Various Trojans and Virus - Free Antivirus Forum

Various Trojans and Virus

BullGuard Antivirus Forum > Virus Removal > Removal Help > Various Trojans and Virus

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Frank1
New Member

Date Joined Apr 2005
Total Posts : 42

Posted 9-27-2009 11:12 (GMT +1)

I want to thank you folks in advance for all your help.

You are the brightest on the planet when it comes to getting rid of these virus ,trojans etc.

I have been helped several times in the past from TOUCH !

I followed your instructions in "before you post" to the letter

Here are my scans:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:03 PM, on 9/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\SAM\Desktop\FIX\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240187843000
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB04B81C-41F0-41C3-9524-6092A2A51307}: NameServer = 192.168.123.254,192.168.123.255
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6839 bytes

Malwarebytes' Anti-Malware 1.41
Database version: 2866
Windows 5.1.2600 Service Pack 2

9/27/2009 5:24:37 PM
mbam-log-2009-09-27 (17-24-37).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 177466
Time elapsed: 34 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS (Ver_09-09-24.01) - NTFSx86
Run by SAM at 17:27:24.46 on Sun 09/27/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2015.1463 [GMT -5:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SAM\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\imon.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240187843000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {EB04B81C-41F0-41C3-9524-6092A2A51307} = 192.168.123.254,192.168.123.255
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvvsRJy

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sam\applic~1\mozilla\firefox\profiles\yozei8i9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2008-1-31 10872]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-1-31 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 51440]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2008-1-31 552064]
R2 sympxchm;sympxchm;c:\windows\system32\drivers\sympxchm.sys [2008-7-20 19741]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
R3 vidcap;vidcap;c:\windows\system32\drivers\vidcap.sys [2006-12-27 9006]
S3 HRFUSB;Symphony HRF USB Adapter Driver;c:\windows\system32\drivers\hrfusbxp.sys [2008-7-20 125309]
S3 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-1-25 194320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-12-23 50704]
S3 RIOXDRV;SONICblue Rio generic driver XP+;c:\windows\system32\drivers\RIOXDRV.sys [2008-8-12 18304]
S3 RSC4_A02;U.S. Robotics Wireless USB Adapter Driver;c:\windows\system32\drivers\rsc4usb.sys --> c:\windows\system32\drivers\RSC4USB.sys [?]
S4 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]

=============== Created Last 30 ================

2009-09-25 07:00 <DIR> --d----- c:\program files\Hulu Downloader
2009-09-18 19:29 <DIR> --d----- c:\program files\PowerISO
2009-09-16 23:38 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2009-09-16 23:38 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2009-09-16 23:34 <DIR> --d----- c:\windows\Replay Media Catcher
2009-09-16 23:34 <DIR> --d----- c:\program files\Replay Media Catcher
2009-09-11 14:54 94,208 a------- c:\windows\system32\GTW32N50.dll
2009-09-11 14:54 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2009-09-11 14:54 15,872 a------- c:\windows\system32\GTNDIS5.sys
2009-09-11 14:44 <DIR> --d----- C:\!KillBox
2009-09-11 03:51 <DIR> --d----- c:\program files\WinPcap
2009-09-11 03:50 <DIR> --d----- c:\program files\Cain
2009-08-30 03:33 67 a------- c:\windows\AVIConverter.INI
2009-08-30 03:33 <DIR> --d----- c:\program files\Boilsoft AVI Converter

==================== Find3M ====================

2009-09-17 00:14 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 ac------ c:\windows\system32\drivers\mbam.sys
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2008-02-13 22:49 81,920 -------- c:\docume~1\sam\applic~1\ezpinst.exe
2008-02-13 22:49 47,360 -------- c:\docume~1\sam\applic~1\pcouffin.sys
2007-04-24 10:33 22 ac-sh--- c:\windows\sminst\HPCD.sys
2006-05-03 04:06 163,328 a--shr-- c:\windows\system32\flvDX.dll
2008-02-13 22:57 4,704 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2007-02-21 05:47 31,232 a--shr-- c:\windows\system32\msfDX.dll
2008-01-31 10:20 2,066,208 ac-sh--- c:\windows\system32\drivers\fidbox.dat
2008-01-31 10:20 25,376 ac-sh--- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 17:27:51.50 ===============

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:03 PM, on 9/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

--
End of file - 6839 bytes

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16739

Posted 9-28-2009 5:50 (GMT +1)

Hello Frank1 cool

Please download Combofix from:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

And save to the desktop.

Close all other browser windows.

Double-click on the combofix icon found on your desktop.

Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When finished, it will produce a logfile located at C:\combofix.txt.

Post the contents of that log in your next reply

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Frank1
New Member

Date Joined Apr 2005
Total Posts : 42

Posted 9-28-2009 7:35 (GMT +1)

ComboFix 09-09-25.01 - SAM 09/27/2009 20:21.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2015.1496 [GMT -5:00]
Running from: c:\documents and settings\SAM\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt
c:\windows\Installer\15ce4e5.msp
c:\windows\Installer\15ce4e9.msp
c:\windows\Installer\179a704.msp
c:\windows\Installer\179a708.msp
c:\windows\Installer\1fb7cde.msp
c:\windows\Installer\1fb7ce2.msp
c:\windows\Installer\288cf85.msp
c:\windows\Installer\288cf89.msp
c:\windows\Installer\2ae528c.msp
c:\windows\Installer\2ae5290.msp
c:\windows\Installer\32b5386.msp
c:\windows\Installer\32b538a.msp
c:\windows\Installer\337e9.msp
c:\windows\Installer\337ec.msp
c:\windows\Installer\3fed6a.msp
c:\windows\Installer\3fed6e.msp
c:\windows\Installer\566243f.msp
c:\windows\Installer\5662443.msp
c:\windows\Installer\5f2d6a.msp
c:\windows\Installer\a5ef10.msp
c:\windows\kb913800.exe
c:\windows\system32\Drivers\dpfhhiykmcnn.sys
c:\windows\system32\Drivers\RkPavProc.sys
c:\windows\system32\Drivers\vrbimtveuums.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_dpfhhiykmcnn
-------\Legacy_RkPavProc
-------\Legacy_vrbimtveuums
-------\Service_dpfhhiykmcnn
-------\Service_RkPavProc
-------\Service_vrbimtveuums

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-26 04:09 . 2009-09-26 04:09 -------- d-----w- c:\documents and settings\SAM\Local Settings\Application Data\HuluDesktop
2009-09-25 23:35 . 2009-09-26 04:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-25 12:00 . 2009-09-25 23:10 -------- d-----w- c:\program files\Hulu Downloader
2009-09-22 06:40 . 2009-09-22 06:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-19 00:29 . 2009-09-19 00:29 -------- d-----w- c:\program files\PowerISO
2009-09-17 04:38 . 2009-09-17 05:14 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-09-17 04:38 . 2009-09-17 05:14 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-09-17 04:34 . 2009-09-17 04:34 -------- d-----w- c:\windows\Replay Media Catcher
2009-09-17 04:34 . 2009-09-18 18:23 -------- d-----w- c:\program files\Replay Media Catcher
2009-09-11 19:54 . 2003-10-13 20:30 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2009-09-11 19:54 . 2003-09-26 03:15 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2009-09-11 19:44 . 2009-09-11 19:44 -------- d-----w- C:\!KillBox
2009-09-11 08:51 . 2009-09-11 08:51 -------- d-----w- c:\program files\WinPcap
2009-09-11 08:50 . 2009-09-26 20:28 -------- d-----w- c:\program files\Cain
2009-08-30 08:33 . 2009-08-30 08:33 -------- d-----w- c:\program files\Boilsoft AVI Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-27 22:51 . 2008-12-09 15:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-27 22:34 . 2006-09-01 10:15 -------- d-----w- c:\program files\Java
2009-09-27 21:19 . 2007-10-03 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-27 18:25 . 2007-09-04 15:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-27 18:25 . 2008-03-30 20:27 -------- d-----w- c:\program files\Lavasoft
2009-09-27 03:42 . 2008-02-15 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-26 04:29 . 2008-02-12 04:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-25 11:25 . 2008-09-24 01:14 -------- d-----w- c:\program files\The KMPlayer
2009-09-24 15:09 . 2008-03-19 04:51 -------- d-----w- c:\program files\RegCure
2009-09-17 05:14 . 2008-10-13 00:58 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-09-15 23:40 . 2006-09-01 11:22 153400 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 23:33 . 2006-09-01 10:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-13 08:37 . 2008-10-19 17:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 19:54 . 2008-10-19 17:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-10-19 17:55 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 05:58 . 2008-10-13 00:58 -------- d-----w- c:\program files\Replay Music 3
2009-08-30 09:31 . 2008-12-21 02:49 -------- d-----w- c:\program files\Avidemux 2.4
2009-08-30 08:39 . 2007-04-20 00:24 -------- d-----w- c:\documents and settings\SAM\Application Data\Vso
2009-08-19 22:22 . 2008-10-14 19:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-27 02:43 . 2009-07-27 02:43 58908 ----a-w- c:\windows\system32\drivers\scdemu.sys
2009-01-12 00:09 . 2008-05-29 02:42 67696 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-12 00:09 . 2008-05-29 02:42 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-12 00:09 . 2008-05-29 02:42 34952 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-01-12 00:09 . 2008-05-29 02:42 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-12 00:09 . 2008-05-29 02:42 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-04-24 15:33 . 2007-04-24 15:33 22 -csha-w- c:\windows\SMINST\HPCD.sys
2006-05-03 09:06 . 2007-04-20 06:47 163328 --sha-r- c:\windows\system32\flvDX.dll
2008-02-14 03:57 . 2008-02-14 03:56 4704 -csha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2007-04-20 06:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-01-31 15:20 . 2008-01-26 04:36 2066208 -csha-w- c:\windows\system32\drivers\fidbox.dat
2008-01-31 15:20 . 2008-01-26 04:36 25376 -csha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-27 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-09-27 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-21 185896]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-03-16 158208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-27 149280]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-09-27 1617920]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2007-07-06 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-07-27 61952]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 20:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^U.S. Robotics 802.11g Wireless Network Utility.lnk]
backup=c:\windows\pss\U.S. Robotics 802.11g Wireless Network Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^U.S. Robotics Wireless USB Adapter.lnk]
backup=c:\windows\pss\U.S. Robotics Wireless USB Adapter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^SAM^Start Menu^Programs^StartUp^SimpleWare.lnk]
backup=c:\windows\pss\SimpleWare.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^SAM^Start Menu^Programs^StartUp^Vongo Tray.lnk]
backup=c:\windows\pss\Vongo Tray.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Vongo Service"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Windows Explorer"=explorer.exe
"Uniblue RegistryBooster 2"=c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NWEReboot"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [1/31/2008 4:24 PM 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 3:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 2:39 PM 51440]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968]
R2 sympxchm;sympxchm;c:\windows\system32\drivers\sympxchm.sys [7/20/2008 7:19 AM 19741]
R3 vidcap;vidcap;c:\windows\system32\drivers\vidcap.sys [12/27/2006 9:47 AM 9006]
S3 HRFUSB;Symphony HRF USB Adapter Driver;c:\windows\system32\drivers\hrfusbxp.sys [7/20/2008 7:19 AM 125309]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [12/23/2008 10:35 AM 50704]
S3 RIOXDRV;SONICblue Rio generic driver XP+;c:\windows\system32\drivers\RIOXDRV.sys [8/12/2008 8:05 PM 18304]
S3 RSC4_A02;U.S. Robotics Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\RSC4USB.sys --> c:\windows\system32\DRIVERS\RSC4USB.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 7:51 PM 4096]
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]

2009-09-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 16:20]

2009-09-27 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-10-14 14:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {EB04B81C-41F0-41C3-9524-6092A2A51307} = 192.168.123.254,192.168.123.255
FF - ProfilePath - c:\documents and settings\SAM\Application Data\Mozilla\Firefox\Profiles\yozei8i9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
SafeBoot-AVG Anti-Spyware Driver

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-27 20:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???@_??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(2724)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-09-28 20:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-28 01:30

Pre-Run: 6,369,419,264 bytes free
Post-Run: 6,278,635,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

260 --- E O F --- 2008-03-20 08:16

Frank1
New Member

Date Joined Apr 2005
Total Posts : 42

Posted 9-28-2009 7:57 (GMT +1)

Newest log

ComboFix 09-09-25.01 - SAM 09/28/2009 2:45:05.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2015.1476 [GMT -5:00]
Running from: C:\Documents and Settings\SAM\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Installer\3d841.msi
C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\Drivers\dpfhhiykmcnn.sys
C:\WINDOWS\system32\Drivers\RkPavProc.sys
C:\WINDOWS\system32\Drivers\vrbimtveuums.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_dpfhhiykmcnn
-------\Legacy_RkPavProc
-------\Legacy_vrbimtveuums
-------\Service_dpfhhiykmcnn
-------\Service_RkPavProc
-------\Service_vrbimtveuums

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-28 06:34:57 . 2009-09-28 06:34:57 0 d-----w- C:\Documents and Settings\SAM\Local Settings\Application Data\HuluDesktop
2009-09-28 03:20:55 . 2009-09-28 03:20:55 0 d-----w- C:\WINDOWS\system32\wbem\Repository
2009-09-28 02:57:23 . 2009-09-28 03:20:16 0 d-----w- C:\RECYCLER(2)
2009-09-25 23:35:55 . 2009-09-26 04:11:52 0 d-----w- C:\Documents and Settings\All Users\Application Data\NOS
2009-09-25 23:18:43 . 2009-09-25 23:18:43 152576 ----a-w- C:\Documents and Settings\SAM\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-25 12:00:45 . 2009-09-28 03:16:13 0 d-----w- C:\Program Files\Hulu Downloader
2009-09-22 06:40:49 . 2009-09-22 06:40:49 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-09-19 00:29:21 . 2009-09-19 00:29:21 0 d-----w- C:\Program Files\PowerISO
2009-09-17 04:38:40 . 2009-09-17 05:14:59 156672 ----a-w- C:\WINDOWS\system32\rmc_fixasf.exe
2009-09-17 04:38:39 . 2009-09-17 05:14:54 237568 ----a-w- C:\WINDOWS\system32\rmc_rtspdl.dll
2009-09-17 04:34:57 . 2009-09-17 04:34:57 0 d-----w- C:\WINDOWS\Replay Media Catcher
2009-09-17 04:34:40 . 2009-09-18 18:23:13 0 d-----w- C:\Program Files\Replay Media Catcher
2009-09-11 19:54:58 . 2003-10-13 20:30:58 94208 ----a-w- C:\WINDOWS\system32\GTW32N50.dll
2009-09-11 19:54:58 . 2003-09-26 03:15:32 15872 ----a-w- C:\WINDOWS\system32\GTNDIS5.sys
2009-09-11 19:44:37 . 2009-09-11 19:44:37 0 d-----w- C:\!KillBox
2009-09-11 08:51:05 . 2009-09-11 08:51:11 0 d-----w- C:\Program Files\WinPcap
2009-09-11 08:50:34 . 2009-09-26 20:28:20 0 d-----w- C:\Program Files\Cain
2009-08-30 08:33:28 . 2009-08-30 08:33:42 0 d-----w- C:\Program Files\Boilsoft AVI Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 06:35:51 . 2006-09-01 10:15:18 0 d-----w- C:\Program Files\Java
2009-09-28 04:51:54 . 2008-12-09 15:17:49 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-09-28 03:29:36 . 2007-10-03 00:51:52 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-27 18:25:16 . 2007-09-04 15:50:54 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-27 18:25:12 . 2008-03-30 20:27:54 0 d-----w- C:\Program Files\Lavasoft
2009-09-27 03:42:10 . 2008-02-15 02:01:00 0 d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-09-26 04:29:58 . 2008-02-12 04:25:44 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-25 11:25:52 . 2008-09-24 01:14:48 0 d-----w- C:\Program Files\The KMPlayer
2009-09-24 15:09:37 . 2008-03-19 04:51:23 0 d-----w- C:\Program Files\RegCure
2009-09-17 05:14:37 . 2008-10-13 00:58:29 323584 ----a-w- C:\WINDOWS\system32\AUDIOGENIE2.DLL
2009-09-15 23:40:41 . 2006-09-01 11:22:10 153400 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 23:33:20 . 2006-09-01 10:15:18 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-09-13 08:37:00 . 2008-10-19 17:55:04 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-10 19:54:06 . 2008-10-19 17:55:06 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53:50 . 2008-10-19 17:55:08 19160 -c--a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-09-07 05:58:13 . 2008-10-13 00:58:02 0 d-----w- C:\Program Files\Replay Music 3
2009-08-30 09:31:26 . 2008-12-21 02:49:18 0 d-----w- C:\Program Files\Avidemux 2.4
2009-08-30 08:39:27 . 2007-04-20 00:24:26 0 d-----w- C:\Documents and Settings\SAM\Application Data\Vso
2009-08-19 22:22:50 . 2008-10-14 19:49:36 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-07-27 02:43:18 . 2009-07-27 02:43:18 58908 ----a-w- C:\WINDOWS\system32\drivers\scdemu.sys
2009-01-12 00:09:12 . 2008-05-29 02:42:17 67696 -c--a-w- C:\Program Files\mozilla firefox\components\jar50.dll
2009-01-12 00:09:12 . 2008-05-29 02:42:17 54376 -c--a-w- C:\Program Files\mozilla firefox\components\jsd3250.dll
2009-01-12 00:09:13 . 2008-05-29 02:42:17 34952 -c--a-w- C:\Program Files\mozilla firefox\components\myspell.dll
2009-01-12 00:09:16 . 2008-05-29 02:42:18 46720 -c--a-w- C:\Program Files\mozilla firefox\components\spellchk.dll
2009-01-12 00:09:16 . 2008-05-29 02:42:18 172144 -c--a-w- C:\Program Files\mozilla firefox\components\xpinstal.dll
2007-04-24 15:33:23 . 2007-04-24 15:33:23 22 -csha-w- C:\WINDOWS\SMINST\HPCD.sys
2006-05-03 09:06:54 . 2007-04-20 06:47:44 163328 --sha-r- C:\WINDOWS\system32\flvDX.dll
2008-02-14 03:57:33 . 2008-02-14 03:56:10 4704 -csha-w- C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47:16 . 2007-04-20 06:47:44 31232 --sha-r- C:\WINDOWS\system32\msfDX.dll
2008-01-31 15:20:17 . 2008-01-26 04:36:59 2066208 -csha-w- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-31 15:20:17 . 2008-01-26 04:36:59 25376 -csha-w- C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 04:56:34 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 05:58:26 458752]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-09-27 22:10:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-09-27 22:10:00 86016]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 07:27:20 1015808]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 23:30:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 23:30:30 81920]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 23:02:12 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 17:23:50 1187840]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-21 06:37:55 185896]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 07:29:10 102400]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-03-16 04:00:00 158208]
"nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2006-09-27 22:10:00 1617920]
"MsmqIntCert"="mqrt.dll" - C:\WINDOWS\system32\mqrt.dll [2007-07-06 12:46:59 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-07-27 03:44:56 61952]
"Logitech Utility"="Logi_MwX.Exe" - C:\WINDOWS\LOGI_MWX.EXE [2003-12-17 17:50:00 19968]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 20:55:48 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 20:41:36 294912 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^U.S. Robotics 802.11g Wireless Network Utility.lnk]
backup=C:\WINDOWS\pss\U.S. Robotics 802.11g Wireless Network Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^U.S. Robotics Wireless USB Adapter.lnk]
backup=C:\WINDOWS\pss\U.S. Robotics Wireless USB Adapter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^SAM^Start Menu^Programs^StartUp^SimpleWare.lnk]
backup=C:\WINDOWS\pss\SimpleWare.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^SAM^Start Menu^Programs^StartUp^Vongo Tray.lnk]
backup=C:\WINDOWS\pss\Vongo Tray.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Vongo Service"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Windows Explorer"=explorer.exe
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NWEReboot"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys [1/31/2008 4:24:43 PM 15424]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 3:53:48 PM 5632]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 2:39:26 PM 51440]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42:30 PM 156968]
R2 sympxchm;sympxchm;C:\WINDOWS\system32\drivers\sympxchm.sys [7/20/2008 7:19:15 AM 19741]
R3 vidcap;vidcap;C:\WINDOWS\system32\drivers\vidcap.sys [12/27/2006 9:47:30 AM 9006]
S3 HRFUSB;Symphony HRF USB Adapter Driver;C:\WINDOWS\system32\drivers\hrfusbxp.sys [7/20/2008 7:19:10 AM 125309]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [12/23/2008 10:35:02 AM 50704]
S3 RIOXDRV;SONICblue Rio generic driver XP+;C:\WINDOWS\system32\drivers\RIOXDRV.sys [8/12/2008 8:05:32 PM 18304]
S3 RSC4_A02;U.S. Robotics Wireless USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\RSC4USB.sys --> C:\WINDOWS\system32\DRIVERS\RSC4USB.sys [?]
S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 7:51:08 PM 4096]
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 16:20:34 . 2007-08-02 16:20:34]

2009-09-24 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 16:20:34 . 2007-08-02 16:20:34]

2009-09-27 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-10-14 19:49:39 . 2008-07-07 14:42:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: C:\WINDOWS\system32\imon.dll
TCP: {EB04B81C-41F0-41C3-9524-6092A2A51307} = 192.168.123.254,192.168.123.255
FF - ProfilePath - C:\Documents and Settings\SAM\Application Data\Mozilla\Firefox\Profiles\yozei8i9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files\Mozilla Firefox\components\xpinstal.dll
FF - component: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16739

Posted 9-28-2009 12:10 (GMT +1)

Looks clean. Please post new hijackthis log and tell how things are running ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Frank1
New Member

Date Joined Apr 2005
Total Posts : 42

Posted 9-28-2009 4:40 (GMT +1)

I am almost positive the program Hulu downloader brought in the infection.

Running much better, I just want to make sure it's 100%

I stopped downloading MS updates at SP2 cause I heard of sooo many problems with SP3 what's your thoughts on this ?

P.S. Adaware still won't run gets hung up on waiting for scanner is there a better/alternative program or do I have a conflict or still have a problem ?

Thank You for your personal interest Touch as you can see I have been around here since 2005 and more than likely will be back again.

Here is my Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:53 AM, on 9/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\SAM\Desktop\FIX\HijackThis.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240187843000
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB04B81C-41F0-41C3-9524-6092A2A51307}: NameServer = 192.168.123.254,192.168.123.255
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6739 bytes

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16739

Posted 9-30-2009 6:28 (GMT +1)

Adaware still won't run gets hung up on waiting for scanner is there a better/alternative program.

I´ll suggest you remove Ad-Aware and keep malwarebyte.

The hijackthis log looks clean.

Now your computer problems are solved, it is time for the clean-up procedure

You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:

Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.

Click START then RUN

Now type Combofix /u in the runbox and click OK.

Note the space between the X and the U, it needs to be there.

The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present.
The C:\Deckard folder, if present.
The C:_OtMoveIt folder, if present.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.

Keep safe

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

Forum Information

Currently it is Friday, March 12, 2010 6:40 AM (GMT +1)
There are a total of 76.122 posts in 17.591 threads.
In the last 3 days there were 10 new threads and 69 reply posts. View Active Threads