1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trojan Downloader and Trojan Vundo Please Please Help!!

Discussion in 'Windows - Virus and spyware problems' started by RandiM, Dec 1, 2008.

  1. RandiM

    RandiM Member

    Joined:
    Feb 8, 2008
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Hi, My PC seems to have trojan downloader and trojan vundo. I have tried following other threads and various removal programs but seem to be going around and around in circles! Im not the most knowledgeable pc user in the world so i havent tried going into safe mode or anything like that or fixing anything in Hijackthis because i am aware that if you dont know what you are doing you could do more damage than good. However I have tried vundofix and AVG 8.0, Trojan remover, xsoft, and other common recomendations out there. These all run and say that the pc has no infections but then windows defender pops up saying it has detected it again! I did originally have norton running on the pc but the trojans seem to have come in regaurdless. I havent had then all running at the sametime, each time i have uninstalled the previous on before starting the next because i am aware that having more than one running can allow things to slip through. I have included a hijackthis log.

    Please please help, this is driving me crazy!!
    Thanx

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:37:36, on 01/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\NETGEAR\WG111T\wlan111t.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=4945
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [MFESuiteSetup] F:\APPLIC~2\McAfee\setup.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKCU\..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178028262296
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 8737 bytes
     
  2. AfterDawn

    AfterDawn Advertisement

  3. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey RandiM

    Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.

    Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.

    Configuring Malwarebytes

    • Click on the tab Settings.
    • Make sure only these boxes are checked:
    Code:
    Terminate Internet Explorer
    Automatically save and display logfile after removal
    Always scan memory objects
    Always scan registry objects
    Always scan filesystem
    Always scan extra and heuristics objects
    Updating Malwarebytes

    • Click on the tab Update.
    • Press the button Check for Updates
    • Wait for Malwarebytes to be fully updated.

    Scanning Time

    • Click on the tab Scanner.
    • Check Perform full scan and click on Scan
    • Wait for the scan to complete, and then click on Show Results.
    • Make sure all items are checked, then click on Remove Selected.
    **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.

    Post A Log

    • A text box will pop up after the removal process is over. Post the contents of the text here.
    • If no text box pops up, launch Malwarebytes, and click on the tab Logs.
    • The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
    Post the log here.

    Best Regards :D
     
  4. RandiM

    RandiM Member

    Joined:
    Feb 8, 2008
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Thanx for your response, i am printing off and following your instructions now. I will post the log as soon as im done.

    Thanx
    RandiM
     
  5. RandiM

    RandiM Member

    Joined:
    Feb 8, 2008
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Hi,

    I have downloaded and installed the malwarebytes and followed your instructions. This downloaded and installed fine, however it wouldnt allow me to check for updates. It said that the firewall wouldnt allow it, I added this to my excetions list for the firewall and it still wouldnt allow it. I then turned off teh firewall protection altogether but still this didnt work. I have ran diagnose connection problems in the internet tools menu and it keeps coming up with the following message. Im not sure what this means or what im meant to do? Is this connected to the trojan problems?



    So i ran the malwarebytes scan without the updates and it produced the following log file. (but this is without checking for updates)

    Malwarebytes' Anti-Malware 1.30
    Database version: 1306
    Windows 5.1.2600 Service Pack 3

    03/12/2008 00:36:30
    mbam-log-2008-12-03 (00-36-30).txt

    Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
    Objects scanned: 188432
    Time elapsed: 53 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 7

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM4fee2e20.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BM4fee2e20.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\HP_Owner\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

    Thanx
    RandiM
     
  6. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey RandiM

    Sounds like the malware's blocking Malwarebytes from updating... we'll have to use another tool.

    Now, please download ComboFix.
    With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Save it to your Desktop.

    Please disable all security programs, such as antiviruses, antispywares, and firewalls.

    • Run Combo-Fix.exe and follow the prompts.
    • Accept the End-User License Agreement.
    • Allow the Recovery Console to be installed.
    • When you see the window below, click on Yes.
    [​IMG]
    • When the Recovery Console has been installed, click on Yes to start the scan.
    [​IMG]

    **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
    • Wait for the scan to be fully completed.
    • If it requires a reboot, please do so.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Do not click on the ComoboFix window, as it may cause it to stall.

    Best Regards :D
     
  7. RandiM

    RandiM Member

    Joined:
    Feb 8, 2008
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Hi,

    I have followed your instructions and ran combofix and it produced the following log:

    ComboFix 08-12-02.02 - HP_Owner 2008-12-03 20:58:43.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.205 [GMT 0:00]
    Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\cpnwxgfd.ini
    c:\windows\system32\dljklmxj.ini
    c:\windows\system32\dohieqix.ini
    c:\windows\system32\GMonVyay.ini
    c:\windows\system32\GMonVyay.ini2
    c:\windows\system32\gPAHOXbc.ini
    c:\windows\system32\gPAHOXbc.ini2
    c:\windows\system32\kydqftsn.ini
    c:\windows\system32\mrwqadgu.ini
    c:\windows\system32\psdjweej.ini
    c:\windows\system32\qdswxbxi.ini
    c:\windows\system32\tdxptecr.ini
    c:\windows\system32\unbgwwql.ini
    c:\windows\system32\utmprtem.ini
    c:\windows\system32\vqoqphqb.ini
    c:\windows\system32\wtcqweho.ini
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
    .

    2008-12-02 23:17 . 2008-12-02 23:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-02 23:17 . 2008-12-02 23:17 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
    2008-12-02 23:17 . 2008-12-02 23:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-02 23:17 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-02 23:17 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-30 19:49 . 2008-11-30 19:49 <DIR> d-------- c:\windows\system32\scripting
    2008-11-30 19:49 . 2008-11-30 19:49 <DIR> d-------- c:\windows\system32\bits
    2008-11-30 19:49 . 2008-11-30 19:49 <DIR> d-------- c:\windows\l2schemas
    2008-11-30 19:43 . 2008-11-30 19:50 <DIR> d-------- c:\windows\ServicePackFiles
    2008-11-30 19:26 . 2008-11-30 19:26 <DIR> d-------- C:\VundoFix Backups
    2008-11-30 19:24 . 2008-11-30 19:24 <DIR> d-------- c:\windows\EHome
    2008-11-29 17:36 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
    2008-11-29 16:20 . 2004-08-03 22:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
    2008-11-29 16:19 . 2008-04-14 00:11 1,888,992 --------- c:\windows\system32\ati3duag.dll
    2008-11-29 16:03 . 2008-09-08 10:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
    2008-11-29 16:03 . 2008-08-14 10:04 138,496 --------- c:\windows\system32\dllcache\afd.sys
    2008-11-29 16:02 . 2008-08-14 10:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
    2008-11-29 16:02 . 2008-08-14 10:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-11-29 16:02 . 2008-08-14 09:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-11-29 16:02 . 2008-08-14 09:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-11-29 16:02 . 2008-09-15 12:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
    2008-11-29 16:01 . 2008-04-11 19:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
    2008-11-29 16:01 . 2008-10-24 11:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-29 16:00 . 2008-10-15 16:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
    2008-11-28 22:39 . 2008-06-13 11:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
    2008-11-28 22:39 . 2008-05-08 14:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
    2008-11-19 11:47 . 2008-11-19 13:33 <DIR> d-------- c:\documents and settings\joanne\Application Data\BitTorrent
    2008-11-05 01:30 . 2008-11-29 17:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
    2008-11-05 01:29 . 2008-11-29 17:35 <DIR> d-------- c:\program files\NOS
    2008-11-04 19:28 . 2008-11-04 19:28 <DIR> d-------- c:\program files\Bonjour

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-03 21:00 --------- d-----w c:\documents and settings\HP_Owner\Application Data\DNA
    2008-12-03 20:44 --------- d-----w c:\documents and settings\HP_Owner\Application Data\BitTorrent
    2008-12-03 20:40 --------- d-----w c:\program files\DNA
    2008-11-30 20:57 --------- d-----w c:\program files\DivX
    2008-11-30 20:50 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-11-30 19:55 77,824 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\HPQ\XPXWWPP5\plugin\bin\WinVerifyTrust.dll
    2008-11-28 22:55 --------- d-----w c:\program files\Common Files\Symantec Shared
    2008-11-28 22:08 --------- d-----w c:\documents and settings\HP_Owner\Application Data\Apple Computer
    2008-11-14 19:29 --------- d-----w c:\program files\BitTorrent
    2008-11-05 23:10 --------- d-----w c:\program files\XoftSpySE
    2008-11-05 23:08 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-05 23:06 --------- d-----w c:\program files\Disney Interactive
    2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
    2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
    2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
    2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
    2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 14:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 14:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 14:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 14:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 14:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 14:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 14:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 14:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
    2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
    2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
    2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
    2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
    2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
    2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
    2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
    2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
    2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
    2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
    2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
    2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
    2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
    2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
    2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
    2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
    2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
    2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
    2008-05-25 09:03 160 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
    2004-07-22 10:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
    2004-07-19 22:58 1,156,363 ----a-w c:\program files\BDANT.cab
    2004-07-19 22:53 976,020 ----a-w c:\program files\BDAXP.cab
    2004-07-09 14:17 13,265,040 ----a-w c:\program files\dxnt.cab
    2004-07-09 09:13 703,080 ----a-w c:\program files\BDA.cab
    2004-07-09 09:13 15,493,481 ----a-w c:\program files\DirectX.cab
    2004-07-09 04:08 472,576 ----a-w c:\program files\dxsetup.exe
    2004-07-09 04:08 2,242,560 ----a-w c:\program files\dsetup32.dll
    2004-07-09 03:03 62,976 ----a-w c:\program files\DSETUP.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NCLaunch"="c:\windows\NCLAUNCH.EXe" [2006-06-04 40960]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-05 68856]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-13 342336]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
    "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-01-02 180269]
    "Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2004-11-05 106496]
    "WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2004-11-05 192512]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
    "PS2"="c:\windows\system32\ps2.exe" [2004-10-25 90112]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
    "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
    "nwiz"="nwiz.exe" [2005-02-24 c:\windows\system32\nwiz.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]
    "SoundMan"="SOUNDMAN.EXE" [2005-02-21 c:\windows\SOUNDMAN.EXE]
    "AlcWzrd"="ALCWZRD.EXE" [2005-02-18 c:\windows\ALCWZRD.EXE]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]
    NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2007-06-07 884840]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= c:\progra~1\ffdshow\ffdshow.ax

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

    R3 Cap7134;ASUS TV7134 WDM Video Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2005-01-02 335360]
    R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2005-01-02 24544]
    S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WG11TND5.sys [2007-06-07 362944]
    S3 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys []
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\windows\system32\DNINDIS5.SYS [2007-04-13 17149]

    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder

    2008-12-03 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDetect.exe []
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Boots Insert Detect - c:\program files\Boots F2CD\Picture Suite\InsDetect.exe
    HKLM-Run-MFESuiteSetup - f:\applic~2\McAfee\setup.exe
    HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\79sd00nx.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-03 21:01:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-12-03 21:03:16
    ComboFix-quarantined-files.txt 2008-12-03 21:02:54

    Pre-Run: 27,509,661,696 bytes free
    Post-Run: 27,712,036,864 bytes free

    221 --- E O F --- 2008-11-30 21:17:25


    I havent a clue what any of that means! After following each set of your instructions my pc is speeding up massively. Im also finding the instructions really easy to follow so thank you.
    I'll wait and see what you think i should do next.
    Just want to say thanx for your halp so far!

    Thanx
    RandiM
     
  8. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey RandiM

    Can Malwarebytes update now? If not, please try using this manual update: http://www.gt500.org/malwarebytes/database.jsp

    Do another scan and post the log here.

    Also tell me how your's computer doing now.

    Best Regards :D
     
  9. RandiM

    RandiM Member

    Joined:
    Feb 8, 2008
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Hi,

    The update for malwarebytes went a little further this time, it connected to the internet and went 90% of the way through and then again came up with the same error, saying that i should tyrn off all firewalls (which the already are). So i followed your link and did the manual update, this has now worked (after the 3rd attempt) and the malwarebytes now says that i have the latest versioin of the database. I am running a scan and i will post the log as soon as its complete.

    Thanx
    RandiM
     
  10. RandiM

    RandiM Member

    Joined:
    Feb 8, 2008
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Hi,

    Apologies for not posting the malwarebytes log yesterday but I had a problem posting. I did run malwarebytes and attempt to post the log but it just kept freezing and saying please wait and not progressing anywhere. The log is as follows:

    Malwarebytes' Anti-Malware 1.31
    Database version: 1460
    Windows 5.1.2600 Service Pack 3

    04/12/2008 22:41:49
    mbam-log-2008-12-04 (22-41-49).txt

    Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
    Objects scanned: 191253
    Time elapsed: 46 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    As for an update on my PC; it is more than twice as fast now and running a lot lot better. When using inernet explorer before it would take at least 3 - 4 mins for it to open and after about 3 or 4 pages it would say it was unable to connect to the intenet. Now it opens within a few seconds and i am not having the loss of connection(yesterdays problem posting excluded!)

    Thanx
    RandiM
     
  11. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey RandiM

    Please post a new HijackThis log for me to see.

    Best Regards :D
     
  12. RandiM

    RandiM Member

    Joined:
    Feb 8, 2008
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Hi, the hijackthis log file is as follows:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:00:28, on 06/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
    C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\NCLAUNCH.EXe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\NETGEAR\WG111T\wlan111t.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=4945
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178028262296
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 8137 bytes


    Is it looking clear now?

    Thanx
    RandiM
     
  13. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey RandiM

    You look clean! Enjoy!

    Best Regards :D
     
  14. RandiM

    RandiM Member

    Joined:
    Feb 8, 2008
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Hi,

    Thanx so much for your help!

    What anti virus and spy ware protection would you recommed?

    I had norton before because it was already put on my pc when i bought it and that was menat to be protecting my pc when i got the trojans!

    Thanx
    RandiM
     
  15. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey RandiM

    I would recommend Antivir, Superantispyware, Malwarebytes, Comodo Firewall, and SpywareBlaster. There are other tools you can use too, but these are the most basic.

    Best Regards :D
     
  16. RandiM

    RandiM Member

    Joined:
    Feb 8, 2008
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    11
    Hi,

    Thanx I'll try these out. Am I OK to have these all on my pc at once? I have heard before that sometimes it can be a bad thing having too many security packages on at once because they can confuse each other? Is this try or is it told rubbish?

    Thanx
    RandiM
     
  17. barm

    barm Regular member

    Joined:
    Mar 5, 2007
    Messages:
    309
    Likes Received:
    0
    Trophy Points:
    26
    hi guys i'm in the sh*t also with a trojan vundo.
    i know virtually nothing about computers.Is there an easy fix for this virusor should get somebody to help me?
     

Share This Page