Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware attack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware attack

Unread postby panther » January 31st, 2010, 1:18 am

Hi,

Recently my pc got infected with malwares. I removed some of viruses,trojens with the help of anti-virus but still suspect there are few more malwares. Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:02 AM, on 1/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\mqsvc.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ext2Fsd\Ext2Mgr.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Panther\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Panther\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Panther\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 69.14.97.17 msnfix.changelog.fr
O1 - Hosts: 69.14.97.17 http://www.incodesolutions.com
O1 - Hosts: 69.14.97.17 virusinfo.prevx.com
O1 - Hosts: 69.14.97.17 download.bleepingcomputer.com
O1 - Hosts: 69.14.97.17 http://www.dazhizhu.cn
O1 - Hosts: 69.14.97.17 foro.noticias3d.com
O1 - Hosts: 69.14.97.17 http://www.spybotupdates.com
O1 - Hosts: 69.14.97.17 club.myce.com
O1 - Hosts: 69.14.97.17 http://www.k7computing.com
O1 - Hosts: 69.14.97.17 softwaresecuritysolutions.com
O1 - Hosts: 69.14.97.17 http://www.nabble.com
O1 - Hosts: 69.14.97.17 lurker.clamav.net
O1 - Hosts: 69.14.97.17 lexikon.ikarus.at
O1 - Hosts: 69.14.97.17 research.sunbelt-software.com
O1 - Hosts: 69.14.97.17 http://www.virusdoctor.jp
O1 - Hosts: 69.14.97.17 http://www.elitepvpers.de
O1 - Hosts: 69.14.97.17 guru.avg.com
O1 - Hosts: 69.14.97.17 downloads.sophos.com
O1 - Hosts: 69.14.97.17 share.skype.com
O1 - Hosts: 69.14.97.17 myantispyware.com
O1 - Hosts: 69.14.97.17 http://www.computerhilfen.de
O1 - Hosts: 69.14.97.17 http://www.superuser.co.kr
O1 - Hosts: 69.14.97.17 ntfaq.co.kr
O1 - Hosts: 69.14.97.17 v.dreamwiz.com
O1 - Hosts: 69.14.97.17 cit.kookmin.ac.kr
O1 - Hosts: 69.14.97.17 forums.whatthetech.com
O1 - Hosts: 69.14.97.17 forum.hijackthis.de
O1 - Hosts: 69.14.97.17 avg.vo.llnwd.net
O1 - Hosts: 69.14.97.17 ftp.drweb.com
O1 - Hosts: 69.14.97.17 http://www.zonealarm.com
O1 - Hosts: 69.14.97.17 smadaver.com
O1 - Hosts: 69.14.97.17 support.emsisoft.com
O1 - Hosts: 69.14.97.17 psychoski.blogspot.com
O1 - Hosts: 69.14.97.17 http://www.huaifai.go.th
O1 - Hosts: 69.14.97.17 http://www.mostz.com
O1 - Hosts: 69.14.97.17 http://www.krupunmai.com
O1 - Hosts: 69.14.97.17 http://www.cddchiangmai.net
O1 - Hosts: 69.14.97.17 forum.malekal.com
O1 - Hosts: 69.14.97.17 tech.pantip.com
O1 - Hosts: 69.14.97.17 sapcupgrades.com
O1 - Hosts: 69.14.97.17 http://www.elguruinformatico.com
O1 - Hosts: 69.14.97.17 forums.avg.com
O1 - Hosts: 69.14.97.17 zastita.com
O1 - Hosts: 69.14.97.17 support.kaspersky.com
O1 - Hosts: 69.14.97.17 http://www.247fixes.com
O1 - Hosts: 69.14.97.17 forum.sysinternals.com
O1 - Hosts: 69.14.97.17 forum.telecharger.01net.com
O1 - Hosts: 69.14.97.17 sophos.com
O1 - Hosts: 69.14.97.17 foros.softonic.com
O1 - Hosts: 69.14.97.17 avast-home.uptodown.com
O1 - Hosts: 69.14.97.17 dr-web-cureit.softonic.com
O1 - Hosts: 69.14.97.17 heavenward.ru
O1 - Hosts: 69.14.97.17 forum.smadav.net
O1 - Hosts: 69.14.97.17 http://www.forum.kaspersky.com
O1 - Hosts: 69.14.97.17 http://www.f-secure.com
O1 - Hosts: 69.14.97.17 http://www.chkrootkit.org
O1 - Hosts: 69.14.97.17 diamondcs.com.au
O1 - Hosts: 69.14.97.17 http://www.rootkit.nl
O1 - Hosts: 69.14.97.17 http://www.sysinternals.com
O1 - Hosts: 69.14.97.17 z-oleg.com
O1 - Hosts: 69.14.97.17 espanol.dir.groups.yahoo.com
O1 - Hosts: 69.14.97.17 ftp01net.telechargement.fr
O1 - Hosts: 69.14.97.17 modelayu.com
O1 - Hosts: 69.14.97.17 vaksin.com
O1 - Hosts: 69.14.97.17 bbs.kaspersky.com.cn
O1 - Hosts: 69.14.97.17 http://www.castlecrops.com
O1 - Hosts: 69.14.97.17 http://www.misec.net
O1 - Hosts: 69.14.97.17 safecomputing.umn.edu
O1 - Hosts: 69.14.97.17 http://www.antirootkit.com
O1 - Hosts: 69.14.97.17 http://www.greatis.com
O1 - Hosts: 69.14.97.17 ar.answers.yahoo.com
O1 - Hosts: 69.14.97.17 http://www.elhacker.org
O1 - Hosts: 69.14.97.17 research.pandasecurity.com
O1 - Hosts: 69.14.97.17 http://www.tpu.ro
O1 - Hosts: 69.14.97.17 http://www.pinoyden.com
O1 - Hosts: 69.14.97.17 forum.avira.de
O1 - Hosts: 69.14.97.17 http://www.rootkit.com
O1 - Hosts: 69.14.97.17 http://www.pctools.com
O1 - Hosts: 69.14.97.17 http://www.pcsupportadvisor.com
O1 - Hosts: 69.14.97.17 http://www.resplendence.com
O1 - Hosts: 69.14.97.17 http://www.personal.psu.edu
O1 - Hosts: 69.14.97.17 foro.ethek.com
O1 - Hosts: 69.14.97.17 foro.elhacker.net
O1 - Hosts: 69.14.97.17 download.zonealarm.com
O1 - Hosts: 69.14.97.17 spywarehammer.com
O1 - Hosts: 69.14.97.17 http://www.codelain.com
O1 - Hosts: 69.14.97.17 http://www.thaicert.org
O1 - Hosts: 69.14.97.17 vil.nail.com
O1 - Hosts: 69.14.97.17 search.mcafee.com
O1 - Hosts: 69.14.97.17 wwww.mcafee.com
O1 - Hosts: 69.14.97.17 download.nai.com
O1 - Hosts: 69.14.97.17 wwww.experts-exchange.com
O1 - Hosts: 69.14.97.17 http://www.bakunos.com
O1 - Hosts: 69.14.97.17 http://www.darkclockers.com
O1 - Hosts: 69.14.97.17 www2.gmer.net
O1 - Hosts: 69.14.97.17 ariefew.com
O1 - Hosts: 69.14.97.17 http://www.emsisoft.com
O1 - Hosts: 69.14.97.17 forum.romeonet.ro
O1 - Hosts: 69.14.97.17 http://www.arenajunkies.com
O1 - Hosts: 69.14.97.17 http://www.Merijn.org
O1 - Hosts: 69.14.97.17 http://www.spywareinfo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ext2 Volume Manager] C:\Program Files\Ext2Fsd\Ext2Mgr.exe -quiet
O4 - HKLM\..\Run: [conime.exe] conime.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/ ... Signed.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

--
End of file - 14060 bytes



Uninstall list

"Minimal SYStem 1.0.11"
"MSYS Developer Tool Kit 1.0.1"
7 Wonders of the Ancient World
7-Zip 4.65
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bejeweled 2 Deluxe
BeTrapped!
BitComet 1.16
Bonjour
Bookworm Deluxe
Bricks of Atlantis
Bricks of Egypt
Cake Mania
Chicken Rush
Chuzzle
Conexant HD Audio
Customer Experience Enhancement
Easy Internet Sign-up
ESPNMotion
Ext2Fsd 0.48
FormatFactory 2.20
Gem Shop
GemMaster Mystic
Google Gears
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GTK+ Runtime 2.14.7 rev a (remove only)
HDAUDIO Soft Data Fax Modem with SmartCP
Hexic
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Help and Support
HP Imaging Device Functions 6.0
HP Integrated Module with Bluetooth wireless technology
HP Pavilion Webcam
HP Pavilion Webcam Demo
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Update
HP User Guides 0027
HP Wireless Assistant 2.00 G2
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
Jewel of Atlantis
Jewel Quest
Jigsaw 365
K-Lite Codec Pack 4.7.5 (Full)
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic Ball 2
Magic Match
Mahjong Match
McAfee Agent
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft National Language Support Downlevel APIs
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Works
MinGW 5.1.6
Mosiac - Tomb of Mystery
Mozaki Blocks
Mozilla Firefox (3.5.6)
Mozilla Thunderbird (3.0.1)
MSDN Library for Visual Studio 2005
MSDN Library for Visual Studio 2005
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
muvee autoProducer 5.0
Mystery Case Files - Huntsville
NetWaiting
Notepad++
Ocean Express
OpenOffice.org 3.1
Otto
Pat Sajak’s Lucky Letters
Pidgin
Poker Superstars 2
QuickTime
Rainbow Web
RapidSVN-0.12.0
RealPlayer
Ricochet Lost Worlds
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype™ 4.1
Slingo
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Synaptics Pointing Device Driver
Tiks Texas Hold em
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.3
Windows Defender
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB915381
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wonderland - Secret Worlds
Zuma Deluxe

panther
Active Member
 
Posts: 7
Joined: January 27th, 2010, 1:53 pm
Advertisement
Register to Remove

Re: Malware attack

Unread postby MWR 3 day Mod » February 3rd, 2010, 9:58 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Malware attack

Unread postby muppy03 » February 8th, 2010, 5:06 am

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

Quite a collection you have there!

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet 1.16

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). Also take note that remnants of the above program/s and any other P2P program found will be removed when cleaning.

Multiple Anti-virus Programs
You are operating your computer with multiple Anti-virus programs running in memory at once:
Avira AntiVir Personal - Free Antivirus
McAfee Agent


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them NOW.

Once the above is done please post back a NEW HJT log.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Malware attack

Unread postby panther » February 8th, 2010, 12:56 pm

Removed BitComet and McAfee Agent.

New HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:03 PM, on 2/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ext2Fsd\Ext2Mgr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ext2 Volume Manager] C:\Program Files\Ext2Fsd\Ext2Mgr.exe -quiet
O4 - HKLM\..\Run: [conime.exe] conime.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/ ... Signed.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

--
End of file - 8689 bytes


and uninstall list

"Minimal SYStem 1.0.11"
"MSYS Developer Tool Kit 1.0.1"
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Conexant HD Audio
Customer Experience Enhancement
Easy Internet Sign-up
ESPNMotion
Ext2Fsd 0.48
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GemMaster Mystic
Google Gears
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GTK+ Runtime 2.14.7 rev a (remove only)
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Help and Support
HP Imaging Device Functions 6.0
HP Integrated Module with Bluetooth wireless technology
HP Pavilion Webcam
HP Pavilion Webcam Demo
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Update
HP User Guides 0027
HP Wireless Assistant 2.00 G2
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
Jewel of Atlantis
Jewel Quest
Jigsaw 365
K-Lite Codec Pack 4.7.5 (Full)
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic Ball 2
Mahjong Match
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Device Emulator version 1.0 - ENU
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Professional Edition - ENU
Microsoft Works
MinGW 5.1.6
Mosiac - Tomb of Mystery
Mozaki Blocks
Mozilla Firefox (3.5.6)
Mozilla Thunderbird (3.0.1)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
muvee autoProducer 5.0
Mystery Case Files - Huntsville
NetWaiting
Notepad++
Ocean Express
OpenOffice.org 3.1
Otto
Pat Sajak�s Lucky Letters
Pidgin
Poker Superstars 2
QuickTime
Rainbow Web
RapidSVN-0.12.0
RealPlayer
Ricochet Lost Worlds
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB925674)
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937060)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype� 4.1
Slingo
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.3
WavPedal 7.0
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB915381
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Zuma Deluxe

panther
Active Member
 
Posts: 7
Joined: January 27th, 2010, 1:53 pm

Re: Malware attack

Unread postby muppy03 » February 8th, 2010, 5:21 pm

Hi Mcafee is still showing in the HJT log,can you post me a log done after you uninstalled please.

Also the HJT is significantly different from the first one posted, let me know if you have run any tools while you were waiting.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Malware attack

Unread postby panther » February 8th, 2010, 10:22 pm

I scanned my pc with Windows Defender and Avira AV with latest updates. Also I ran out of space in my drive so I had to uninstall few programs.

Here is latest HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:45 AM, on 2/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\windows\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ext2Fsd\Ext2Mgr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ext2 Volume Manager] C:\Program Files\Ext2Fsd\Ext2Mgr.exe -quiet
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/ ... Signed.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 8030 bytes
panther
Active Member
 
Posts: 7
Joined: January 27th, 2010, 1:53 pm

Re: Malware attack

Unread postby muppy03 » February 8th, 2010, 11:18 pm

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please reply with:-
  • Combofix log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Malware attack

Unread postby panther » February 9th, 2010, 10:26 am

There was some issue while installing recovery console.

Combofix log is

ComboFix 10-02-08.09 - Panther 02/09/2010 19:27:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1068 [GMT 5.5:30]
Running from: c:\documents and settings\Panther\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Passthru


((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-08 01:50 . 2010-02-08 01:50 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-08 01:50 . 2010-02-08 01:50 -------- d-----w- c:\windows\ShellNew
2010-02-05 06:36 . 2010-02-05 06:36 -------- d-----w- c:\documents and settings\Panther\Local Settings\Application Data\WAVpedal
2010-02-05 06:36 . 2010-02-05 06:36 -------- d-----w- c:\documents and settings\All Users\Application Data\2mWGWmOw0haGithHFng
2010-02-05 06:35 . 2003-07-21 17:57 49152 ----a-w- c:\windows\system32\WVPPatt.dll
2010-02-05 06:35 . 2003-03-26 06:55 49152 ----a-w- c:\windows\system32\TPCV2W.dll
2010-02-05 06:35 . 2000-06-09 07:36 90112 ----a-w- c:\windows\system32\WVPSRP.dll
2010-02-05 06:35 . 1998-03-05 12:16 125440 ----a-w- c:\windows\system32\sx96v32.dll
2010-02-05 06:35 . 2007-07-25 07:58 40960 ----a-w- c:\windows\system32\WVPSetup.dll
2010-02-05 06:35 . 2002-11-15 07:15 49152 ----a-w- c:\windows\system32\WVPCDINT.dll
2010-02-05 06:35 . 2002-09-16 10:56 28672 ----a-w- c:\windows\system32\WVPDSVI.dll
2010-02-05 06:35 . 2002-07-09 10:18 49152 ----a-w- c:\windows\system32\WVPODINT.dll
2010-02-05 06:35 . 2000-12-07 05:15 348672 ----a-w- c:\windows\system32\WVPHW1.dll
2010-02-05 06:35 . 2000-06-07 07:16 15872 ----a-w- c:\windows\system32\akrip32.dll
2010-02-05 06:35 . 1999-02-19 03:24 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2010-02-02 04:54 . 2010-02-02 04:54 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2010-02-02 04:52 . 2010-02-02 04:52 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-02-01 05:11 . 2010-02-01 05:11 -------- d-----w- c:\program files\MSXML 6.0
2010-01-29 13:48 . 2010-01-29 13:48 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-29 07:08 . 2010-01-29 07:08 -------- d-----w- c:\program files\Trend Micro
2010-01-29 07:00 . 2009-03-30 04:03 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-29 07:00 . 2009-02-13 05:59 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-29 07:00 . 2009-02-13 05:47 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-29 07:00 . 2010-01-29 07:00 -------- d-----w- c:\program files\Avira
2010-01-29 07:00 . 2010-01-29 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-28 08:58 . 2010-01-28 08:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-28 08:40 . 2010-01-28 08:40 -------- d-----w- c:\documents and settings\Panther\Local Settings\Application Data\PCHealth
2010-01-28 06:41 . 2010-01-28 09:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-27 16:44 . 2010-01-27 16:50 55328 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-27 16:44 . 2010-01-27 16:50 4384 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-01-27 15:42 . 2010-01-27 16:49 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-27 15:41 . 2010-01-27 15:41 -------- d-----w- c:\documents and settings\Panther\Local Settings\Application Data\Downloaded Installations
2010-01-27 15:33 . 2010-01-27 15:33 -------- d-----w- c:\documents and settings\Panther\Application Data\Malwarebytes
2010-01-27 15:33 . 2010-01-27 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-27 15:31 . 2010-01-29 07:09 31744 ----a-w- c:\windows\system32\wmihtkr.exe
2010-01-27 10:23 . 2010-01-27 10:23 -------- d-----w- c:\program files\Common Files\Cisco Systems
2010-01-27 10:23 . 2002-11-15 00:02 55808 ----a-w- c:\windows\system32\devcon.exe
2010-01-27 10:14 . 2009-08-06 13:53 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-27 10:14 . 2009-08-06 13:53 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-27 09:34 . 2010-01-14 05:42 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-27 09:22 . 2010-01-27 09:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2010-01-26 06:23 . 2010-01-26 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-01-26 06:23 . 2010-01-26 06:23 -------- d-----w- c:\documents and settings\Panther\Application Data\PC Suite
2010-01-25 19:01 . 2007-05-02 11:01 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-01-25 19:01 . 2007-09-17 10:23 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-25 19:00 . 2010-01-28 09:10 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-01-25 19:00 . 2010-01-25 19:00 -------- d-----w- c:\program files\DIFX
2010-01-25 18:59 . 2009-06-03 04:04 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-01-25 18:59 . 2009-06-03 04:04 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2010-01-25 18:59 . 2009-05-18 05:12 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-01-25 18:59 . 2010-01-27 09:28 -------- d-----w- c:\documents and settings\Panther\Application Data\Samsung
2010-01-23 11:26 . 2010-02-08 08:03 -------- d-----w- c:\documents and settings\Panther\Application Data\vlc
2010-01-20 07:09 . 2010-01-20 07:09 -------- d-----w- c:\documents and settings\Panther\Local Settings\Application Data\Little_Apps_(http___www.l
2010-01-20 07:00 . 2010-01-28 08:58 -------- d-----w- c:\program files\Common Files\Little Registry Cleaner
2010-01-20 06:59 . 2010-01-28 08:58 -------- d-----w- c:\program files\Little Registry Cleaner
2010-01-20 06:51 . 2010-01-20 06:51 -------- d-----w- c:\documents and settings\Panther\Application Data\Uniblue
2010-01-19 19:12 . 2010-01-19 19:12 60484 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-19 08:46 . 2010-01-19 08:46 153008 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-19 06:57 . 2010-01-19 06:57 -------- d-----w- c:\documents and settings\Panther\Local Settings\Application Data\Seesmic
2010-01-19 06:53 . 2010-01-20 07:09 -------- d-----w- c:\documents and settings\Panther\Local Settings\Application Data\Deployment
2010-01-19 06:45 . 2010-01-19 06:45 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-19 06:44 . 2010-01-19 06:44 -------- d-----w- c:\program files\Reference Assemblies
2010-01-19 06:44 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-19 06:43 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-19 06:43 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-19 06:43 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-19 06:43 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-19 06:43 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-19 06:43 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-19 06:43 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-19 06:43 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-18 07:29 . 2010-02-02 04:54 -------- d-----w- c:\program files\Microsoft SQL Server
2010-01-18 07:29 . 2010-01-18 07:29 -------- d-----w- c:\program files\Microsoft Device Emulator
2010-01-18 07:29 . 2010-01-18 07:29 -------- d-----w- c:\program files\Microsoft SQL Server 2005 Mobile Edition
2010-01-18 07:20 . 2010-01-18 07:20 -------- d-----w- c:\program files\MSBuild
2010-01-18 07:13 . 2010-01-18 07:32 -------- d-----w- c:\program files\Microsoft.NET
2010-01-18 07:13 . 2010-01-18 07:15 -------- d-----w- c:\program files\Common Files\Business Objects
2010-01-18 07:13 . 2010-01-18 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2010-01-18 07:13 . 2010-01-18 07:13 -------- d-----w- c:\windows\Symbols
2010-01-18 07:13 . 2010-01-18 07:13 -------- d-----w- c:\program files\CE Remote Tools
2010-01-18 07:13 . 2010-01-18 07:20 -------- d-----w- c:\program files\HTML Help Workshop
2010-01-18 07:13 . 2010-01-18 07:19 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-01-18 07:11 . 2010-01-18 07:11 -------- d-----w- c:\documents and settings\Panther\Local Settings\Application Data\Microsoft Help
2010-01-18 07:11 . 2010-02-02 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-18 07:11 . 2010-01-18 07:20 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-17 17:57 . 2010-01-17 17:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-15 04:10 . 2010-01-15 04:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 11:52 . 2009-06-30 07:24 -------- d-----w- c:\documents and settings\Panther\Application Data\.purple
2010-02-09 09:53 . 2010-02-09 09:53 1065 ----a-w- c:\documents and settings\Panther\Application Data\.purple\certificates\x509\tls_peers\talk.google.com
2010-02-09 02:08 . 2006-12-30 01:17 -------- d-----w- c:\program files\Oberon Media
2010-02-08 16:40 . 2009-06-14 19:55 -------- d-----w- c:\program files\BitComet
2010-02-08 04:09 . 2006-12-30 00:30 77320 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 10:41 . 2010-01-05 05:45 -------- d-----w- c:\program files\Notepad++
2010-02-04 10:41 . 2009-04-18 03:11 -------- d-----w- c:\documents and settings\Panther\Application Data\Notepad++
2010-02-04 06:56 . 2009-06-30 16:21 1 ----a-w- c:\documents and settings\Panther\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-01 04:47 . 2009-12-24 08:28 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-28 09:00 . 2009-07-07 17:02 -------- d-----w- c:\program files\Gabest
2010-01-28 09:00 . 2006-12-30 00:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-27 16:50 . 2010-01-27 16:44 1724 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-27 16:50 . 2010-01-27 16:44 1484 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-01-27 10:56 . 2006-12-30 01:12 -------- d-----w- c:\program files\DivX
2010-01-27 06:30 . 2006-12-30 01:10 -------- d-----w- c:\program files\Google
2010-01-27 05:55 . 2009-04-04 10:15 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-25 18:59 . 2006-12-30 16:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-20 08:03 . 2009-11-04 16:07 -------- d-----r- c:\program files\Skype
2010-01-20 06:45 . 2009-11-04 16:08 -------- d-----w- c:\documents and settings\Panther\Application Data\Skype
2010-01-20 02:54 . 2009-11-04 16:10 -------- d-----w- c:\documents and settings\Panther\Application Data\skypePM
2010-01-19 18:58 . 2009-12-22 17:30 -------- d-----w- c:\documents and settings\Panther\Application Data\Apple Computer
2010-01-19 18:57 . 2009-12-22 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-19 07:01 . 2010-01-08 05:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-19 06:47 . 2010-01-07 07:23 -------- d-----w- c:\documents and settings\Panther\Application Data\Dev-Cpp
2010-01-08 19:50 . 2010-01-08 19:50 -------- d-----w- c:\program files\GameTop.com
2010-01-06 13:05 . 2009-04-04 10:37 -------- d-----w- c:\documents and settings\Panther\Application Data\Thunderbird
2010-01-06 10:17 . 2010-01-06 10:17 -------- d-----w- c:\program files\Ext2Fsd
2010-01-05 17:46 . 2010-01-05 17:46 -------- d-----w- c:\program files\Oldgames
2010-01-05 16:20 . 2006-12-30 16:24 -------- d-----w- c:\program files\Java
2010-01-05 16:19 . 2010-01-05 16:19 152576 ----a-w- c:\documents and settings\Panther\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-05 16:19 . 2009-12-11 16:06 79488 ----a-w- c:\documents and settings\Panther\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-05 10:00 . 2006-03-16 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-03-16 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-03-16 04:00 17408 ------w- c:\windows\system32\corpol.dll
2010-01-04 13:11 . 2010-01-04 13:11 -------- d-----w- c:\documents and settings\Panther\Application Data\Subversion
2010-01-04 13:11 . 2010-01-04 13:11 -------- d-----w- c:\program files\RapidSVN-0.12.0
2010-01-04 02:37 . 2009-09-02 14:58 -------- d-----w- c:\program files\Common Files\Oracle
2010-01-03 08:01 . 2009-12-31 03:07 -------- d-----w- c:\program files\Trillian
2010-01-01 12:35 . 2010-01-01 12:35 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-01-01 11:32 . 2010-01-01 11:32 -------- d-----w- c:\program files\EASEUS
2009-12-31 03:15 . 2009-12-31 03:08 -------- d-----w- c:\documents and settings\Panther\Application Data\Trillian
2009-12-24 12:26 . 2009-12-24 12:25 -------- d-----w- c:\program files\SP39371
2009-12-24 12:20 . 2006-12-30 00:56 -------- d-----w- c:\program files\DIGStream
2009-12-24 10:32 . 2009-12-24 07:38 -------- d-----w- c:\documents and settings\Panther\Application Data\HpUpdate
2009-12-24 08:22 . 2009-04-04 06:15 -------- d-----w- c:\program files\Symantec AntiVirus
2009-12-24 07:38 . 2006-12-30 16:24 -------- d-----w- c:\program files\HP
2009-12-24 07:21 . 2009-12-24 07:21 -------- d-----w- c:\documents and settings\Panther\Application Data\AccurateRip
2009-12-24 07:02 . 2009-12-24 06:45 10890928 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-12-24 06:45 . 2009-12-24 06:45 -------- d-----w- c:\program files\Illustrate
2009-12-22 17:29 . 2009-12-22 17:27 -------- d-----w- c:\program files\iTunes
2009-12-22 17:27 . 2009-12-22 17:27 -------- d-----w- c:\program files\iPod
2009-12-22 17:27 . 2009-12-22 17:22 -------- d-----w- c:\program files\Common Files\Apple
2009-12-22 17:27 . 2009-12-22 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-12-22 17:26 . 2009-12-22 17:24 -------- d-----w- c:\program files\QuickTime
2009-12-22 17:24 . 2009-12-22 17:24 -------- d-----w- c:\program files\Apple Software Update
2009-12-21 16:54 . 2009-12-21 16:54 -------- d-----w- c:\documents and settings\Panther\Application Data\CyberLink
2009-12-21 16:54 . 2009-12-21 16:54 -------- d-----w- c:\documents and settings\Panther\Application Data\HP
2009-12-20 13:37 . 2009-12-20 13:37 -------- d-----w- c:\program files\7-Zip
2009-11-21 15:51 . 2006-03-16 04:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2007-01-31 17:32 . 2009-04-04 18:10 0 -csha-w- c:\windows\SMINST\HPCD.SYS
.

------- Sigcheck -------

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-23 61952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-15 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2006-03-15 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-03-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Ext2 Volume Manager"="c:\program files\Ext2Fsd\Ext2Mgr.exe" [2009-07-30 1216648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\conime.exe]
2008-04-14 00:12 27648 ----a-w- c:\windows\system32\conime.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-09 15:30 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\wmihtkr.exe"= c:\\windows\\system32\\wmihtkr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27260:TCP"= 27260:TCP:BitComet 27260 TCP
"27260:UDP"= 27260:UDP:BitComet 27260 UDP

R0 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [1/6/2010 3:47 PM 651264]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/29/2010 12:30 PM 108289]
S0 nlukwpsx;nlukwpsx;c:\windows\system32\Drivers\nlukwpsx.sys --> c:\windows\system32\Drivers\nlukwpsx.sys [?]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/15/2010 9:40 AM 135664]
S3 Flash1;Flash1;c:\program files\SP39371\winphlash\FLASH1.sys [3/1/2006 5:54 PM 3456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [1/26/2010 12:29 AM 36608]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 7:01 AM 2799808]
.
Contents of the 'Scheduled Tasks' folder

2010-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 07:04]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 18:58]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 18:58]

2010-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-728021756-589645043-180274925-1005Core.job
- c:\documents and settings\Panther\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-11 17:06]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-728021756-589645043-180274925-1005UA.job
- c:\documents and settings\Panther\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-11 17:06]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Panther\Application Data\Mozilla\Firefox\Profiles\jl1bxut5.default\
FF - component: c:\documents and settings\Panther\Application Data\Mozilla\Firefox\Profiles\jl1bxut5.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - plugin: c:\documents and settings\Panther\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 19:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???xc????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3512)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-02-09 19:43:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-09 14:13

Pre-Run: 1,208,414,208 bytes free
Post-Run: 1,100,562,432 bytes free

- - End Of File - - F34BCC4A5ACE32DB12BE46C686555F6F


New HJT log is

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:59 PM, on 2/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ext2Fsd\Ext2Mgr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ext2 Volume Manager] C:\Program Files\Ext2Fsd\Ext2Mgr.exe -quiet
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/ ... Signed.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 7994 bytes


Please advice further action.
panther
Active Member
 
Posts: 7
Joined: January 27th, 2010, 1:53 pm

Re: Malware attack

Unread postby muppy03 » February 9th, 2010, 5:29 pm

Please update on what problems you are experiencing?

Did you intentionally remove this file:-

    c:\windows\System32\ctfmon.exe ... is missing !!

Is the computer used for business?

There was some issue while installing recovery console.

What was the issue please?


Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - <res://C>:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)


Once selected close all windows except HJT an click on Fix Checked

Please reply with answers to the above questions.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Malware attack

Unread postby panther » February 10th, 2010, 1:16 pm

muppy03 wrote:Please update on what problems you are experiencing?
Auto guard for my anti virus gets disabled automatically and I am not able to enable it. Some random folder will be created in my hard drive which will have only .rfq file. Also not able to create system restore point.
Did you intentionally remove this file:-
    c:\windows\System32\ctfmon.exe ... is missing !!
No

Is the computer used for business?
yes

There was some issue while installing recovery console.

What was the issue please?
something related to boot enumeration disk. Combo fix was not able to find boot enum hard disk. My PC is dual boot with XP and ubuntu.
Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - <res://C>:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)

Done.
panther
Active Member
 
Posts: 7
Joined: January 27th, 2010, 1:53 pm

Re: Malware attack

Unread postby muppy03 » February 11th, 2010, 3:33 am

Is the computer used for business?

Yes


I am sorry to inform you that the forum rules do not allow us to work on business-related computers:


Posting for help for business machines

This forum was set up specifically to help home users, our volunteer helpers choose not to work on business machines.

Computers used in a business environment often have policies and other modifications made to them. It is impossible for us to differentiate these from ones that have been made by an infection, so in removing what we think is an infection, we may compromise the business set up of your computer.

The scans we run often reveal information that most businesses would not want exposed in an open forum, and there are other legal constraints and ramifications involved with business machines that we are not equipped or trained to deal with.

We will close any topic where we believe the computer is one that is used in a business environment, irrespective of whether that business is a large company or a small one man enterprise.


In light of the above the topic will be closed.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Malware attack

Unread postby Dakeyras » February 11th, 2010, 6:43 am

As this issue involves either a company owned machine or a machine that is used for business purposes, it falls outside the scope of this forum. Therefore, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware