Scan saved at 11:39:58 AM, on 9/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [FIDMSFLT] Fidmsflt.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SoftTouch] C:\SOFTTO~1\start_Softtouch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: StartClient.lnk = C:\StartClient.bat
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0188480937
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4C5B290-EA8E-45D9-92F6-678741800F12}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Firebird Guardian - Default Instance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\Bin\fbguard.exe
O23 - Service: Firebird Server - Default Instance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\Bin\fbserver.exe
O23 - Service: SoftTouch Alert Server (SoftAlertServer) - Unknown owner - C:\SOFTTO~1\SOFTAL~1.EXE
O23 - Service: SoftTouch Caller Server (SoftCallerServer) - Unknown owner - C:\SOFTTO~1\SOFTCA~1.EXE
O23 - Service: SoftTouch FTP Server (SoftFTPServer) - Unknown owner - C:\SOFTTO~1\SoftFTP.exe
O23 - Service: SoftTouch Guardian Server (SoftGuardianServer) - Unknown owner - C:\SOFTTO~1\SOFTGU~1.EXE
O23 - Service: SoftTouch Main Server (SoftMainServer) - Unknown owner - C:\SOFTTO~1\SMAINS~1.EXE
O23 - Service: SoftTouch Pager Server (SoftPagerServer) - Unknown owner - C:\SOFTTO~1\SOFTPA~1.EXE
O23 - Service: SoftTouch Report Server (SoftReportServer) - Unknown owner - C:\SOFTTO~1\SOFTRE~2.EXE
O23 - Service: SoftTouch Web Server (SoftWebServer) - Unknown owner - C:\SOFTTO~1\SoftWeb.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\RealVNC\WinVNC\WinVNC.exe
--
End of file - 4468 bytes
The computer was infected with a slew of keyloggers and trojans I currently have issues connecting the PC to our POS network any help would be great. I have a log file from the program that found the inital infections as well but have not posted yet due to your policies on the matter. Any additional information needed to help the issue can be gotten just ask. Side not curently SMAIN~1.exe is showing up in the processes I read in a another board that this was possibly another trojan...