Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help with vundo.agent!M [RESOLVED]


  • This topic is locked This topic is locked

#1
DJ_Inferno

DJ_Inferno

    Member

  • Member
  • PipPipPip
  • 108 posts
My laptop was infected with this trojan. I have used webroot spysweeper and it has removed it but i am still having problems with windows explorer crashing when i try to open a web site and internet explorer not opeing that page. Can someone please help me with how to fix this problem and remove vundo completely. I am using windows vista business
  • 0

Advertisements


#2
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello and welcome back to Geeks To Go! My name is BHowett and I will be helping you to get sorted.

Sorry for the delay, as you can tell we are very busy here. If you still need help with you’re issue please do the following, and we will see what we need to do to get you sorted :)

Deckard's System Scanner

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Topic Re-opened at the request of the OP.

ok here is the main text

Deckard's System Scanner v20071014.68
Run by Ben on 2008-07-12 19:16:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
9: 2008-07-12 09:06:42 UTC - RP77 - Windows Defender Checkpoint
8: 2008-07-12 08:59:36 UTC - RP75 - Windows Defender Checkpoint
7: 2008-07-12 08:35:56 UTC - RP73 - Windows Defender Checkpoint
6: 2008-07-12 07:52:12 UTC - RP71 - Installed Nero 8 Trial. Available with Windows Installer version 1.2 and later.
5: 2008-07-12 07:51:46 UTC - RP70 - Installed DirectX


-- First Restore Point --
1: 2008-07-12 05:20:02 UTC - RP64 - Windows Vista Service Pack 1


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Ben.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:01 PM, on 12/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\LGDMEBTN.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nero\Lib\NeroGadgetCMServer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Ben\Downloads\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ben.exe
C:\Windows\System32\wsqmcons.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\Windows\sqvgnrpx.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Ben\AppData\Local\Temp\vtUnLcby.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O13 - Gopher Prefix:
O21 - SSODL: fsrpknov - {1ADBC46B-793E-414F-BA6D-BD3B411BD301} - C:\Windows\fsrpknov.dll (file missing)
O21 - SSODL: fdxbameg - {5500F56C-B7A6-4922-A8D5-3E4D7ADC4084} - C:\Windows\fdxbameg.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--
End of file - 7659 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 lgsnd_filter - c:\windows\system32\drivers\lgsnd_filter.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - c:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-13 04:39:44 80 --a------ C:\Windows\winresetup.cmd
2008-07-13 04:36:59 0 d-------- C:\Windows\SoftwareDistribution
2008-07-13 04:36:28 12 --a------ C:\Windows\bthservsdp.dat
2008-07-13 04:34:52 0 d-------- C:\Windows\CSC
2008-07-13 04:32:12 0 d--hs---- C:\System Volume Information
2008-07-12 19:18:44 0 d-------- C:\Program Files\Trend Micro
2008-07-12 18:00:30 0 d-------- C:\Program Files\NeroInstall.bak
2008-07-12 17:54:15 0 d-------- C:\Program Files\Nero
2008-07-12 17:54:15 0 d-------- C:\Program Files\Common Files\Nero
2008-07-12 17:46:19 26112 --a------ C:\Windows\system32\iiFyyVmj.dll
2008-07-12 17:46:18 26112 --a------ C:\Windows\system32\xxywwtsT.dll
2008-07-12 17:36:10 109782 --a------ C:\Windows\Copernic2001UninstallPlus.exe
2008-07-12 17:36:10 0 d-------- C:\Program Files\Copernic 2001 Pro
2008-07-12 17:29:16 0 d-------- C:\Program Files\Siber Systems
2008-07-12 17:09:37 0 d-------- C:\Program Files\Winamp
2008-07-12 17:00:39 0 d-------- C:\Program Files\DVD Shrink
2008-07-12 15:57:15 0 d-------- C:\Program Files\Messenger Plus! Live
2008-07-12 15:55:34 0 d-------- C:\Windows\PCHEALTH
2008-07-12 15:53:02 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-12 15:52:54 0 d-------- C:\Program Files\Windows Live
2008-07-12 15:34:57 0 d-------- C:\PerfLogs
2008-07-12 14:30:56 192512 --a------ C:\Windows\sqvgnrpx.dll
2008-07-12 14:29:59 102400 --a------ C:\Windows\gpefaowr.exe
2008-07-12 14:29:59 163840 --a------ C:\Windows\eswa.exe
2008-07-12 14:09:07 0 d-------- C:\Windows\system32\appmgmt
2008-07-12 13:55:10 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-12 13:49:33 0 d-------- C:\Program Files\Alwil Software
2008-07-12 13:40:12 0 d-------- C:\Program Files\your.mi.angel
2008-07-12 13:38:28 0 d-------- C:\Windows\system32\Macromed
2008-07-12 13:36:05 0 d-------- C:\Program Files\uTorrent
2008-07-12 12:31:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-12 12:31:12 0 d-------- C:\Program Files\EzManual
2008-07-12 12:30:02 7552 --a------ C:\Windows\system32\drivers\lgsnd_filter.sys
2008-07-12 12:30:02 114688 --a------ C:\Windows\system32\bmpsap.dll <Not Verified; ; Psap module>
2008-07-12 12:30:02 0 d-------- C:\Program Files\LG Software
2008-07-12 12:29:17 126976 --a------ C:\Windows\system32\Imsmudlg.exe <Not Verified; Intel® Corporation; Uninstset Installation Utility>
2008-07-12 12:29:17 0 d-------- C:\Windows\system32\ENU
2008-07-12 12:27:15 0 d-------- C:\Program Files\Softex
2008-07-12 12:20:22 0 d-------- C:\Program Files\Synaptics
2008-07-12 12:19:26 0 d-------- C:\Program Files\IVT Corporation
2008-07-12 12:19:23 0 --a------ C:\Windows\system32\0
2008-07-12 12:19:23 32 --a------ C:\Windows\0
2008-07-12 12:16:22 0 d-------- C:\Program Files\ATI Technologies
2008-07-12 12:16:18 0 d-------- C:\Program Files\ATI
2008-07-12 12:12:26 0 d-------- C:\Windows\system32\RTCOM
2008-07-12 12:11:28 0 d-------- C:\Program Files\Realtek
2008-07-12 12:11:17 499712 -r------- C:\Windows\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-07-12 12:10:22 0 d-------- C:\Program Files\Fingerprint Sensor
2008-07-12 12:08:25 0 d-------- C:\Windows\tiinst
2008-07-12 12:08:09 0 d--hs---- C:\Windows\Installer
2008-07-12 12:07:42 50752 -----n--- C:\Windows\system32\agrsmdel.exe <Not Verified; Agere Systems; Agrsmdel>
2008-07-12 12:07:17 0 d-------- C:\Windows\Options
2008-07-12 12:03:01 0 d-------- C:\Program Files\Intel
2008-07-12 11:09:51 102912 --a------ C:\Windows\system32\Vb6stkit.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-07-12 11:09:51 102160 --a------ C:\Windows\system32\VB6KO.DLL <Not Verified; Microsoft Corporation; Visual Basic Environment>
2008-07-12 11:09:51 9728 --a------ C:\Windows\system32\SYSINKO.DLL <Not Verified; Microsoft Corporation; SysInfo>
2008-07-12 11:09:51 30720 --a------ C:\Windows\system32\Rchtxko.dll <Not Verified; Microsoft Corporation; RichText>
2008-07-12 11:09:51 13824 --a------ C:\Windows\system32\INETKO.DLL <Not Verified; Microsoft Corporation; Microsoft Internet Transfer ???>
2008-07-12 11:09:51 83552 --a------ C:\Windows\system32\GAPI32.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows™ Operating System>
2008-07-12 11:09:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-12 10:54:27 0 d-------- C:\Program Files\lg_swupdate
2008-07-12 10:53:50 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-12 10:49:36 0 dr------- C:\Users\Ben\Searches
2008-07-12 10:49:25 0 dr------- C:\Users\Ben\Contacts
2008-07-12 10:49:17 0 d--hs---- C:\Users\Ben\Templates <TEMPLA~1>
2008-07-12 10:49:17 0 d--hs---- C:\Users\Ben\Start Menu <STARTM~1>
2008-07-12 10:49:17 0 d--hs---- C:\Users\Ben\SendTo
2008-07-12 10:49:17 0 d--hs---- C:\Users\Ben\Recent
2008-07-12 10:49:17 0 d--hs---- C:\Users\Ben\PrintHood <PRINTH~1>
2008-07-12 10:49:17 0 d--hs---- C:\Users\Ben\NetHood
2008-07-12 10:49:17 0 d--hs---- C:\Users\Ben\My Documents <MYDOCU~1>
2008-07-12 10:49:17 0 d--hs---- C:\Users\Ben\Local Settings <LOCALS~1>
2008-07-12 10:49:17 0 d--hs---- C:\Users\Ben\Cookies
2008-07-12 10:49:17 0 d--hs---- C:\Users\Ben\Application Data <APPLIC~1>
2008-07-12 10:49:16 0 dr------- C:\Users\Ben\Videos
2008-07-12 10:49:16 0 dr------- C:\Users\Ben\Saved Games <SAVEDG~1>
2008-07-12 10:49:16 0 dr------- C:\Users\Ben\Pictures
2008-07-12 10:49:16 1048576 --ahs---- C:\Users\Ben\NTUSER.DAT
2008-07-12 10:49:16 0 dr------- C:\Users\Ben\Music
2008-07-12 10:49:16 0 dr------- C:\Users\Ben\Links
2008-07-12 10:49:16 0 dr------- C:\Users\Ben\Favorites <FAVORI~1>
2008-07-12 10:49:16 0 dr------- C:\Users\Ben\Downloads <DOWNLO~1>
2008-07-12 10:49:16 0 dr------- C:\Users\Ben\Documents <DOCUME~1>
2008-07-12 10:49:16 0 dr------- C:\Users\Ben\Desktop
2008-07-12 10:49:16 0 d--h----- C:\Users\Ben\AppData


-- Find3M Report ---------------------------------------------------------------

2008-07-12 17:57:27 0 d-------- C:\Users\Ben\AppData\Roaming\Nero
2008-07-12 17:54:15 0 d-------- C:\Program Files\Common Files
2008-07-12 17:45:34 0 d-------- C:\Users\Ben\AppData\Roaming\uTorrent
2008-07-12 17:15:10 0 d-------- C:\Users\Ben\AppData\Roaming\Winamp
2008-07-12 15:43:59 174 --ahs---- C:\Program Files\desktop.ini
2008-07-12 15:36:05 0 d-------- C:\Program Files\Windows Sidebar
2008-07-12 15:36:05 0 d-------- C:\Program Files\Windows Calendar
2008-07-12 15:36:05 0 d-------- C:\Program Files\Movie Maker
2008-07-12 15:36:04 0 d-------- C:\Program Files\Windows Photo Gallery
2008-07-12 15:36:04 0 d-------- C:\Program Files\Windows Mail
2008-07-12 15:36:04 0 d-------- C:\Program Files\Windows Journal
2008-07-12 15:36:04 0 d-------- C:\Program Files\Windows Collaboration
2008-07-12 15:36:00 0 d-------- C:\Program Files\Windows Defender
2008-07-12 13:48:13 0 d-------- C:\Users\Ben\AppData\Roaming\WinRAR
2008-07-12 13:42:33 0 d-------- C:\Users\Ben\AppData\Roaming\Macromedia
2008-07-12 13:42:33 0 d-------- C:\Users\Ben\AppData\Roaming\Adobe
2008-07-12 13:18:46 0 d-------- C:\Users\Ben\AppData\Roaming\ATI
2008-07-12 12:27:12 0 d-------- C:\Users\Ben\AppData\Roaming\InstallShield
2008-07-12 10:49:28 0 d-------- C:\Users\Ben\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 05:38 PM]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" []
"RtHDVCpl"="RtHDVCpl.exe" [29/12/2006 12:11 PM C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/01/2007 01:36 PM]
"LG Direct Media Button Service"="LGDMEBTN.exe" [14/12/2006 07:50 PM C:\Windows\System32\LGDMEBTN.exe]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [22/12/2006 04:18 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [29/09/2006 12:39 PM]
"BatteryMiser 5"="C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe" [04/02/2007 12:10 PM]
"KeybdUtility"="C:\Program Files\LG Software\On Screen Display\HotKey.exe" [02/02/2007 10:40 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 09:19 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 05:33 PM]
"@"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [12/07/2008 04:44 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [12/07/2008 05:29 PM]
"cmds"="C:\Users\Ben\AppData\Local\Temp\vtUnLcby.dll,c" []

C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [29/09/2006 9:57:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= C:\Windows\system32\bmpsap.dll [11/12/2006 03:58 PM 114688]
"{03E3D45B-681C-481C-B6A3-0D08B12C4AB9}"= C:\Windows\system32\xxywwtsT.dll [12/07/2008 05:46 PM 26112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"fsrpknov"= {1ADBC46B-793E-414F-BA6D-BD3B411BD301} - C:\Windows\fsrpknov.dll [ ]
"fdxbameg"= {5500F56C-B7A6-4922-A8D5-3E4D7ADC4084} - C:\Windows\fdxbameg.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\647691a9]
rundll32.exe "C:\Users\Ben\AppData\Local\Temp\qnbeeiwr.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
rundll32.exe C:\Users\Ben\AppData\Local\Temp\vtUnLcby.dll,c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG Intelligent Update]
"C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Windows\system32\xxywwtsT.dll,#1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sys Variable Enabler]
torrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg
bthsvcs BthServ
GPSvcGroup GPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d45f5074-5040-11dd-9d8a-806e6f6e6963}]
AutoRun\command- D:\autoplay.exe lgcenter.ini


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {CD68B67C-0AAC-EB5B-285E-25DE12617939} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-12 19:21:26 ------------

here is extra

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Business (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 2045.75 MiB / 1273.45 MiB
Pagefile Memory (total/avail): 4324.79 MiB / 3274.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.73 MiB

C: is Fixed (NTFS) - 92.16 GiB total, 64.64 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2100BH - 93.16 GiB - 2 partitions
\PARTITION0 - Unknown - 1024 MiB
\PARTITION1 (bootable) - Installable File System - 92.16 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1201 [VPS 080712-0] v4.8.1201 (ALWIL Software)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: avast! antivirus 4.8.1201 [VPS 080712-0] v4.8.1201 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Ben\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BEN-PC
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=C:\Windows\ConfigSetRoot
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Ben
LOCALAPPDATA=C:\Users\Ben\AppData\Local
LOGONSERVER=\\BEN-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Softex\OmniPass
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Ben\AppData\Local\Temp
TMP=C:\Users\Ben\AppData\Local\Temp
USERDOMAIN=Ben-PC
USERNAME=Ben
USERPROFILE=C:\Users\Ben
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Ben


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
ATI Uninstaller --> C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{161875E2-25A6-44C0-9292-C8C096F3E850}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BatteryMiser 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E55C8F84-160B-41FA-9D41-6210801C0C24}\setup.exe"
BlueSoleil 3.0 Std Release --> MsiExec.exe /X{B174DCA1-D1AF-45B4-976D-87943E4C5957}
Copernic 2001 Pro --> "C:\Windows\Copernic2001UninstallPlus.exe" /ARGSFILE="C:\Program Files\Copernic 2001 Pro\unwise.dat"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
EzManual --> MsiExec.exe /I{6AC8EA9E-3044-46CB-AC0D-69C45D207178}
Inst5657 --> MsiExec.exe /I{FEDE400D-3381-4087-ACCB-689DD8A56123}
Inst565a --> MsiExec.exe /I{3B701A5D-1F4B-4178-8F86-6EB0D6BB3286}
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
LG Direct Media Button Service --> MsiExec.exe /I{B47709FF-F32A-405A-BF0D-F59A98710D69}
LG Intelligent Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{81717D01-32F6-449C-85E1-41AFD678E545}\SETUP.EXE"
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Nero 8 --> MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OmniPass 5.00.13 --> C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe -runfromtemp -l0x0009 -removeonly
On Screen Display --> MsiExec.exe /I{9A8907C0-0C87-4219-8520-ADBDA825C008}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{0409969E-BEFB-44D3-90B9-63BE50FBAE5E}\setup.exe -runfromtemp -l0x0409
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
WebVideo Support --> C:\Windows\gpefaowr.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1171 / Success
Event Submitted/Written: 07/12/2008 07:10:26 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1167 / Success
Event Submitted/Written: 07/12/2008 07:09:26 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type1166 / Success
Event Submitted/Written: 07/12/2008 07:09:24 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type1163 / Success
Event Submitted/Written: 07/12/2008 07:08:37 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type1146 / Error
Event Submitted/Written: 07/12/2008 07:06:34 PM
Event ID/Source: 8194 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {5a6b48c8-57c2-4dff-8c3d-3f26d92f5923}



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type17147 / Error
Event Submitted/Written: 07/12/2008 07:08:54 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type17129 / Warning
Event Submitted/Written: 07/12/2008 07:07:13 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:


Event Record #/Type17125 / Error
Event Submitted/Written: 07/12/2008 07:07:04 PM
Event ID/Source: 10010 / DCOM
Event Description:
{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Event Record #/Type17124 / Warning
Event Submitted/Written: 07/12/2008 07:06:54 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Ben-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Ben-PC27 can't undo changes that you allow.

For more information please see the following:
%Ben-PC275

Scan ID: {93E7B179-31F5-42F7-9B8F-8BA4D2B4259D}

User: Ben-PC\Ben

Name: %Ben-PC271

ID: %Ben-PC272

Severity ID: %Ben-PC273

Category ID: %Ben-PC274

Path Found: %Ben-PC276

Alert Type: %Ben-PC278

Detection Type: 1.1.1600.02

Event Record #/Type17121 / Warning
Event Submitted/Written: 07/12/2008 07:06:48 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Ben-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Ben-PC27 can't undo changes that you allow.

For more information please see the following:
%Ben-PC275

Scan ID: {11205772-B62A-4576-9C71-61E16333289A}

User: Ben-PC\Ben

Name: %Ben-PC271

ID: %Ben-PC272

Severity ID: %Ben-PC273

Category ID: %Ben-PC274

Path Found: %Ben-PC276

Alert Type: %Ben-PC278

Detection Type: 1.1.1600.02



-- End of Deckard's System Scanner: finished at 2008-07-12 19:21:26 ------------


  • 0

#5
DJ_Inferno

DJ_Inferno

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
i am also getting this error on startup

Attached Thumbnails

  • error.jpg

  • 0

#6
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi DJ_Inferno,

Please do the following:



ComboFix

Please visit below webpage for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. DO NOT select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix (located in C:\combofix.txt) when you've accomplished that, along with a new HijackThis log.
  • 0

#7
DJ_Inferno

DJ_Inferno

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
i am running windows vista
  • 0

#8
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi,

just skip the Windows XP Recovery Console part, and run Combofix :)
  • 0

#9
DJ_Inferno

DJ_Inferno

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
ok here you go

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:01 PM, on 12/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\LGDMEBTN.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nero\Lib\NeroGadgetCMServer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Ben\Downloads\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ben.exe
C:\Windows\System32\wsqmcons.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\Windows\sqvgnrpx.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Ben\AppData\Local\Temp\vtUnLcby.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O13 - Gopher Prefix:
O21 - SSODL: fsrpknov - {1ADBC46B-793E-414F-BA6D-BD3B411BD301} - C:\Windows\fsrpknov.dll (file missing)
O21 - SSODL: fdxbameg - {5500F56C-B7A6-4922-A8D5-3E4D7ADC4084} - C:\Windows\fdxbameg.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--
End of file - 7659 bytes



ComboFix 08-07-11.1 - Ben 2008-07-13 0:22:07.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.1305 [GMT 10:00]
Running from: C:\Users\Ben\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\eswa.exe
C:\Windows\gpefaowr.exe
C:\Windows\sqvgnrpx.dll
C:\Windows\system32\iiFyyVmj.dll
C:\Windows\system32\xxywwtsT.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 13:40 --------- d-----w C:\Program Files\Java
2008-07-12 13:39 --------- d-----w C:\Program Files\Common Files\Java
2008-07-12 12:06 --------- d-----w C:\Users\Ben\AppData\Roaming\GoodSync
2008-07-12 12:05 --------- d-----w C:\Program Files\Siber Systems
2008-07-12 09:39 --------- d-----w C:\Program Files\lg_swupdate
2008-07-12 09:34 1,111,344 ----a-w C:\Windows\System32\CS.dll
2008-07-12 09:18 --------- d-----w C:\Program Files\Trend Micro
2008-07-12 08:00 --------- d-----w C:\Program Files\NeroInstall.bak
2008-07-12 07:57 --------- d-----w C:\Users\Ben\AppData\Roaming\Nero
2008-07-12 07:56 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-12 07:54 --------- d-----w C:\ProgramData\Nero
2008-07-12 07:54 --------- d-----w C:\Program Files\Nero
2008-07-12 07:45 --------- d-----w C:\Users\Ben\AppData\Roaming\uTorrent
2008-07-12 07:45 --------- d-----w C:\Program Files\Copernic 2001 Pro
2008-07-12 07:30 --------- d-----w C:\ProgramData\RoboForm
2008-07-12 07:28 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-12 07:15 --------- d-----w C:\Users\Ben\AppData\Roaming\Winamp
2008-07-12 07:10 --------- d-----w C:\Program Files\Winamp
2008-07-12 07:00 --------- d-----w C:\ProgramData\DVD Shrink
2008-07-12 07:00 --------- d-----w C:\Program Files\DVD Shrink
2008-07-12 06:24 --------- d-----w C:\ProgramData\Messenger Plus!
2008-07-12 05:57 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-12 05:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-12 05:55 --------- d-----w C:\Program Files\Windows Live
2008-07-12 05:52 --------- d-----w C:\ProgramData\WLInstaller
2008-07-12 05:43 174 --sha-w C:\Program Files\desktop.ini
2008-07-12 05:36 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-12 05:36 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-12 05:36 --------- d-----w C:\Program Files\Windows Mail
2008-07-12 05:36 --------- d-----w C:\Program Files\Windows Journal
2008-07-12 05:36 --------- d-----w C:\Program Files\Windows Defender
2008-07-12 05:36 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-12 05:36 --------- d-----w C:\Program Files\Windows Calendar
2008-07-12 05:27 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-12 05:27 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-12 04:25 --------- d-----w C:\ProgramData\WinZip
2008-07-12 04:22 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-07-12 03:55 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-12 03:50 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-07-12 03:49 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-07-12 03:49 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-07-12 03:49 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2008-07-12 03:49 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-07-12 03:49 --------- d-----w C:\Program Files\Alwil Software
2008-07-12 03:48 988,216 ----a-w C:\Windows\System32\winload.exe
2008-07-12 03:48 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-07-12 03:48 615,992 ----a-w C:\Windows\System32\ci.dll
2008-07-12 03:48 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-07-12 03:48 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-07-12 03:48 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-07-12 03:48 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-07-12 03:48 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-07-12 03:48 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-07-12 03:48 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-07-12 03:47 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-07-12 03:46 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-07-12 03:45 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-12 03:45 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-07-12 03:44 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-12 03:44 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-12 03:44 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-12 03:44 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-12 03:44 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-12 03:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-12 03:44 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-07-12 03:41 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-07-12 03:40 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-07-12 03:40 --------- d-----w C:\Program Files\your.mi.angel
2008-07-12 03:36 --------- d-----w C:\Program Files\uTorrent
2008-07-12 03:18 --------- d-----w C:\Users\Ben\AppData\Roaming\ATI
2008-07-12 02:48 --------- d-----w C:\ProgramData\Symantec
2008-07-12 02:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-12 02:31 --------- d-----w C:\Program Files\EzManual
2008-07-12 02:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-12 02:30 --------- d-----w C:\Program Files\LG Software
2008-07-12 02:29 --------- d-----w C:\Program Files\Intel
2008-07-12 02:27 --------- d-----w C:\Users\Ben\AppData\Roaming\InstallShield
2008-07-12 02:27 --------- d-----w C:\Program Files\Softex
2008-07-12 02:20 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-07-12 02:20 --------- d-----w C:\Program Files\Synaptics
2008-07-12 02:19 --------- d-----w C:\Program Files\IVT Corporation
2008-07-12 02:17 --------- d-----w C:\Program Files\ATI Technologies
2008-07-12 02:16 --------- d-----w C:\Program Files\ATI
2008-07-12 02:11 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-07-12 02:11 --------- d-----w C:\Program Files\Realtek
2008-07-12 02:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-12 02:10 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-12 03:32 784,896 ----a-w C:\Windows\System32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 17:33 1233920]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-07-12 16:44 5724184]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-07-12 17:29 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" [X]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 13:36 827392]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2006-12-22 16:18 2498560]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 12:39 151552]
"BatteryMiser 5"="C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe" [2007-02-04 12:10 337464]
"KeybdUtility"="C:\Program Files\LG Software\On Screen Display\HotKey.exe" [2007-02-02 22:40 2655800]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 09:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 12:11 4317184 C:\Windows\RtHDVCpl.exe]
"LG Direct Media Button Service"="LGDMEBTN.exe" [2006-12-14 19:50 94208 C:\Windows\System32\LGDMEBTN.exe]

C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "C:\Windows\system32\bmpsap.dll" [2006-12-11 15:58 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG Intelligent Update]
--a------ 2008-07-12 19:30 247088 C:\Program Files\lg_swupdate\GiljabiStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4778C42C-E07A-443A-B125-AA8E439B42FE}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{FF2D6DFF-EBB9-4373-815D-8B40663C368D}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{DD5C7087-7FAC-4AB9-8457-8C69221DEDD3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E7E6F35B-7813-4370-B803-3C9ACAF9B368}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CF8F23F7-E83E-49CD-A9D0-2694EDE35639}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0CEDF855-D5AF-4932-9A8B-5C3ADF654BC8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 09:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 09:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 09:18]
R3 AGR1310_60;Agere Systems ET-13xx PCI-E Ethernet Adapter Vista Driver;C:\Windows\system32\DRIVERS\AGR1310_60.sys [2007-01-19 10:41]
R3 LGDMEBTN;LG Direct Media Button Device Driver for x86;C:\Windows\system32\DRIVERS\LGDMEBTN.sys [2006-12-14 10:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d45f5074-5040-11dd-9d8a-806e6f6e6963}]
\shell\AutoRun\command - D:\autoplay.exe lgcenter.ini

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {CD68B67C-0AAC-EB5B-285E-25DE12617939} /qb
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\Windows\sqvgnrpx.dll
ShellExecuteHooks-{03E3D45B-681C-481C-B6A3-0D08B12C4AB9} - C:\Windows\system32\xxywwtsT.dll
SSODL-fsrpknov-{1ADBC46B-793E-414F-BA6D-BD3B411BD301} - C:\Windows\fsrpknov.dll
SSODL-fdxbameg-{5500F56C-B7A6-4922-A8D5-3E4D7ADC4084} - C:\Windows\fdxbameg.dll
MSConfigStartUp-647691a9 - C:\Users\Ben\AppData\Local\Temp\qnbeeiwr.dll
MSConfigStartUp-cmds - C:\Users\Ben\AppData\Local\Temp\vtUnLcby.dll
MSConfigStartUp-MSServer - C:\Windows\system32\xxywwtsT.dll
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe
MSConfigStartUp-Sys Variable Enabler - torrent.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 00:25:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-13 0:26:27
ComboFix-quarantined-files.txt 2008-07-12 14:26:23

The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 64,677,793,792 bytes free

204 --- E O F --- 2008-07-12 05:53:04

Edited by DJ_Inferno, 12 July 2008 - 08:33 AM.

  • 0

#10
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi

I got your PM and I will make them recommendations when I give you the all clear, just bare with me I will review your log as soon as I can. :)
  • 0

Advertisements


#11
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi DJ_Inferno,


Fix with HijackThis

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\Windows\sqvgnrpx.dll
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Ben\AppData\Local\Temp\vtUnLcby.dll,c
O21 - SSODL: fsrpknov - {1ADBC46B-793E-414F-BA6D-BD3B411BD301} - C:\Windows\fsrpknov.dll (file missing)
O21 - SSODL: fdxbameg - {5500F56C-B7A6-4922-A8D5-3E4D7ADC4084} - C:\Windows\fdxbameg.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

===============================================



1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Windows\sqvgnrpx.dll
C:\Users\Ben\AppData\Local\Temp\vtUnLcby.dll



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Also let me know how things are running :)
  • 0

#12
DJ_Inferno

DJ_Inferno

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
The entries you asked me to fix in hijack this are not listed in the window for me to fix but are still listed when i save the log i do not understand this







ComboFix 08-07-11.1 - Ben 2008-07-13 10:00:11.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.1338 [GMT 10:00]
Running from: C:\Users\Ben\Desktop\ComboFix.exe
Command switches used :: C:\Users\Ben\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Users\Ben\AppData\Local\Temp\vtUnLcby.dll
C:\Windows\sqvgnrpx.dll
.

((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 17:11 --------- d-----w C:\Program Files\Siber Systems
2008-07-12 17:08 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-12 16:47 --------- d-----w C:\Program Files\Yamicsoft
2008-07-12 16:46 --------- d-----w C:\Users\Ben\AppData\Roaming\uTorrent
2008-07-12 13:40 --------- d-----w C:\Program Files\Java
2008-07-12 13:39 --------- d-----w C:\Program Files\Common Files\Java
2008-07-12 12:06 --------- d-----w C:\Users\Ben\AppData\Roaming\GoodSync
2008-07-12 09:39 --------- d-----w C:\Program Files\lg_swupdate
2008-07-12 09:34 1,111,344 ----a-w C:\Windows\System32\CS.dll
2008-07-12 09:18 --------- d-----w C:\Program Files\Trend Micro
2008-07-12 08:00 --------- d-----w C:\Program Files\NeroInstall.bak
2008-07-12 07:57 --------- d-----w C:\Users\Ben\AppData\Roaming\Nero
2008-07-12 07:56 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-12 07:54 --------- d-----w C:\ProgramData\Nero
2008-07-12 07:54 --------- d-----w C:\Program Files\Nero
2008-07-12 07:45 --------- d-----w C:\Program Files\Copernic 2001 Pro
2008-07-12 07:30 --------- d-----w C:\ProgramData\RoboForm
2008-07-12 07:28 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-12 07:15 --------- d-----w C:\Users\Ben\AppData\Roaming\Winamp
2008-07-12 07:10 --------- d-----w C:\Program Files\Winamp
2008-07-12 07:00 --------- d-----w C:\ProgramData\DVD Shrink
2008-07-12 07:00 --------- d-----w C:\Program Files\DVD Shrink
2008-07-12 06:24 --------- d-----w C:\ProgramData\Messenger Plus!
2008-07-12 05:57 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-07-12 05:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-12 05:55 --------- d-----w C:\Program Files\Windows Live
2008-07-12 05:52 --------- d-----w C:\ProgramData\WLInstaller
2008-07-12 05:43 174 --sha-w C:\Program Files\desktop.ini
2008-07-12 05:36 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-12 05:36 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-12 05:36 --------- d-----w C:\Program Files\Windows Mail
2008-07-12 05:36 --------- d-----w C:\Program Files\Windows Journal
2008-07-12 05:36 --------- d-----w C:\Program Files\Windows Defender
2008-07-12 05:36 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-12 05:36 --------- d-----w C:\Program Files\Windows Calendar
2008-07-12 05:27 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-12 05:27 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-12 04:25 --------- d-----w C:\ProgramData\WinZip
2008-07-12 04:22 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-07-12 03:55 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-12 03:50 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-07-12 03:49 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-07-12 03:49 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-07-12 03:49 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2008-07-12 03:49 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-07-12 03:49 --------- d-----w C:\Program Files\Alwil Software
2008-07-12 03:48 988,216 ----a-w C:\Windows\System32\winload.exe
2008-07-12 03:48 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-07-12 03:48 615,992 ----a-w C:\Windows\System32\ci.dll
2008-07-12 03:48 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-07-12 03:48 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-07-12 03:48 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-07-12 03:48 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-07-12 03:48 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-07-12 03:48 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-07-12 03:48 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-07-12 03:47 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-07-12 03:46 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-07-12 03:45 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-12 03:45 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-07-12 03:44 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-12 03:44 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-12 03:44 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-12 03:44 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-12 03:44 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-12 03:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-12 03:44 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-07-12 03:41 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-07-12 03:40 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-07-12 03:40 --------- d-----w C:\Program Files\your.mi.angel
2008-07-12 03:36 --------- d-----w C:\Program Files\uTorrent
2008-07-12 03:18 --------- d-----w C:\Users\Ben\AppData\Roaming\ATI
2008-07-12 02:48 --------- d-----w C:\ProgramData\Symantec
2008-07-12 02:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-12 02:31 --------- d-----w C:\Program Files\EzManual
2008-07-12 02:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-12 02:30 --------- d-----w C:\Program Files\LG Software
2008-07-12 02:29 --------- d-----w C:\Program Files\Intel
2008-07-12 02:27 --------- d-----w C:\Users\Ben\AppData\Roaming\InstallShield
2008-07-12 02:27 --------- d-----w C:\Program Files\Softex
2008-07-12 02:20 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-07-12 02:20 --------- d-----w C:\Program Files\Synaptics
2008-07-12 02:19 --------- d-----w C:\Program Files\IVT Corporation
2008-07-12 02:17 --------- d-----w C:\Program Files\ATI Technologies
2008-07-12 02:16 --------- d-----w C:\Program Files\ATI
2008-07-12 02:11 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-07-12 02:11 --------- d-----w C:\Program Files\Realtek
2008-07-12 02:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-12 02:10 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-12 03:32 784,896 ----a-w C:\Windows\System32\rpcrt4.dll
.

((((((((((((((((((((((((((((( [email protected]_ 0.25.49.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 13:21:24 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-12 21:23:46 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-12 17:08:24 32,768 ----a-r C:\Windows\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2008-07-12 13:21:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-12 21:23:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-12 13:21:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-07-12 21:23:50 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-07-12 13:23:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-12 21:25:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-12 21:25:43 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-07-12 13:23:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-12 21:25:37 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-12 21:25:37 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-12 13:21:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-12 21:25:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-12 13:21:29 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-12 21:25:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-12 13:21:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-12 21:25:15 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2003-04-18 06:46:22 1,233,920 ----a-w C:\Windows\System32\msxml4.dll
+ 2007-05-08 05:03:04 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
- 2008-07-12 13:29:19 105,852 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-12 21:31:02 105,852 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-12 13:29:19 600,378 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-12 21:31:02 600,378 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-12 08:31:52 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-07-12 17:13:54 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-07-12 13:24:12 4,034 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-450326506-668073001-2659084260-1000_UserData.bin
+ 2008-07-12 21:26:35 4,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-450326506-668073001-2659084260-1000_UserData.bin
- 2008-07-12 13:24:11 69,220 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-12 21:26:34 69,594 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-12 13:24:08 28,096 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-12 21:26:31 28,570 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-07-12 08:00:58 106,305,271 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-12 17:08:35 106,310,748 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-12 17:08:24 1,275,392 ----a-w C:\Windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 17:33 1233920]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-07-12 16:44 5724184]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-07-12 17:29 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\ATSwpNav -run" [X]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 13:36 827392]
"OmniPass"="C:\Program Files\Softex\OmniPass\scureapp.exe" [2006-12-22 16:18 2498560]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 12:39 151552]
"BatteryMiser 5"="C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe" [2007-02-04 12:10 337464]
"KeybdUtility"="C:\Program Files\LG Software\On Screen Display\HotKey.exe" [2007-02-02 22:40 2655800]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 09:19 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 12:11 4317184 C:\Windows\RtHDVCpl.exe]
"LG Direct Media Button Service"="LGDMEBTN.exe" [2006-12-14 19:50 94208 C:\Windows\System32\LGDMEBTN.exe]

C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 09:57:36 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{26F5978F-6493-4ee3-B114-C0C3ACCF9D4D}"= "C:\Windows\system32\bmpsap.dll" [2006-12-11 15:58 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LG Intelligent Update]
--a------ 2008-07-12 19:30 247088 C:\Program Files\lg_swupdate\GiljabiStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4778C42C-E07A-443A-B125-AA8E439B42FE}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{FF2D6DFF-EBB9-4373-815D-8B40663C368D}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{DD5C7087-7FAC-4AB9-8457-8C69221DEDD3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E7E6F35B-7813-4370-B803-3C9ACAF9B368}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CF8F23F7-E83E-49CD-A9D0-2694EDE35639}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0CEDF855-D5AF-4932-9A8B-5C3ADF654BC8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 09:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 09:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 09:18]
R3 AGR1310_60;Agere Systems ET-13xx PCI-E Ethernet Adapter Vista Driver;C:\Windows\system32\DRIVERS\AGR1310_60.sys [2007-01-19 10:41]
R3 LGDMEBTN;LG Direct Media Button Device Driver for x86;C:\Windows\system32\DRIVERS\LGDMEBTN.sys [2006-12-14 10:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d45f5074-5040-11dd-9d8a-806e6f6e6963}]
\shell\AutoRun\command - D:\autoplay.exe lgcenter.ini


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {CD68B67C-0AAC-EB5B-285E-25DE12617939} /qb
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 10:02:54
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\Softex\OmniPass\SCUREDLL.dll
.
Completion time: 2008-07-13 10:04:10
ComboFix-quarantined-files.txt 2008-07-13 00:04:06
ComboFix2.txt 2008-07-12 14:26:28

The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 61,781,360,640 bytes free

237 --- E O F --- 2008-07-12 17:08:37



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:01 PM, on 12/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\LGDMEBTN.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nero\Lib\NeroGadgetCMServer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Ben\Downloads\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ben.exe
C:\Windows\System32\wsqmcons.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\Windows\sqvgnrpx.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Ben\AppData\Local\Temp\vtUnLcby.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O13 - Gopher Prefix:
O21 - SSODL: fsrpknov - {1ADBC46B-793E-414F-BA6D-BD3B411BD301} - C:\Windows\fsrpknov.dll (file missing)
O21 - SSODL: fdxbameg - {5500F56C-B7A6-4922-A8D5-3E4D7ADC4084} - C:\Windows\fdxbameg.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--
End of file - 7659 bytes

Edited by DJ_Inferno, 12 July 2008 - 06:20 PM.

  • 0

#13
DJ_Inferno

DJ_Inferno

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
ok I have done another hijack this log for you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:19 AM, on 13/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\LGDMEBTN.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Common Files\Nero\Lib\NeroGadgetCMServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--
End of file - 7338 bytes
  • 0

#14
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts

The entries you asked me to fix in hijack this are not listed in the window for me to fix but are still listed when i save the log i do not understand this


Please uninstall your copy pf Hijackthis go to Start > Control Panel > Add/Remove Programs and remove the following

HijackThis


Then download and reinstall with the directions below:

Download & Run HijackThis.exe

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
===============================================


Fix with HijackThis

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: sqvgnrpx - {D1FAB52D-CD54-47B0-9BD3-F325CF4C7BA8} - C:\Windows\sqvgnrpx.dll
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Ben\AppData\Local\Temp\vtUnLcby.dll,c
O21 - SSODL: fsrpknov - {1ADBC46B-793E-414F-BA6D-BD3B411BD301} - C:\Windows\fsrpknov.dll (file missing)
O21 - SSODL: fdxbameg - {5500F56C-B7A6-4922-A8D5-3E4D7ADC4084} - C:\Windows\fdxbameg.dll (file missing)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

After that, Reboot, and post a new HijackThis log here in your reply, and let me know how your system is running.

===============================================

ATF Cleaner

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===============================================

Kaspersky WebScanner
please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
===============================================

Needed in your next reply:

Kaspersky log

New HjackThis Log
  • 0

#15
DJ_Inferno

DJ_Inferno

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
I have the hijack this log for you. I have saved the kaspersky log but i cannot view it to cut and paste and it will not let me add it as an attachment

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:51 PM, on 13/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\LGDMEBTN.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
C:\Program Files\LG Software\On Screen Display\HotKey.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Common Files\Nero\Lib\NeroGadgetCMServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LG Direct Media Button Service] LGDMEBTN.exe
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [BatteryMiser 5] C:\Program Files\LG Software\BatteryMiser\BatteryMiser5.exe
O4 - HKLM\..\Run: [KeybdUtility] C:\Program Files\LG Software\On Screen Display\HotKey.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--
End of file - 7338 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP