Solve : Trojan Need Some Help!?

1.	Solve : Trojan Need Some Help!?
Answer» I have a laptop that has some trojans on it. I was wondering if there was a fix so I don't have to do a reapair install? I will LATER run Combofix and send you guys the log after the antivirus programs run. Zone Alarm Anti Virus caught these: not-a-virus:AdWare.Win32.Agent.aeh Trojan-Downloader.Win32.Zlob.ods Trojan.Win32.Buzus.hpp ....................................... ........... ............... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:03:03 PM, on 7/14/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet EXPLORER v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF READER Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavili on&pf=laptop O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/...ws-i586-jc.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: APITRAP.DLL,avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 9648 bytesWe don't need a combofix log at this point. What we do need are the logs from hereI'm already ahead of you. I'm running those scans right now. Zone Alarm has them quarantined.The HJT log looks fine by the way besides needing to update Java. If ZA quarantined the files then you are probably OK. It never hurts to run SAS and MBAM just to be sure though.I keep getting these errors that say do you want to send this report to Microsoft. It won't let me install programs like windows media player. closes with an error do you want to send this report to Microsoft. Also Doctor Watson had a error and wanted it to be sent to Microsoft.Sounds like you may have something going on that HJT cant see. Best to see what the other scans find and then we will do some more if needed.Is there a program or patch for those Trojans?ZA caught them so you already have one...Maybe... But aparently it has caused damage to the data.I'm thinking rootkit maybe. Quote from: evilfantasy on July 14, 2008, 03:05:12 PM I'm thinking rootkit maybe. What do you suggest then? ComboFix 08-07-14.2 - David 2008-07-14 14:01:45.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.475 [GMT -7:00] Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))) . 2008-07-14 13:02 . 2008-07-14 13:02 d-------- C:\Program Files\Trend Micro 2008-07-14 08:27 . 2008-07-14 08:27 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-07-14 06:47 . 2008-07-14 06:47 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-07-14 06:46 . 2008-07-14 06:46 d-------- C:\Program Files\SUPERAntiSpyware 2008-07-14 06:46 . 2008-07-14 06:46 d-------- C:\Documents and Settings\David\Application Data\SUPERAntiSpyware.com 2008-07-14 06:44 . 2008-07-14 06:44 d-------- C:\Documents and Settings\David\Application Data\Malwarebytes 2008-07-14 06:43 . 2008-07-14 12:41 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-14 06:43 . 2008-07-14 06:43 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-14 06:43 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-14 06:43 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-14 06:41 . 2008-07-14 12:40 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-07-14 06:41 . 2008-07-14 06:41 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old 2008-07-14 06:41 . 2008-07-14 12:40 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-07-14 06:40 . 2008-07-14 12:41 d-------- C:\WINDOWS\system32\drivers\Avg 2008-07-14 06:40 . 2008-07-14 06:40 d-------- C:\Program Files\AVG 2008-07-14 06:40 . 2008-07-14 06:40 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-07-14 06:36 . 2008-07-14 06:36 d-------- C:\Program Files\CCleaner 2008-07-13 20:55 . 2008-07-14 08:29 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb 2008-07-13 20:55 . 2008-07-14 08:29 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb 2008-07-13 10:11 . 2008-07-13 10:11 d-------- C:\WINDOWS\Logs 2008-07-13 09:54 . 2008-07-13 09:54 d-------- C:\Program Files\Netflix 2008-06-20 10:46 . 2008-06-20 10:46 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 10:46 . 2008-06-20 10:46 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 04:51 . 2008-06-20 04:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 04:40 . 2008-06-20 04:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 04:08 . 2008-06-20 04:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-14 21:05 8,612,384 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-07-14 19:43 106,892 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-07-14 13:41 --------- d-----w C:\Documents and Settings\David\Application Data\MSN6 2008-07-14 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-14 13:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-07-14 01:18 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-14 01:15 --------- d-----w C:\Program Files\Vstep 2008-07-13 23:33 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-07-10 02:06 --------- d-----w C:\Documents and Settings\David\Application Data\Apple Computer 2008-07-09 16:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe 2008-07-09 16:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-07-08 21:03 2,228,736 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp 2008-07-06 00:55 --------- d-----w C:\Program Files\Microsoft Works 2008-07-06 00:55 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-07-06 00:55 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-07-02 18:55 --------- d-----w C:\Program Files\Java 2008-07-01 01:17 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-19 05:27 1,658,880 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp 2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-08 13:39 11,218,798 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-06-07 21:05 --------- d-----w C:\Documents and Settings\David\Application Data\Intuit 2008-06-07 21:04 --------- d-----w C:\Program Files\Quicken 2008-06-07 18:34 --------- d-----w C:\Program Files\StompSoft 2008-06-06 20:36 --------- d-----w C:\Program Files\TomTom HOME 2 2008-06-06 20:18 --------- d-----w C:\Documents and Settings\David\Application Data\TomTom 2008-05-31 17:23 --------- d-----w C:\Program Files\Lavasoft 2008-05-31 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-30 21:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll 2008-05-30 21:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll 2008-05-30 21:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll 2008-05-30 21:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll 2008-05-30 21:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll 2008-05-30 21:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll 2008-05-30 21:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll 2008-05-27 03:37 --------- d-----w C:\Documents and Settings\David\Application Data\HP 2008-05-27 03:37 --------- d-----w C:\Documents and Settings\David\Application Data\CyberLink 2008-05-25 22:24 --------- d-----w C:\Documents and Settings\David\Application Data\AdobeUM 2008-05-25 21:49 --------- d-----w C:\Program Files\WinDirStat 2008-05-25 20:49 --------- d-----w C:\Documents and Settings\David\Application Data\Corel 2008-05-25 20:37 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-05-25 20:29 --------- d-----w C:\Program Files\Google 2008-05-25 20:28 --------- d-----w C:\Program Files\Norton CleanSweep 2008-05-25 20:27 --------- d-----w C:\Program Files\Symantec 2008-05-25 20:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-05-25 20:27 --------- d-----w C:\Documents and Settings\David\Application Data\Symantec 2008-05-25 20:15 --------- d-----w C:\Documents and Settings\David\Application Data\Leadertech 2008-05-25 20:03 --------- d-----w C:\Program Files\Microsoft Streets & Trips 2008-05-25 19:00 --------- d-----w C:\Documents and Settings\David\Application Data\MSNInstaller 2008-05-25 18:46 --------- d-----w C:\Program Files\Microsoft Office Outlook Connector 2008-05-25 16:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-05-25 15:59 --------- d-----w C:\Program Files\Hp 2008-05-25 15:53 --------- d-----w C:\Documents and Settings\David\Application Data\Talkback 2008-05-25 15:48 1,743 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv8000 (EX177AV)_YN_0Pavi_QCND62600G3_E413900001_46_I30 A6_SHP_V56.37_BF.13_T060510_WXH2_L409_M 1023_J80_7Intel_8T2400_91.83_#080525_N80861092_(EX177AV)_XMOBILE_CN10_Z_2F.13_G10DE0398.MRK 2008-05-25 15:12 --------- d-----w C:\Program Files\Quickensetup 2008-05-25 15:10 --------- d-----w C:\Program Files\NetWaiting 2008-05-25 15:10 --------- d-----w C:\Program Files\Netscape 2008-05-25 15:10 --------- d-----w C:\Program Files\music_now 2008-05-25 15:10 --------- d-----w C:\Program Files\MSN Encarta Plus 2008-05-25 15:09 --------- d-----w C:\Program Files\Microsoft Office Trial Wizard 2008-05-25 15:08 --------- d-----w C:\Program Files\Microsoft Money 2006 2008-05-25 15:05 --------- d-----w C:\Program Files\CONEXANT 2008-05-25 15:05 --------- d-----w C:\Program Files\Common Files\Palo Alto Software 2008-05-25 15:05 --------- d-----w C:\Program Files\Common Files\muvee Technologies 2008-05-25 15:04 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-05-25 15:00 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec 2008-05-25 15:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic 2008-05-25 01:40 --------- d-----w C:\Documents and Settings\David Buchanan\Application Data\MSN6 2008-05-20 17:17 --------- d-----w C:\Program Files\Adobe Media Player 2008-05-19 19:48 --------- d-----w C:\Documents and Settings\David Buchanan\Application Data\AdobeUM 2008-05-16 18:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-16 18:25 15,616 -c--a-w C:\Documents and Settings\David Buchanan\Application Data\wklnhst.dat 2008-05-15 21:50 2,661,376 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp 2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:53 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll 2008-05-09 10:53 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:53 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll 2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:53 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll 2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-09 10:53 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll 2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe 2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe 2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2008-04-24 05:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-04-17 17:26 2,208,768 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp 2008-04-14 13:39 2,193,920 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-24 16:41 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 01:42 202088] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 19:49 454656] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-15 11:26 7561216] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-15 11:26 86016] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 22:46 761948] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-14 12:41 1232152] "nwiz"="nwiz.exe" [2006-04-15 11:26 1519616 C:\WINDOWS\system32\nwiz.exe] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 04:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe] C:\Documents and Settings\David Buchanan\Start Menu\Programs\Startup\ Salem Public Library Tray App.lnk - C:\Program Files\PermissionTV\bin\dmtray.exe [2008-02-29 19:35:06 57344] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 10:39:30 73728] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APITRAP.DLL,avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-14 12:40] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-14 12:41] Newly Created Service - CATCHME . Contents of the 'SCHEDULED Tasks' folder "2008-07-14 19:47:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-07-12 20:13:56 C:\WINDOWS\Tasks\Registry Repair.job" - C:\Program Files\StompSoft\RegistryRepair4\Registry Repair.exe "2008-07-12 20:13:56 C:\WINDOWS\Tasks\Registry Repair4.job" - C:\Program Files\StompSoft\RegistryRepair4\Registry Repair.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-14 14:04:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden AUTOSTART entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??? ?[email protected]? ?U???([email protected]? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> ?:\WINDOWS\system32\PSAPI.DLL -> ?:\WINDOWS\System32\msvcp60.dll . Completion time: 2008-07-14 14:05:47 ComboFix-quarantined-files.txt 2008-07-14 21:05:42 Pre-Run: 40,360,603,648 bytes free Post-Run: 40,365,944,832 bytes free 229 --- E O F --- 2008-07-13 16:26:24 Run the F-Secure Online Scanner for Viruses, Spyware and RootKits: This scanner works with Internet Explorer only Click on Online Services and then Online Scanner Accept the License Agreement. Once the ActiveX installs,Click Full System Scan Once the download completes,the scan will begin automatically. The scan will take some time to finish,so please be patient. When the scan completes, click the Automatic cleaning (recommended) button. Click the Show Report** button and Copy&Paste the entire report in your next reply. I was guessing that some of the system files are corrupted?From the combofix log. This is very suspicious to be in that location in the log. Quote catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-14 14:04:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?Huh?? [email protected][email protected]? Huh?U?Huh??([email protected][email protected] scanning hidden files ... scan completed successfully hidden files: 0 Quote from: evilfantasy on July 14, 2008, 03:39:49 PM From the combofix log. This is very suspicious to be in that location in the log. Quote catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-14 14:04:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?Huh?? [email protected][email protected]? Huh?U?Huh??([email protected][email protected] scanning hidden files ... scan completed successfully hidden files: 0 I thought so too. What should I do about that?

Answer»

I have a laptop that has some trojans on it. I was wondering if there was a fix so I don't have to do a reapair install? I will LATER run Combofix and send you guys the log after the antivirus programs run.

Zone Alarm Anti Virus caught these:

not-a-virus:AdWare.Win32.Agent.aeh
Trojan-Downloader.Win32.Zlob.ods
Trojan.Win32.Buzus.hpp

....................................... ........... ...............

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:03 PM, on 7/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet EXPLORER v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF READER Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavili on&pf=laptop
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL/...ws-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: APITRAP.DLL,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9648 bytesWe don't need a combofix log at this point. What we do need are the logs from hereI'm already ahead of you. I'm running those scans right now.

Zone Alarm has them quarantined.The HJT log looks fine by the way besides needing to update Java.

If ZA quarantined the files then you are probably OK. It never hurts to run SAS and MBAM just to be sure though.I keep getting these errors that say do you want to send this report to Microsoft. It won't let me install programs like windows media player. closes with an error do you want to send this report to Microsoft. Also Doctor Watson had a error and wanted it to be sent to Microsoft.Sounds like you may have something going on that HJT cant see. Best to see what the other scans find and then we will do some more if needed.Is there a program or patch for those Trojans?ZA caught them so you already have one...Maybe... But aparently it has caused damage to the data.I'm thinking rootkit maybe. Quote from: evilfantasy on July 14, 2008, 03:05:12 PM

I'm thinking rootkit maybe.

What do you suggest then?

ComboFix 08-07-14.2 - David 2008-07-14 14:01:45.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.475 [GMT -7:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-14 13:02 . 2008-07-14 13:02      d--------   C:\Program Files\Trend Micro
2008-07-14 08:27 . 2008-07-14 08:27   1,374   --a------   C:\WINDOWS\imsins.BAK
2008-07-14 06:47 . 2008-07-14 06:47      d--------   C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-14 06:46 . 2008-07-14 06:46      d--------   C:\Program Files\SUPERAntiSpyware
2008-07-14 06:46 . 2008-07-14 06:46      d--------   C:\Documents and Settings\David\Application Data\SUPERAntiSpyware.com
2008-07-14 06:44 . 2008-07-14 06:44      d--------   C:\Documents and Settings\David\Application Data\Malwarebytes
2008-07-14 06:43 . 2008-07-14 12:41      d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-07-14 06:43 . 2008-07-14 06:43      d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-14 06:43 . 2008-07-07 17:35   34,296   --a------   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-14 06:43 . 2008-07-07 17:35   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-07-14 06:41 . 2008-07-14 12:40   96,520   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-14 06:41 . 2008-07-14 06:41   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll.old
2008-07-14 06:41 . 2008-07-14 12:40   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-07-14 06:40 . 2008-07-14 12:41      d--------   C:\WINDOWS\system32\drivers\Avg
2008-07-14 06:40 . 2008-07-14 06:40      d--------   C:\Program Files\AVG
2008-07-14 06:40 . 2008-07-14 06:40      d--------   C:\Documents and Settings\All Users\Application Data\avg8
2008-07-14 06:36 . 2008-07-14 06:36      d--------   C:\Program Files\CCleaner
2008-07-13 20:55 . 2008-07-14 08:29   23,392   --a------   C:\WINDOWS\system32\nscompat.tlb
2008-07-13 20:55 . 2008-07-14 08:29   16,832   --a------   C:\WINDOWS\system32\amcompat.tlb
2008-07-13 10:11 . 2008-07-13 10:11      d--------   C:\WINDOWS\Logs
2008-07-13 09:54 . 2008-07-13 09:54      d--------   C:\Program Files\Netflix
2008-06-20 10:46 . 2008-06-20 10:46   245,248   ---------   C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 10:46 . 2008-06-20 10:46   147,968   ---------   C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 04:51 . 2008-06-20 04:51   361,600   ---------   C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 04:40 . 2008-06-20 04:40   138,496   ---------   C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 04:08 . 2008-06-20 04:08   225,856   ---------   C:\WINDOWS\system32\dllcache\tcpip6.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 21:05   8,612,384   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-14 19:43   106,892   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-14 13:41   ---------   d-----w   C:\Documents and Settings\David\Application Data\MSN6
2008-07-14 13:38   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-14 13:27   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-07-14 01:18   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-07-14 01:15   ---------   d-----w   C:\Program Files\Vstep
2008-07-13 23:33   43,520   ----a-w   C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-10 02:06   ---------   d-----w   C:\Documents and Settings\David\Application Data\Apple Computer
2008-07-09 16:05   75,248   ----a-w   C:\WINDOWS\zllsputility.exe
2008-07-09 16:05   1,086,952   ----a-w   C:\WINDOWS\system32\zpeng24.dll
2008-07-08 21:03   2,228,736   ----a-w   C:\WINDOWS\Internet Logs\xDBF.tmp
2008-07-06 00:55   ---------   d-----w   C:\Program Files\Microsoft Works
2008-07-06 00:55   ---------   d-----w   C:\Program Files\Common Files\SureThing Shared
2008-07-06 00:55   ---------   d-----w   C:\Program Files\Common Files\Sonic Shared
2008-07-02 18:55   ---------   d-----w   C:\Program Files\Java
2008-07-01 01:17   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-06-20 17:46   245,248   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51   361,600   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40   138,496   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08   225,856   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 05:27   1,658,880   ----a-w   C:\WINDOWS\Internet Logs\xDBE.tmp
2008-06-13 11:05   272,128   ----a-w   C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 11:05   272,128   ------w   C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-08 13:39   11,218,798   ----a-w   C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-07 21:05   ---------   d-----w   C:\Documents and Settings\David\Application Data\Intuit
2008-06-07 21:04   ---------   d-----w   C:\Program Files\Quicken
2008-06-07 18:34   ---------   d-----w   C:\Program Files\StompSoft
2008-06-06 20:36   ---------   d-----w   C:\Program Files\TomTom HOME 2
2008-06-06 20:18   ---------   d-----w   C:\Documents and Settings\David\Application Data\TomTom
2008-05-31 17:23   ---------   d-----w   C:\Program Files\Lavasoft
2008-05-31 17:23   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-30 21:19   507,400   ----a-w   C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 21:18   238,088   ----a-w   C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 21:17   65,032   ----a-w   C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 21:17   25,608   ----a-w   C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 21:11   467,984   ----a-w   C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 21:11   3,850,760   ----a-w   C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 21:11   1,491,992   ----a-w   C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-27 03:37   ---------   d-----w   C:\Documents and Settings\David\Application Data\HP
2008-05-27 03:37   ---------   d-----w   C:\Documents and Settings\David\Application Data\CyberLink
2008-05-25 22:24   ---------   d-----w   C:\Documents and Settings\David\Application Data\AdobeUM
2008-05-25 21:49   ---------   d-----w   C:\Program Files\WinDirStat
2008-05-25 20:49   ---------   d-----w   C:\Documents and Settings\David\Application Data\Corel
2008-05-25 20:37   ---------   d-----w   C:\Program Files\Microsoft ActiveSync
2008-05-25 20:29   ---------   d-----w   C:\Program Files\Google
2008-05-25 20:28   ---------   d-----w   C:\Program Files\Norton CleanSweep
2008-05-25 20:27   ---------   d-----w   C:\Program Files\Symantec
2008-05-25 20:27   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-05-25 20:27   ---------   d-----w   C:\Documents and Settings\David\Application Data\Symantec
2008-05-25 20:15   ---------   d-----w   C:\Documents and Settings\David\Application Data\Leadertech
2008-05-25 20:03   ---------   d-----w   C:\Program Files\Microsoft Streets & Trips
2008-05-25 19:00   ---------   d-----w   C:\Documents and Settings\David\Application Data\MSNInstaller
2008-05-25 18:46   ---------   d-----w   C:\Program Files\Microsoft Office Outlook Connector
2008-05-25 16:32   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-25 15:59   ---------   d-----w   C:\Program Files\Hp
2008-05-25 15:53   ---------   d-----w   C:\Documents and Settings\David\Application Data\Talkback
2008-05-25 15:48   1,743   --sha-r   C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv8000 (EX177AV)_YN_0Pavi_QCND62600G3_E413900001_46_I30 A6_SHP_V56.37_BF.13_T060510_WXH2_L409_M 1023_J80_7Intel_8T2400_91.83_#080525_N80861092_(EX177AV)_XMOBILE_CN10_Z_2F.13_G10DE0398.MRK
2008-05-25 15:12   ---------   d-----w   C:\Program Files\Quickensetup
2008-05-25 15:10   ---------   d-----w   C:\Program Files\NetWaiting
2008-05-25 15:10   ---------   d-----w   C:\Program Files\Netscape
2008-05-25 15:10   ---------   d-----w   C:\Program Files\music_now
2008-05-25 15:10   ---------   d-----w   C:\Program Files\MSN Encarta Plus
2008-05-25 15:09   ---------   d-----w   C:\Program Files\Microsoft Office Trial Wizard
2008-05-25 15:08   ---------   d-----w   C:\Program Files\Microsoft Money 2006
2008-05-25 15:05   ---------   d-----w   C:\Program Files\CONEXANT
2008-05-25 15:05   ---------   d-----w   C:\Program Files\Common Files\Palo Alto Software
2008-05-25 15:05   ---------   d-----w   C:\Program Files\Common Files\muvee Technologies
2008-05-25 15:04   ---------   d-----w   C:\Program Files\Common Files\LightScribe
2008-05-25 15:00   ---------   d-----w   C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-05-25 15:00   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-25 01:40   ---------   d-----w   C:\Documents and Settings\David Buchanan\Application Data\MSN6
2008-05-20 17:17   ---------   d-----w   C:\Program Files\Adobe Media Player
2008-05-19 19:48   ---------   d-----w   C:\Documents and Settings\David Buchanan\Application Data\AdobeUM
2008-05-16 18:58   12,632   ----a-w   C:\WINDOWS\system32\lsdelete.exe
2008-05-16 18:25   15,616   -c--a-w   C:\Documents and Settings\David Buchanan\Application Data\wklnhst.dat
2008-05-15 21:50   2,661,376   ----a-w   C:\WINDOWS\Internet Logs\xDBD.tmp
2008-05-09 10:53   90,112   ----a-w   C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53   90,112   ------w   C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:53   512,000   ------w   C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:53   430,080   ----a-w   C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53   430,080   ------w   C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:53   180,224   ----a-w   C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53   180,224   ------w   C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:53   172,032   ----a-w   C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:53   172,032   ------w   C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 14:02   203,136   ------w   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 11:24   155,648   ----a-w   C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24   155,648   ------w   C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07   135,168   ----a-w   C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07   135,168   ------w   C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:12   1,288,192   ----a-w   C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12   1,288,192   ------w   C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 05:16   3,591,680   ------w   C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40   625,664   ------w   C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39   70,656   ------w   C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39   13,824   ------w   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07   161,792   ------w   C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-17 17:26   2,208,768   ----a-w   C:\WINDOWS\Internet Logs\xDBC.tmp
2008-04-14 13:39   2,193,920   ----a-w   C:\WINDOWS\Internet Logs\xDBB.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-24 16:41 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 01:42 202088]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 19:49 454656]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-15 11:26 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-15 11:26 86016]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 22:46 761948]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 21:54 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 08:03 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-14 12:41 1232152]
"nwiz"="nwiz.exe" [2006-04-15 11:26 1519616 C:\WINDOWS\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 04:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

C:\Documents and Settings\David Buchanan\Start Menu\Programs\Startup\
Salem Public Library Tray App.lnk - C:\Program Files\PermissionTV\bin\dmtray.exe [2008-02-29 19:35:06 57344]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 10:39:30 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APITRAP.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-14 12:40]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-14 12:41]

*Newly Created Service* - CATCHME
.
Contents of the 'SCHEDULED Tasks' folder
"2008-07-14 19:47:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-07-12 20:13:56 C:\WINDOWS\Tasks\Registry Repair.job"
- C:\Program Files\StompSoft\RegistryRepair4\Registry Repair.exe
"2008-07-12 20:13:56 C:\WINDOWS\Tasks\Registry Repair4.job"
- C:\Program Files\StompSoft\RegistryRepair4\Registry Repair.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 14:04:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden AUTOSTART entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??? ?[email protected]? ?U???([email protected]?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\system32\PSAPI.DLL
-> ?:\WINDOWS\System32\msvcp60.dll
.
Completion time: 2008-07-14 14:05:47
ComboFix-quarantined-files.txt 2008-07-14 21:05:42

Pre-Run: 40,360,603,648 bytes free
Post-Run: 40,365,944,832 bytes free

229   --- E O F ---   2008-07-13 16:26:24
Run the F-Secure Online Scanner for Viruses, Spyware and RootKits:

This scanner works with Internet Explorer only

Click on Online Services and then Online Scanner
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

I was guessing that some of the system files are corrupted?From the combofix log. This is very suspicious to be in that location in the log.

Quote

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 14:04:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?Huh?? [email protected][email protected]? Huh?U?Huh??([email protected][email protected]

scanning hidden files ...

scan completed successfully
hidden files: 0

Quote from: evilfantasy on July 14, 2008, 03:39:49 PM

From the combofix log. This is very suspicious to be in that location in the log.

Quote
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 14:04:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?Huh?? [email protected][email protected]? Huh?U?Huh??([email protected][email protected]

scanning hidden files ...

scan completed successfully
hidden files: 0

I thought so too. What should I do about that?

Solve : Trojan Need Some Help!?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment