Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Outerinfo, RABCO(/rabio?), JavaCore, "mrofinuXXXXX.exe"(?),


  • This topic is locked This topic is locked

#1
alexconlin

alexconlin

    New Member

  • Member
  • Pip
  • 3 posts
I may be clean after running through all the steps in the "Read this before posting a HijackThis log" topic, but would like to check if someone would be so kind.

OK here goes with the logs, in order according to the "Read this before posting" guide (1. MalwareBytes, 2. SUPERAntiSpyware, 3. ActiveScan, 4. HijackThis Uninstall List, 5. HijackThis Log):

Malwarebytes' Anti-Malware 1.12
Database version: 731

Scan type: Quick Scan
Objects scanned: 34186
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\rabio.rabiobho.1 (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM830b742d (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\pnVes01 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\b152.exe (Trojan.Insider) -> Quarantined and deleted successfully.
C:\WINDOWS\b999.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pnVes01\pnVes011065.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RABCO - Auto Update.lnk (Adware.RABCO) -> Quarantined and deleted successfully.

--------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/09/2008 at 02:02 AM

Application Version : 4.0.1154

Core Rules Database Version : 3455
Trace Rules Database Version: 1447

Scan type : Complete Scan
Total Scan Time : 00:47:01

Memory items scanned : 307
Memory threats detected : 0
Registry items scanned : 4447
Registry threats detected : 1
File items scanned : 71522
File threats detected : 31

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

Adware.JavaCore/NoDNS
HKU\S-1-5-21-3982015445-142611620-3164861575-1003\Software\Microsoft\Windows\CurrentVersion\Run#NoDNS [ C:\Program Files\\NoDNS\\NoDNS.exe ]

Adware.OuterInfo-Installer
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\OIUNINSTALLER.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP23\A0010236.EXE

Adware.Vundo Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0010281.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0011295.DLL

Adware.Rabio Search Enhancer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0010282.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0010283.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0010284.EXE

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0010285.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0010286.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0010287.DLL

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0011296.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0013295.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0014295.DLL

Adware.Vundo-Variant/E
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP29\A0015409.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018176.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018181.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018187.DLL

Trojan.Unclassified/NVCOI
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP44\A0016959.EXE

Trojan.Unclassified/TestCPV
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP44\A0017010.DLL

Adware.Vundo-Variant/H
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018175.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018194.DLL

Trojan.Vundo-Variant/F
C:\WINDOWS\SYSTEM32\LCNPWHQO.DLL
C:\WINDOWS\SYSTEM32\MLUMXCDS.DLL
C:\WINDOWS\SYSTEM32\NVAWVDFO.DLL
C:\WINDOWS\SYSTEM32\OPOQYWPR.DLL
C:\WINDOWS\SYSTEM32\QBJBGYAP.DLL
C:\WINDOWS\SYSTEM32\TDCTQJXP.DLL
C:\WINDOWS\SYSTEM32\WTIOPHOV.DLL
C:\WINDOWS\SYSTEM32\YFFLYQHQ.DLL

--------------------------------------------------------

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-09 10:07:52
PROTECTIONS: 0
MALWARE: 32
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00101555 Application/KillApp.B HackTools No 0 Yes No C:\hp\bin\KillIt.exe
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0apymz9b.default\cookies.txt[.doubleclick.net/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0apymz9b.default\cookies.txt[.com.com/]
00332832 Adware/DollarRevenue Adware No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP23\A0010237.dll
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Owner\Desktop\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018219.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP5\A0000378.EXE
02688464 Adware/DnsInsider Adware No 0 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP44\A0016957.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018208.sys
02896112 Adware/Yazzle Adware No 0 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP44\A0016958.exe
02898626 Adware/PurityScan Adware No 0 No No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP50\A0019171.exe[UE.exe]
02908334 Trj/Downloader.TBZ Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP20\A0008737.exe
02908334 Trj/Downloader.TBZ Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0010293.exe
02909250 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\lnkfflyt.dll.vir
02909454 Adware/Insider Adware No 0 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP42\A0016630.exe
02909454 Adware/Insider Adware No 0 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0010288.exe
02910318 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\cdsfvyib.dll.vir
02910550 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\hsplnrio.dll.vir
02912126 Trj/Downloader.TGP Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0010291.exe
02912883 Trj/Downloader.THP Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0010292.exe
02930316 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\yayxwWQi.dll.vir
02930316 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\cbXOIxyW.dll.vir
02930830 Adware/Maxifiles Adware No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP42\A0016631.exe
02930830 Adware/Maxifiles Adware No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP24\A0010289.exe
02936936 Trj/Downloader.TNT Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP42\A0016632.exe
02937197 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018184.dll
02937197 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\lckixlqr.dll.vir
02937205 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP43\A0016650.dll
02937213 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP42\A0016628.dll
02937260 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018185.dll
02937260 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ldmkqesf.dll.vir
02937362 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\eaqwjuxy.dll.vir
02937362 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018179.dll
02937945 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\pibvjgyh.dll.vir
02937945 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018189.dll
02938488 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP44\A0017012.dll
02938505 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\koawcjxn.dll.vir
02938505 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018182.dll
02938511 Trj/Proxy.BF Virus/Trojan No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\lbrfyivr.dll.vir
02938511 Trj/Proxy.BF Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018183.dll
02938531 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\cvuexali.dll.vir
02938531 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018177.dll
02938570 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\xenwmuls.dll.vir
02938570 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP48\A0018193.dll
02938581 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{2C64A447-4679-4204-A039-16352F4E0E7D}\RP47\A0017077.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location 
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description 
;===============================================================================
=================================================================================
===================
182048 HIGH MS07-069 
176382 HIGH MS07-057 
170906 HIGH MS07-045 
170904 HIGH MS07-043 
164913 HIGH MS07-033 
160623 HIGH MS07-027 
150253 HIGH MS07-016 
;===============================================================================
=================================================================================
===================

--------------------------------------------------------

Adobe Flash Player ActiveX
Adobe Reader 6.0
Adobe Shockwave Player
AVG 8.0
C-Media WDM Audio Driver
Easy Internet Sign-up
Google Gmail Notifier
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Deskjet Preloaded Printer Drivers
HP Image Zone Plus 3.5
HP Pavilion PC Help
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.5
HP Software Update
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Jungle Fruit - Trial Version 1.2
Logitech QuickCam
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
NETGEAR WG311v2 802.11g Wireless PCI Adapter
NVIDIA Drivers
Panda ActiveScan 2.0
Photosmart 140,240,7200,7600,7700,7900 Series
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealPlayer
RecordNow!
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB941569)
Sony Ericsson PC Suite for Smartphones
Sony Ericsson PC Suite for Smartphones
Sony Ericsson Symbian 9 Drivers
SUPERAntiSpyware Free Edition
The Cleaner 5
Update Service
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver

--------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:48:58, on 13/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [803847b1] rundll32.exe "C:\WINDOWS\system32\agcqjwqs.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AutoTBar] AUTOTBAR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\PROGRA~1\FREEDO~1\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\PROGRA~1\FREEDO~1\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\PROGRA~1\FREEDO~1\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\PROGRA~1\FREEDO~1\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1205890100625
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 7885 bytes

--------------------------------------------------------

Thanks in advance for looking at this. You all deserve a lot of karma! :)
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post the logs please
  • 0

#5
alexconlin

alexconlin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
In the guide to installing ComboFix, it refers me to http://support.microsoft.com/kb/310994 for instructions on installing the Windows Recovery Console without my Windows CD. It says "click on the appropriate download for your version of Windows XP (Home or Professional) and the service pack level that you have installed".

I have Service Pack 3 installed, but that is not listed. Sorry but what should I do from here?

Thanks again,

Alex
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Just run ComboFix then
  • 0

#7
alexconlin

alexconlin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OK so when I ran ComboFix it seemed get stuck on step 35. I left it for a few hours and when I came back it had asked me if I wanted to teminate the batch file. I said yes three times, then it seemed to get stuck again and I had to turn off the computer at the mains.

Should I run ComboFix again? I can't seem to find any log in the root folder of the C drive to post...

Thanks again for sticking with me!

Alex
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Try run it in Safe Mode
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP