Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help with this Hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help with this Hijackthis log

Unread postby GregS » October 29th, 2010, 11:04 pm

Hi, please help with this Hijackthis log file. A couple of weeks ago I started to get a lot of pop up windows about virus detection. Thinkpoint was one of them. Since the infection my MBR has been damaged. I have done a windows repair and now can get back in. (deltalima, not sure what happened, I thought I posted your request, thanks for your help anyway.)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:51:44 PM, on 30/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Primary\LOCALS~1\Temp\Vss.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Siemens\Common\S7ubtoox\s7ubtstx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Tweak-XP Pro\AdBlocker.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\PrayayaV3\V3\V3Detect.exe
C:\Siemens\Common\Sqlany\dbsrv7.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\opcenum.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Siemens\Common\S7IEPG\s7oiehsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Siemens\Common\sws\almsrv\almsrvx.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?clie ... fde8d1391d
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MagUninstall] "C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [S7UB Start] "C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cgeyiba] rundll32.exe "C:\WINDOWS\ijuyixusu.dll",Startup
O4 - HKLM\..\Run: [wsoaexrnmc.tmp] "C:\DOCUME~1\Primary\LOCALS~1\Temp\wsoaexrnmc.tmp"
O4 - HKLM\..\Run: [eownmsxacr.tmp] "C:\DOCUME~1\Primary\LOCALS~1\Temp\eownmsxacr.tmp"
O4 - HKLM\..\Run: [uPc+MV0NaiaCxl] rundll32.exe C:\WINDOWS\system32\m2nnws2m.dll, SystemServer
O4 - HKLM\..\Run: [HNUmqHTgrNec] C:\DOCUME~1\Primary\LOCALS~1\Temp\xi3j3gczf5.exe
O4 - HKLM\..\Run: [uPc+MV0NmeaGuo] rundll32.exe C:\WINDOWS\system32\ybbkq6g.dll, SystemServer
O4 - HKLM\..\Run: [HNUmqHTgpvQ] C:\DOCUME~1\Primary\LOCALS~1\Temp\lotcox5.exe
O4 - HKLM\..\Run: [HNUmqHTgosf] C:\DOCUME~1\Primary\LOCALS~1\Temp\taskmgr.exe
O4 - HKLM\..\Run: [HNUmqHTgupf] C:\DOCUME~1\Primary\LOCALS~1\Temp\sysedit.exe
O4 - HKLM\..\Run: [HNUmqHTgob] C:\DOCUME~1\Primary\LOCALS~1\Temp\drweb.exe
O4 - HKLM\..\Run: [uPc+MV0NaXMCxl] rundll32.exe C:\WINDOWS\system32\ev1v88x4.dll, SystemServer
O4 - HKLM\..\Run: [HNUmqHTgmR] C:\DOCUME~1\Primary\LOCALS~1\Temp\dhns6.exe
O4 - HKLM\..\Run: [uPc+MV0NXxaGuo] rundll32.exe C:\WINDOWS\system32\a9ffxrv.dll, SystemServer
O4 - HKLM\..\Run: [HNUmqHTgtrf] C:\DOCUME~1\Primary\LOCALS~1\Temp\svchost.exe
O4 - HKLM\..\Run: [HNUmqHTgruf] C:\DOCUME~1\Primary\LOCALS~1\Temp\wininst.exe
O4 - HKLM\..\Run: [HNUmqHTguuc] C:\DOCUME~1\Primary\LOCALS~1\Temp\system.exe
O4 - HKLM\..\Run: [HNUmqHTgrA] C:\DOCUME~1\Primary\LOCALS~1\Temp\win32.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HNUmqHTgpvc] C:\DOCUME~1\Primary\LOCALS~1\Temp\rhstoh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [BlockAds] "C:\Program Files\Tweak-XP Pro\AdBlocker.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Primary\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [V3Detect.exe] C:\Program Files\PrayayaV3\V3\V3Detect.exe
O4 - HKCU\..\Run: [{DE7A97F9-D38B-7037-1C8C-5E04B6ADD7AB}] "C:\Documents and Settings\Primary\Application Data\Akduu\gonef.exe"
O4 - HKCU\..\Run: [Qhehewuku] rundll32.exe "C:\WINDOWS\asamlk.dll",Startup
O4 - HKCU\..\Run: [dfrgsnapnt.exe] C:\DOCUME~1\Primary\LOCALS~1\Temp\dfrgsnapnt.exe
O4 - HKCU\..\Run: [uPc+MV0NaiaCxl] rundll32.exe C:\WINDOWS\system32\m2nnws2m.dll, SystemServer
O4 - HKCU\..\Run: [HNUmqHTgrNec] C:\DOCUME~1\Primary\LOCALS~1\Temp\xi3j3gczf5.exe
O4 - HKCU\..\Run: [uPc+MV0NmeaGuo] rundll32.exe C:\WINDOWS\system32\ybbkq6g.dll, SystemServer
O4 - HKCU\..\Run: [HNUmqHTgpvQ] C:\DOCUME~1\Primary\LOCALS~1\Temp\lotcox5.exe
O4 - HKCU\..\Run: [HNUmqHTgosf] C:\DOCUME~1\Primary\LOCALS~1\Temp\taskmgr.exe
O4 - HKCU\..\Run: [HNUmqHTgupf] C:\DOCUME~1\Primary\LOCALS~1\Temp\sysedit.exe
O4 - HKCU\..\Run: [HNUmqHTgob] C:\DOCUME~1\Primary\LOCALS~1\Temp\drweb.exe
O4 - HKCU\..\Run: [uPc+MV0NaXMCxl] rundll32.exe C:\WINDOWS\system32\ev1v88x4.dll, SystemServer
O4 - HKCU\..\Run: [HNUmqHTgmR] C:\DOCUME~1\Primary\LOCALS~1\Temp\dhns6.exe
O4 - HKCU\..\Run: [uPc+MV0NXxaGuo] rundll32.exe C:\WINDOWS\system32\a9ffxrv.dll, SystemServer
O4 - HKCU\..\Run: [HNUmqHTgtrf] C:\DOCUME~1\Primary\LOCALS~1\Temp\svchost.exe
O4 - HKCU\..\Run: [HNUmqHTgruf] C:\DOCUME~1\Primary\LOCALS~1\Temp\wininst.exe
O4 - HKCU\..\Run: [HNUmqHTguuc] C:\DOCUME~1\Primary\LOCALS~1\Temp\system.exe
O4 - HKCU\..\Run: [HNUmqHTgrA] C:\DOCUME~1\Primary\LOCALS~1\Temp\win32.exe
O4 - HKCU\..\Run: [X3EKEPXJP2] C:\DOCUME~1\Primary\LOCALS~1\Temp\Vsy.exe
O4 - HKCU\..\Run: [KOO9RV9K4Z] C:\DOCUME~1\Primary\LOCALS~1\Temp\Vss.exe
O4 - HKCU\..\Run: [HNUmqHTgpvc] C:\DOCUME~1\Primary\LOCALS~1\Temp\rhstoh.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Internet.lnk = ?
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{267A8950-A608-4DDD-BAEB-4A604C1CDA33}: NameServer = 93.188.162.247,93.188.160.57
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEE55E20-15F7-4E32-9A94-DA5E37BC9409}: NameServer = 93.188.162.247,93.188.160.57
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.247,93.188.160.57
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.247,93.188.160.57
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.162.247,93.188.160.57
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.247,93.188.160.57
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: dfskea98e4iagjiufhg87df87u - {B6BA40C1-A501-59BD-F413-03B03A2C8952} - C:\WINDOWS\system32\aov9aqo3.dll (file missing)
O23 - Service: McAfee Application Installer Cleanup (0100491222649786) (0100491222649786mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\010049~1.EXE (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Siemens\Common\sws\almsrv\almsrvx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: lxdj_device - - C:\WINDOWS\system32\lxdjcoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\opcenum.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Siemens\Common\S7IEPG\s7oiehsx.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 19573 bytes

Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Media Player
Adobe Reader 7.1.0
Adobe SVG Viewer 3.0
A-Men Technologies USB-to-Serial
Anvil Studio
Apple Software Update
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
Ashampoo Magical Optimizer
Ashampoo Magical UnInstall
Audacity 1.2.5
AutoCAD R14.0
Automation License Manager V2.2 + HF3 Professional
Avira AntiVir Personal - Free Antivirus
Bluetooth Stack for Windows by Toshiba
Brain Train Age V3.20
BrainWave Generator
Brother HL-2040
Calendar Builder
Canon CanoScan Toolbox 4.1
CanoScan LiDE20,30 Manual
Capture Text
CCleaner (remove only)
CloneCD
C-more Programming Software Ver2.10 (C:\Program Files\AutomationDirect\C-more_2)
C-more Programming Software Ver2.60 (C:\Program Files\AutomationDirect\C-more_3)
C-more Programming Software Version 1.21 Build 06.18A
C-more USB Driver Ver 2.1.2.1
ConvertXtoDVD 3.2.0.50
Dart XP Pro
DeLogger5
DeTransfer
DeView
DirectSOFT 5 - Programming
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DriveImage XML
DVD Decrypter (Remove Only)
DVD Shrink 3.2
E Series Configuration Utility
Easy Video Converter 6.0.1
EasyAlgebra
eSnips Downloader
Exact Audio Copy 0.99pb4
EZTouch Programming Software
FactoryTalk Activation Client v2.00.01 (CPR 7)
FactoryTalk Automation Platform 2.00 (CPR 7)
FinePrint
Focus Magic 3.02
GLOBEtrotter FLEXid Drivers
Google Base Store Connector
Google Desktop
Google Earth
Google Update Helper
Google Updater
GSM SIM Utility V4.8
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
HP USB Disk Storage Format Tool
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Intelligent Remote Module
intelliScore Ensemble
Interactive Repair Manuals
iPixSoft Flash Slideshow Creator (1.8.6.2)
IrfanView (remove only)
Java(TM) 6 Update 15
Java(TM) 6 Update 5
JetDraft Document Suite 2008 1.20
Jodix Video MP3 Extractor 1.12
Kid's Typing Skills
KidsMath
Lexmark 1400 Series
Lexmark Toolbar
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Lizardtech DjVu Control
McAfee SiteAdvisor
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Standard 2007
Microsoft Office Project Standard 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Virtual PC 2007
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Web Publishing Wizard 1.53
mIWA
mLogView
mMHouse
Mozilla Firefox (3.0.13)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mZConfig
National Instruments Software
Nero 6 Ultra Edition
NetObjects Fusion 9.0
NI EULA Depot
NI MDF Support
Nokia Connectivity Cable Driver
Nokia Map Loader
Nokia Ovi Suite
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
Nokia PC Suite
OmniPage SE
Optus Wireless Broadband
Ovi Desktop Sync Engine
OviMPlatform
Package: Remlap KnowledgeBASE 2.21
Password Depot 2
PC Connectivity Solution
PDF to Word
PDFCreator
Photoship 6 & Acrobat 5 Training
Picasa 3
PL-2303 USB-to-Serial
PowerISO
Powerpac 6
PowerQuest PartitionMagic 8.0
PVMonitor2008-0811
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RHINO Connect Software
Rockwell Windows Firewall Configuration Utility 1.00.01
RSLinx Classic
RSLogix 500 English 7.10.00 (CPR 7)
Security Update for Windows XP (KB923789)
Sentinel System Driver
SIM MAX 10.0
SIM MAX 7.0
SIMATIC STEP 7 V5.4 Professional
SIMATIC S7-GRAPH V5.3 + SP2 Professional
SIMATIC S7-PLCSIM V5.3 + SP1 Professional
SIMATIC S7-SCL V5.3 + SP1 Professional
SIMATIC STEP 7-Micro/WIN 32 V3.1.1.6
Simply Budgets Personal
Simply Calenders v4.91
Smart CD Catalog 2.53 Professional
Snagit 9.1.3
SolarPathfinder Assistant 4.0
Sothink Logo Maker
Teaching-you Project Management Skills
TemCurve 6 - Selectivity Analysis Software
Texas Instruments PCIxx21/x515/xx12 drivers.
ToolBook II 6.1 Runtime Files
Topaz Vivacity
TOSHIBA Disc Creator
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA Software Modem
TweakNow RegCleaner Standard
Tweak-XP Pro
UMS 7.0.0.5
USB PC Camera, Panasonic CCD
Video Viewer
VideoGet
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wacom Tablet
WBFS Manager 3.0
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
XP Codec Pack
Xvid 1.1.3 final uninstall
Yahoo! Install Manager
ZebraDesigner

Thanks
Greg
GregS
Active Member
 
Posts: 7
Joined: October 24th, 2010, 6:01 am
Advertisement
Register to Remove

Re: Please help with this Hijackthis log

Unread postby muppy03 » November 1st, 2010, 4:34 am

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

WGA Diagnostic Tool

Please follow this WGA troubleshooting procedure:

Please post (reply) with the results.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Please help with this Hijackthis log

Unread postby GregS » November 2nd, 2010, 4:11 am

Hi Muppy03, thanks for your assistance, below is the MGA info.
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-PQ9CW-WYJQX-MDP4M
Windows Product Key Hash: 1d2JIv+lszq3upd4q3obxc/NLSU=
Windows Product ID: 76487-OEM-2254895-13416
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010100.2.0.pro
ID: {D77ED46A-E676-4C4F-80F2-72C3296F8195}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office XP Professional with FrontPage - 114 Blocked VLK 2
Microsoft Office Project Standard 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D77ED46A-E676-4C4F-80F2-72C3296F8195}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-MDP4M</PKey><PID>76487-OEM-2254895-13416</PID><PIDType>3</PIDType><SID>S-1-5-21-861567501-261903793-682003330</SID><SYSTEM><Manufacturer>TOSHIBA</Manufacturer><Model>Satellite A200</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>1.70 </Version><SMBIOSVersion major="2" minor="4"/><Date>20070626000000.000000+000</Date></BIOS><HWID>55563307018400EE</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>E. Australia Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90280409-6000-11D3-8CFE-0050048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office XP Professional with FrontPage</Name><Ver>10</Ver><Val>39476F84C4B4004</Val><Hash>4iCnywwNW1w4s9ukTIwGMGxyGic=</Hash><Pid>54185-640-0000025-17748</Pid><PidType>14</PidType></Product><Product GUID="{91120000-003A-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Project Standard 2007</Name><Ver>12</Ver><Val>4AAD789A4D9E6CE</Val><Hash>VSuvyqe919lEWqQP5C3nYjQhl8g=</Hash><Pid>84888-871-2792582-63243</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="10" Result="114"/><App Id="16" Version="10" Result="114"/><App Id="17" Version="10" Result="114"/><App Id="18" Version="10" Result="114"/><App Id="1A" Version="10" Result="114"/><App Id="1B" Version="10" Result="114"/><App Id="3A" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 143BA:Semp Toshiba Informatica Ltda|143BA:TOSHIBA CORPORATION
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

Thanks
Greg.
GregS
Active Member
 
Posts: 7
Joined: October 24th, 2010, 6:01 am

Re: Please help with this Hijackthis log

Unread postby muppy03 » November 2nd, 2010, 4:39 am

I would like you to validate your copy of windows and post back the results.

Unfortunately your copy of Microsoft Office XP Professional with FrontPage is also being used with a blocked product key and will have to be either removed or made genuine before we can continue.

Once you have completed the above steps please re –run the WGA Diagnostic Tool and post the new results.

Thank you :)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Please help with this Hijackthis log

Unread postby GregS » November 3rd, 2010, 5:09 pm

Hi muppy03, I'll reformat and start again. Thanks
GregS
GregS
Active Member
 
Posts: 7
Joined: October 24th, 2010, 6:01 am

Re: Please help with this Hijackthis log

Unread postby muppy03 » November 4th, 2010, 3:51 am

Thanks for letting me know :)

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware