You are here:
- Home
- Computing/Technology
- Internet/Network Security
- Computer Security & Viruses
- Virus help response
Computer Security & Viruses/Virus help response
Advertisement
Question
Thanks for your help so far I think we may have just about sorted my problembut I am not completely sure. The website would not allow me to followup to your previous response so i have created this new message.
This is the combofix log that was produced
ComboFix 08-03-03.12 - User 2008-03-04 8:24:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.150 [GMT 13:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\J25HKHSQ\iforex.com
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\J25HKHSQ\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ddcbxya.dll
C:\WINDOWS\system32\elvrsnfp.ini
C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\gjkmp.ini2
C:\WINDOWS\system32\goszctwl.dllbox
C:\WINDOWS\system32\jwtrblub.ini
C:\WINDOWS\system32\mabwtssr.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mpufknob.dll
C:\WINDOWS\system32\oapcvwop.dll
C:\WINDOWS\system32\pmkjg.dll
C:\WINDOWS\system32\rsstwbam.dll
C:\WINDOWS\system32\sjrstwvs.dll
C:\WINDOWS\system32\teiyebnf.dll
C:\WINDOWS\system32\twmrjaph.dll
C:\WINDOWS\system32\ykyakrhp.dll
C:\WINDOWS\system32\ykyakrhp.dllbox
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.
2008-03-03 15:18 . 2008-03-03 16:06 3,474 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-03 08:38 . 2008-03-03 08:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\CyberLink
2008-03-03 08:37 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-03 08:37 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-03 08:37 . 2008-03-01 23:12 86,016 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-03 08:37 . 2008-02-29 23:48 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-03 08:37 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-03 08:37 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-03 08:37 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-01 21:17 . 2008-03-04 08:30 2,148 --a------ C:\WINDOWS\system32\wpa.dbl
2008-03-01 20:57 . 2008-03-01 20:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-01 20:57 . 2008-03-01 20:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-03-01 18:51 . 2008-03-01 18:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
2008-03-01 16:49 . 2008-03-04 08:24 21 --a------ C:\WINDOWS\pskt.ini
2008-03-01 12:45 . 2008-03-01 12:45 12,248,783 --a------ C:\avg7qt(2).dat
2008-03-01 12:44 . 2008-03-01 16:46 <DIR> d-------- C:\Program Files\Grisoft(2)
2008-03-01 12:44 . 2008-03-01 16:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft(2)
2008-03-01 12:44 . 2008-03-01 16:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7(2)
2008-03-01 08:22 . 2008-03-04 04:47 99,454 --a------ C:\WINDOWS\BMcf03adfd.xml
2008-02-25 17:57 . 2008-02-25 17:57 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-02-12 09:43 . 2008-02-12 09:43 <DIR> d--hs---- C:\Documents and Settings\NetworkService\Temporary Internet Files
2008-02-12 09:43 . 2008-02-12 09:43 <DIR> d--hs---- C:\Documents and Settings\NetworkService\History
2008-02-11 21:46 . 2008-02-11 21:46 <DIR> d-------- C:\Documents and Settings\User\Bluetooth Software
2008-02-11 21:43 . 2008-02-11 21:43 <DIR> d-------- C:\Program Files\WIDCOMM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 07:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 06:26 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-03-01 03:46 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
2008-02-29 08:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-29 08:54 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2008-01-31 01:17 --------- d-----w C:\Program Files\DC++
2008-01-05 22:13 --------- d-----w C:\Program Files\Duplicate Music Files Finder
2008-01-04 04:00 --------- d-----w C:\Program Files\DivX
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 17:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 22:49 454656]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 16:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-24 08:13 77824]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-02 01:01 761946]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-12 02:54 102400]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 16:38 131072]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 21:18 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 15:23 1187840]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 09:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 09:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 09:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 09:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 09:00 455168]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-05 17:00 53760 C:\WINDOWS\system32\narrator.exe]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 13:33:22 581693]
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-12-20 18:06:41 102400]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-25 13:39:30 73728]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-05 17:00]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2006-07-06 10:28]
S3 bfastfao;bfastfao;C:\DOCUME~1\User\LOCALS~1\Temp\bfastfao.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 08:30:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????^????????@???????@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2008-03-04 8:33:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-03 19:33:36
.
2008-02-13 09:13:57 --- E O F ---
and this is the cureit log produced by the full system scan
Process.exe;C:\Documents and Settings\User\Desktop\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Documents and Settings\User\Desktop\SmitfraudFix;Tool.ShutDown.11;;
Process.exe;C:\Documents and Settings\User\My Documents\My Received Files\Programme install\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Documents and Settings\User\My Documents\My Received Files\Programme install\SmitfraudFix;Tool.ShutDown.11;;
mpufknob.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.280;Deleted.;
oapcvwop.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.269;Deleted.;
sjrstwvs.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod.280;Deleted.;
Brandit.exe;C:\SwSetup\BrandIt\Disk1;Probably STPAGE.Trojan;;
A0049115.exe;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP268;Trojan.DownLoader.36408;Deleted.;
A0049116.dll;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP268;Trojan.Virtumod.269;Deleted.;
A0049117.dll;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP268;Trojan.Virtumod.272;Deleted.;
A0049118.dll;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP268;Trojan.Virtumod.280;Deleted.;
A0049121.dll;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP268;Trojan.Virtumod.260;Deleted.;
A0049127.dll;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP268;Trojan.Virtumod.260;Deleted.;
A0051225.exe;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP269;Trojan.MulDrop.10998;Deleted.;
A0054235.dll;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP270;Trojan.Virtumod.280;Deleted.;
A0054239.dll;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP270;Trojan.Virtumod.260;Deleted.;
A0057304.dll;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP270;Trojan.Virtumod.272;Deleted.;
A0060405.dll;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP272;Trojan.Virtumod.280;Deleted.;
A0060406.dll;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP272;Trojan.Virtumod.269;Deleted.;
A0060408.dll;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP272;Trojan.Virtumod.280;Deleted.;
A0060416.bat;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP272;Probably BATCH.Virus;;
A0060443.bat;C:\System Volume Information\_restore{6D05FAB2-7A62-4A96-A638-2F0B6A273527}\RP272;Probably SCRIPT.Virus;;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;;
And this is the Hijackthis log file I recieved after running the previous programmes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:51 p.m., on 4/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\User\Desktop\cureit.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RarSFX0\setup.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\User\My Documents\My Received Files\Programme install\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q306&bd=pavili...
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send To &Bluetooth - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8309 bytes
thanks again for all your help it is much appreciated
Philip
Hi Philip
The HJT log looks good. Just need to cleanup now. Start HJT (scan only) and place a check mark in the box next to the following item, then click the Fix Checked button:
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
Next, uninstall ComboFix: Click Start > Run & type in ComboFix /u
Note the space between the x and the /
That's it then. You're good to go! If you have any further questions or problems, just let me know.
Cheers
Brian
- Add to this Answer
- Ask a Question
Questioner's Rating
| Rating(1-10) | Knowledgeability = 10 | Clarity of Response = 10 | Politeness = 10 |
| Comment | Thank you Brian for your help it was greatly appreciated. Brian was vary clear with his responses which was very helpful and his responses were very knowladgable and he responded very quickly to my questions which was great. I would say he was exactly the help i neeeded to fix my problem and i would like to thank him again for his help | ||
Related Articles
Computer Security & Viruses
Answers by Expert:
Brian Benosky
Expertise
I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.
Experience
I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here:
http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm
I am also a Top Contributor of General Computing answers in Yahoo! Questions.
Education/Credentials
College Educated
Self-taught Computer Skills
©2012 About.com, a part of The New York Times Company. All rights reserved.