0

i removed a trojan using sophos antivirus, but i think something is still in the registry. On startup i get four error messages:
Error loading C:/users/russell/appdata/local/temp/khhhi.dll. the specified module could not be found.
" " pnmsdlgb.dll
" " pmklm.dll
" " roqkftfo.dll

i am not sure how to fix this and any advice would be greatly appreciated

thanks in advance
Russ

2
Contributors
6
Replies
7
Views
9 Years
Discussion Span
Last Post by crunchie
0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:21, on 04/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Russell\AppData\Local\Temp\RtkBtMnt.exe
D:\Mozilla Firefox\firefox.exe
C:\Users\Russell\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Russell\AppData\Local\Temp\pmklm.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Russell\AppData\Local\Temp\khhhi.dll,c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Russell\AppData\Local\Temp\pnmsdlgb.dll",run
O4 - HKCU\..\Run: [dc987623] rundll32.exe "C:\Users\Russell\AppData\Local\Temp\roqkftfo.dll",b
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8120 bytes

0

Hi and welcome to Daniweb forums :).

Can you disable Windows Defender as it may interfere with the removal process. Please leave it disabled until your PC has been given the all clear.

  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • After you uncheck this, click on the Save button
  • Close Windows Defender

Scan with HijackThis and then place a check next to all the following, if present:

 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =   
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =   
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  

 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)  

 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing) 

 O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Russell\AppData\Local\Temp\pmklm.dll,#1 
 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Russell\AppData\Local\Temp\khhhi.dll,c  
 O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Russell\AppData\Local\Temp\pnmsdlgb.dll",run 
 O4 - HKCU\..\Run: [dc987623] rundll32.exe "C:\Users\Russell\AppData\Local\Temp\roqkftfo.dll",b 

 O13 - Gopher Prefix:  

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Edited by mike_2000_17: Fixed formatting

0

Okay, sorry i took so long to get back to you, have been at university all day.
Your help is very much appreciated.
So, did as you said:
ComboFix 08-02.05.3 - Russell 2008-02-05 21:20:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.211 [GMT 0:00]
Running from: C:\Users\Russell\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-04 19:56 . 2008-02-04 19:56 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-02-04 19:56 . 2008-02-04 19:56 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-02-04 19:56 . 2008-02-04 19:56 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-04 19:56 . 2008-02-04 19:56 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-04 19:56 . 2008-02-04 19:56 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-04 19:56 . 2008-02-04 19:56 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-04 19:56 . 2008-02-04 19:56 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-01-30 20:00 . 2008-01-30 20:03 <DIR> d-------- C:\Users\All Users\Sophos
2008-01-30 20:00 . 2008-01-30 20:03 <DIR> d-------- C:\ProgramData\Sophos
2008-01-30 20:00 . 2008-01-30 20:03 <DIR> d-------- C:\Program Files\Sophos
2008-01-30 20:00 . 2008-01-30 20:00 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-01-30 20:00 . 2007-03-09 09:56 17,920 --a------ C:\Windows\System32\SophosBootTasks.exe
2008-01-30 19:58 . 2008-01-30 19:58 <DIR> d-------- C:\savwsa
2008-01-30 19:58 . 2007-09-10 11:10 81,216 --a------ C:\Windows\System32\drivers\savonaccess.sys
2008-01-29 14:25 . 2008-01-29 14:25 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-01-29 14:25 . 2008-01-29 14:25 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2008-01-28 23:19 . 2008-01-31 18:55 <DIR> d-------- C:\Users\Russell\AppData\Roaming\dvdcss
2008-01-28 21:51 . 2008-01-28 21:51 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-01-28 21:51 . 2008-01-28 21:51 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-28 21:51 . 2008-01-28 21:51 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-01-28 21:51 . 2008-01-28 21:51 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-28 21:51 . 2008-01-28 21:51 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-28 21:51 . 2008-01-28 21:51 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-28 21:51 . 2008-01-28 21:51 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-28 21:51 . 2008-01-28 21:51 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-01-28 21:51 . 2008-01-28 21:51 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-01-28 21:51 . 2008-01-28 21:51 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-01-28 21:48 . 2008-01-28 21:48 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-28 21:48 . 2008-01-28 21:48 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-28 21:48 . 2008-01-28 21:48 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-01-28 21:48 . 2008-01-28 21:48 2,048 --a------ C:\Windows\System32\msxml3r.dll
2008-01-28 21:47 . 2008-01-28 21:47 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2008-01-28 21:47 . 2008-01-28 21:47 193,536 --a------ C:\Windows\System32\drivers\usbhub.sys
2008-01-28 21:47 . 2008-01-28 21:47 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2008-01-28 21:47 . 2008-01-28 21:47 19,456 --a------ C:\Windows\System32\drivers\usbohci.sys
2008-01-28 21:47 . 2008-01-28 21:47 8,704 --a------ C:\Windows\System32\hcrstco.dll
2008-01-28 21:47 . 2008-01-28 21:47 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-01-28 21:47 . 2008-01-28 21:47 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2008-01-28 21:46 . 2008-01-28 21:46 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-01-28 21:46 . 2008-01-28 21:46 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-01-28 21:46 . 2008-01-28 21:46 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-01-28 21:46 . 2008-01-28 21:46 2,048 --a------ C:\Windows\System32\asferror.dll
2008-01-28 21:45 . 2008-01-28 21:45 1,335,296 --a------ C:\Windows\System32\msxml6.dll
2008-01-28 21:45 . 2008-01-28 21:45 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-01-28 21:45 . 2008-01-28 21:45 2,048 --a------ C:\Windows\System32\msxml6r.dll
2008-01-28 21:43 . 2008-01-28 21:43 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-01-28 21:43 . 2008-01-28 21:43 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-01-28 21:43 . 2008-01-28 21:43 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-28 21:41 . 2008-01-28 21:41 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-01-28 21:41 . 2008-01-28 21:41 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-01-28 21:41 . 2008-01-28 21:41 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-01-28 21:41 . 2008-01-28 21:41 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-01-28 21:41 . 2008-01-28 21:41 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-01-28 21:40 . 2008-01-28 21:40 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-28 21:40 . 2008-01-28 21:40 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-01-28 21:40 . 2008-01-28 21:40 2,048 --a------ C:\Windows\System32\tzres.dll
2008-01-28 19:57 . 2008-01-28 19:57 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-28 19:48 . 2008-01-28 19:48 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-01-28 19:48 . 2008-01-28 19:48 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-01-28 17:25 . 2008-01-28 17:25 54,156 --ah----- C:\Windows\QTFont.qfn
2008-01-28 17:25 . 2008-01-28 17:25 1,409 --a------ C:\Windows\QTFont.for
2008-01-28 17:14 . 2008-01-28 17:14 <DIR> d-------- C:\Users\Russell\AppData\Roaming\Apple Computer
2008-01-28 17:13 . 2008-01-28 17:14 <DIR> d-------- C:\Program Files\iTunes
2008-01-28 17:13 . 2008-01-28 17:13 <DIR> d-------- C:\Program Files\iPod
2008-01-28 17:12 . 2008-01-28 17:12 <DIR> d-------- C:\Program Files\Bonjour
2008-01-28 17:10 . 2008-01-28 17:13 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-01-28 17:10 . 2008-01-28 17:13 <DIR> d-------- C:\ProgramData\Apple Computer
2008-01-28 17:10 . 2008-02-04 12:24 <DIR> d-------- C:\Program Files\QuickTime
2008-01-28 17:08 . 2008-01-28 17:08 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-28 17:06 . 2008-01-28 17:06 <DIR> d-------- C:\Users\All Users\Apple
2008-01-28 17:06 . 2008-01-28 17:06 <DIR> d-------- C:\ProgramData\Apple
2008-01-28 17:06 . 2008-01-28 17:06 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-28 16:22 . 2008-01-28 16:22 <DIR> d-------- C:\Program Files\The Creative Assembly
2008-01-28 14:46 . 2008-01-30 17:22 <DIR> d-------- C:\Users\Russell\AppData\Roaming\Azureus
2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d-------- C:\Users\All Users\Azureus
2008-01-28 14:46 . 2008-01-28 14:46 <DIR> d-------- C:\ProgramData\Azureus
2008-01-28 14:21 . 2008-01-28 14:21 <DIR> d-------- C:\Users\All Users\Google
2008-01-28 14:19 . 2007-09-24 23:31 69,632 --a------ C:\Windows\System32\javacpl.cpl
2008-01-28 14:18 . 2008-01-28 14:19 <DIR> d-------- C:\Program Files\Java
2008-01-28 14:18 . 2008-01-28 14:18 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-28 13:58 . 2008-01-28 13:58 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-01-28 13:57 . 2008-01-28 13:57 <DIR> d-------- C:\Program Files\BroadJump
2008-01-28 13:57 . 2002-08-02 14:56 663,552 --a------ C:\Windows\System32\libeay32_1-1-0_DDR.dll
2008-01-28 13:57 . 2001-09-23 16:30 532,594 --a------ C:\Windows\System32\xerces-c_1_40_0_DDR.dll
2008-01-28 13:57 . 2001-09-23 15:41 524,377 --a------ C:\Windows\System32\stlport_4_0_0_DDR.dll
2008-01-28 13:57 . 2002-10-18 11:36 307,329 --a------ C:\Windows\System32\BJBase_2-2-2_DDR.dll
2008-01-28 13:57 . 1998-10-29 16:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-01-28 13:57 . 2002-08-02 14:56 159,744 --a------ C:\Windows\System32\ssleay32_1-1-0_DDR.dll
2008-01-28 13:57 . 2006-11-23 12:35 6,345 -ra------ C:\Windows\System32\DevMngr.vxd
2008-01-28 13:50 . 2008-01-28 13:50 <DIR> d-------- C:\Users\Russell\AppData\Roaming\vlc
2008-01-28 13:18 . 2008-01-28 13:18 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-01-28 13:18 . 2008-01-28 13:18 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-01-28 13:18 . 2008-01-28 13:18 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-01-28 13:18 . 2008-01-28 13:18 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-01-28 13:18 . 2008-01-28 13:18 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-01-28 13:18 . 2008-01-28 13:18 43,352 --a------ C:\Windows\System32\wups2.dll
2008-01-28 13:18 . 2008-01-28 13:18 33,624 --a------ C:\Windows\System32\wups.dll
2008-01-28 13:17 . 2008-01-28 13:17 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-01-28 13:17 . 2008-01-28 13:17 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-01-28 12:15 . 2008-01-28 23:01 <DIR> dr------- C:\Users\Russell\Searches

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 19:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-30 19:47 --------- d-----w C:\ProgramData\Symantec
2008-01-30 19:10 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-28 22:56 174 --sha-w C:\Program Files\desktop.ini
2008-01-28 22:52 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-28 22:52 --------- d-----w C:\Program Files\Windows Mail
2008-01-28 22:52 --------- d-----w C:\Program Files\Windows Calendar
2008-01-28 21:54 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-28 21:54 77,824 ----a-w C:\Windows\System32\rascfg.dll
2008-01-28 21:54 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-28 21:54 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-01-28 21:54 694,784 ----a-w C:\Windows\System32\localspl.dll
2008-01-28 21:54 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-28 21:54 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-01-28 21:54 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-01-28 21:54 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-28 21:54 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2008-01-28 21:54 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-28 21:54 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-01-28 21:54 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-28 21:54 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2008-01-28 21:54 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-28 21:54 33,280 ----a-w C:\Windows\System32\traffic.dll
2008-01-28 21:54 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2008-01-28 21:54 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-28 21:54 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-28 21:54 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2008-01-28 21:54 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-01-28 21:54 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-28 21:54 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-28 21:54 22,016 ----a-w C:\Windows\System32\rasser.dll
2008-01-28 21:54 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-01-28 21:54 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-01-28 21:54 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-28 21:54 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-28 21:54 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2008-01-28 21:54 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-01-28 21:54 134,656 ----a-w C:\Windows\System32\dps.dll
2008-01-28 21:54 13,824 ----a-w C:\Windows\System32\wshqos.dll
2008-01-28 21:54 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2008-01-28 21:54 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2008-01-28 21:48 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-28 21:48 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-28 21:48 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-28 21:48 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-28 21:44 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-01-28 21:44 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2008-01-28 21:44 8,138,240 ----a-w C:\Windows\System32\ssBranded.scr
2008-01-28 21:44 712,192 ----a-w C:\Windows\System32\WindowsCodecs.dll
2008-01-28 21:44 69,632 ----a-w C:\Windows\System32\sendmail.dll
2008-01-28 21:44 65,024 ----a-w C:\Windows\System32\avicap32.dll
2008-01-28 21:44 61,440 ----a-w C:\Windows\System32\ntprint.exe
2008-01-28 21:44 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2008-01-28 21:44 269,824 ----a-w C:\Windows\System32\schannel.dll
2008-01-28 21:44 220,160 ----a-w C:\Windows\System32\ntprint.dll
2008-01-28 21:44 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2008-01-28 21:44 120,320 ----a-w C:\Windows\System32\dhcpcsvc6.dll
2008-01-28 21:44 12,800 ----a-w C:\Windows\System32\msrle32.dll
2008-01-28 21:44 10,240 ----a-w C:\Windows\System32\dhcpcmonitor.dll
2008-01-28 21:44 1,984,512 ----a-w C:\Windows\System32\authui.dll
2008-01-28 21:42 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-01-28 21:42 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-01-28 21:42 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-01-28 21:42 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-28 20:04 --------- d-----w C:\Program Files\MSBuild
2008-01-28 17:05 874,496 ----a-w C:\Users\Russell\AppData\Roaming\kernel33.dll
2008-01-28 16:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-28 21:43 1232896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-25 09:59 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 03:06 4669440 C:\Windows\RtHDVCpl.exe]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 21:54 1286144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 11:38 40048]
"Acer Tour"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 12:53 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 12:53 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 12:53 81920]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 20:38 206952]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 08:06 159744]
"eRecoveryService"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 23:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 23:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 23:34]
R1 DritekPortIO;Dritek General Port I/O;C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 13:27]
R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys [2007-09-10 11:10]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 23:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 21:24]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 23:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 23:54]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-29 01:50]
R2 int15;int15;C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-08 01:12]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 19:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 18:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-17 00:46]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 10:03]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-05-16 12:47]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-05-17 01:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58cd42c0-6a5a-11dc-b43d-806e6f6e6963}]
\shell\AutoRun\command - E:\Launch.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-04 13:35:49 C:\Windows\Tasks\New scan.job"
- C:\Program Files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe'{9D70A1A6-4D4D-4FC6-9EFB-4F5733CC372D}
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 21:23:17
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-05 21:24:11
.
2008-02-04 19:56:32 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:27, on 05/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\Explorer.exe
D:\Mozilla Firefox\firefox.exe
C:\Users\Russell\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7331 bytes

0

Scan with HijackThis and then place a check next to all the following, if present:


O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)

O13 - Gopher Prefix:


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

Your log looks clean How is it on your end?

0

Yeah it is good. thank you!
What did combofix do? just out of interest?
the three that you highlighted were fixed when i ran hijack this as an administrator.

Thanks

0

Combofix would have removed any Vundo files if they were present, which your log suggested you had. It would appear though that the infection was completely removed before it's use.

Let's get rid of Combofix now that we are finished with it.


  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • When shown the disclaimer, Select "2"

The above procedure will:


  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
Attachments th_CF_Cleanup.png 9.98 KB
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.