    IPC error: 2 The system cannot find the file specified.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/702084

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice