how do I remove this trojan>

klinger25 · 28-Feb-2008, 09:30 PM #1

I ran HiJack this and here is my save log. Can someone please tell me what I need to do to rid this dang trojan so my computer stops driving me insane. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:25 PM, on 2/27/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet
Security\UfSeAgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch
Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless
Assistant\HPWAMain.exe
C:\Program Files\Trend
Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Hewlett-Packard\HP Wireless
Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Vongo\VongoTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Trend
Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\Internet
Security\UfNavi.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC -
{0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program
Files\ContextTool\ContextTool-1.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: TransactionProtector BHO -
{C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program
Files\Trend
Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O2 - BHO: BrowsingProgram -
{F8EACE56-0AF4-3AE3-6EF8-F8CC39675729} - C:\Program
Files\BrowsingProgram\BrowsingProgram-1.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Transaction Protector -
{E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program
Files\Trend
Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program
Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program
Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl]
%ProgramFiles%\Hewlett-Packard\HP Quick Launch
Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler]
C:\Program Files\Hewlett-Packard\HP Health
Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant]
%ProgramFiles%\Hewlett-Packard\HP Wireless
Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage]
%ProgramFiles%\Hewlett-Packard\HP Wireless
Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StarzTray] C:\Program
Files\Vongo\VongoTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program
Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE
C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher]
%WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows
Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program
Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe]
C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdwareProMFC] C:\Program
Files\Ad-Ware Pro\Ad-Ware Pro.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows
Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar]
%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter]
rundll32.exe oobefldr.dll,ShowWelcomeCenter (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar]
%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
(User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft
Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9}
(SpinTop DRM Control) -
file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD}
(TSEasyInstallX Control) -
http://www.trendsecure.com/easy_inst...syInstallX.CAB
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54}
(ArmHelper Control) -
file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
O23 - Service: CyberLink Background Capture Service
(CBCS) (CLCapSvc) - Unknown owner - C:\Program
Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS)
(CLSched) - Unknown owner - C:\Program
Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development
Company, L.P. - C:\Program Files\Hewlett-Packard\HP
Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc.
- C:\Program Files\HP Games\My HP Game
Console\GameConsoleService.exe
O23 - Service: HP Health Check Service -
Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP
Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development
Company, L.P. - C:\Program
Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT)
- Macrovision Corporation - C:\Program
Files\Roxio\Roxio MyDVD Basic
v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling
Service (LightScribeService) - Hewlett-Packard Company
- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions -
C:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Trend Micro Central Control Component
(SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend
Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development,
Inc. - C:\Program Files\Common Files\SureThing
Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change
Prevention Service (TMBMServer) - Trend Micro Inc. -
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) -
Trend Micro Inc. -
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) -
Trend Micro Inc. - C:\Program Files\Trend
Micro\Internet Security\TmProxy.exe
O23 - Service: XAudioService - Conexant Systems, Inc.
- C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9100 bytes

Search
Search in:
Show Threads Show Posts
Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)