There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
audio avg avg 8 blue screen brand new codec control panel conversion crash delete personal data desktop display dos driver duplicate dvd error error message excel explorer file firefox game graphics hardware hijackthis log install installation internet itunes javascript laptop macro malware monitor msconfig msn music network outlook outlook 2003 outlook express php problem program random rundll32 security seo sound sp3 spyware switch tag cloud trojan usb video virtumonde virus vista visual basic vundo wallpaper windows windows vista windows xp wireless word xp sp3 youtube
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Can't get rid of Win32: TratBHO (Trj)


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

 
Thread Tools
no1famous's Avatar
Computer Specs
Junior Member with 2 posts.
  
Join Date: May 2008
Experience: Intermediate
08-May-2008, 04:12 PM #1
Can't get rid of Win32: TratBHO (Trj)
I have an HP Pavillion Elite m9177C using windows vista. I've ran superantispyware and avast and can't get rid of this malware/virus.
I downloaded Hijack this and followed the instructions. Here's what I came up with:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:15 PM, on 5/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Clarence\AppData\Local\Temp\rqRLBrqO.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Clarence\AppData\Local\Temp\tuvVMcdC.dll,c
O4 - HKCU\..\Run: [383182aa] rundll32.exe "C:\Users\Clarence\AppData\Local\Temp\ruowicyf.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10110 bytes

Please Help!!!
no1famous's Avatar
Computer Specs
Junior Member with 2 posts.
  
Join Date: May 2008
Experience: Intermediate
08-May-2008, 06:13 PM #2
Here are the results of running ComboFix. Please Help!
ComboFix 08-05-08.1 - Clarence 2008-05-08 15:07:36.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2030 [GMT -7:00]
Running from: C:\Users\Clarence\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-08 to 2008-05-08 )))))))))))))))))))))))))))))))
.

2008-05-08 12:57 . 2008-05-08 12:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-02 13:17 . 2008-05-02 13:17 <DIR> d-------- C:\Users\Clarence\AppData\Roaming\SUPERAntiSpyware.com
2008-05-02 13:17 . 2008-05-02 13:17 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-02 13:17 . 2008-05-02 13:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-02 13:17 . 2008-05-02 13:17 <DIR> d-------- C:\PROGRA~2\SUPERAntiSpyware.com
2008-05-02 13:16 . 2008-05-02 13:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 09:16 . 2008-05-02 09:16 <DIR> d-------- C:\Program Files\Alwil Software
2008-05-02 09:16 . 2008-03-29 11:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-04-16 13:38 . 2007-03-23 04:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll
2008-04-15 15:49 . 2008-04-16 21:40 <DIR> d-------- C:\Users\Clarence\AppData\Roaming\LimeWire
2008-04-15 15:49 . 2008-04-16 21:40 <DIR> d-------- C:\Program Files\LimeWire
2008-04-15 10:57 . 2008-04-15 10:57 <DIR> d-------- C:\Program Files\Common Files\Avery
2008-04-15 10:57 . 2008-04-15 11:00 <DIR> d-------- C:\Program Files\Avery Wizard 3.1
2008-04-14 13:22 . 2008-04-14 13:22 <DIR> d-------- C:\Program Files\Bonjour
2008-04-12 17:17 . 2008-04-12 17:17 <DIR> d-------- C:\Users\Clarence\AppData\Roaming\iWin
2008-04-12 11:37 . 2008-04-12 11:57 <DIR> d-------- C:\Program Files\ffdshow
2008-04-12 11:37 . 2006-10-02 13:44 5,120 --a------ C:\Windows\System32\ff_vfw.dll
2008-04-12 11:37 . 2006-08-05 12:06 547 --a------ C:\Windows\System32\ff_vfw.dll.manifest
2008-04-10 15:08 . 2008-04-10 15:12 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-04-10 15:08 . 2008-04-10 15:08 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-10 15:08 . 2008-04-10 15:12 <DIR> d-------- C:\PROGRA~2\FLEXnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 21:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 21:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-14 20:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-13 00:16 --------- d-----w C:\PROGRA~2\WildTangent
2008-04-09 10:09 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 10:04 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-03-22 04:57 --------- d-----w C:\Program Files\Google
2008-03-20 20:11 --------- d-----w C:\Program Files\exPressit S.E. 2.2
2008-03-16 04:21 --------- d-----w C:\Users\Clarence\AppData\Roaming\WildTangent
2008-03-13 18:32 --------- d-----w C:\Users\Clarence\AppData\Roaming\CyberLink
2008-03-13 18:30 --------- d-----w C:\PROGRA~2\CyberLink
2008-03-10 17:16 --------- d-----w C:\Program Files\MSBuild
2008-03-10 17:13 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-08 02:18 --------- d-----w C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2008-03-08 02:18 --------- d-----w C:\PROGRA~2\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
2008-03-08 02:17 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-08 02:14 --------- d-----w C:\Program Files\Yahoo!
2008-03-08 02:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 02:06 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-08 02:04 --------- d-----w C:\PROGRA~2\Symantec
2008-03-08 02:02 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-08 02:02 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-08 02:02 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-08 02:02 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-08 02:02 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-08 02:02 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-08 02:02 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-08 02:02 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-03-08 02:02 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-08 02:02 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-08 02:01 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-08 02:01 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-08 01:59 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-08 01:59 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-08 01:59 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-03-08 01:59 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-03-08 01:57 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-03-08 01:57 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-03-08 01:57 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-03-08 01:57 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-03-08 01:57 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-03-08 01:56 --------- d-----w C:\Users\Clarence\AppData\Roaming\Hewlett-Packard
2008-03-08 01:56 --------- d-----w C:\PROGRA~2\Hewlett-Packard
2008-03-08 01:55 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-03-08 01:53 --------- d-----w C:\Users\Clarence\AppData\Roaming\Symantec
2008-03-08 01:53 --------- d-----w C:\Users\Clarence\AppData\Roaming\Snapfish
2008-03-08 01:48 1,865 --sha-r C:\Windows\system32\drivers\103C_HP_CPC_GX755AA-ABA m9177c_YC_0Pavi_QMXX804_E81NAv3PrA2_49_IBenicia_SASUSTeK Computer INC._V1.01_B5.15_T071231_WUH0_L409_M3071_J320_7Intel_8Core2 Quad Q6700_92.67_#080308_N10EC8168_Z14F12F82_G10DE0421.MRK
2008-03-08 01:43 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-03-08 01:43 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-03-08 01:43 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-03-08 01:43 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-03-08 01:43 33,624 ----a-w C:\Windows\System32\wups.dll
2008-03-08 01:43 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-03-08 01:43 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-03-08 01:43 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-03-08 01:43 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2007-11-28 20:34 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-07 18:58 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-03 19:02 1783136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-28 13:10 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 08:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 09:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 04:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 17:36 178712]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 11:59 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 11:59 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 11:59 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 06:52 4702208 C:\Windows\RtHDVCpl.exe]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 03:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 11:37 79224]

C:\Users\Clarence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-05-07 11:35:56 1273856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shell executehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BD8951A1-6C3E-4449-9494-4283D699F0FB}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{12DC940B-6A2B-4FA1-A2FD-2D5F69B414AF}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8468F287-3D50-4072-AC5D-5865036282F7}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{23E7F02A-11DB-4CD5-86EA-56881DF06CD8}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EFCDAF74-D546-4532-A496-B8E7E1526B69}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9C29E05B-9C44-47E1-BBD6-EC0C8CFF2EF8}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B112CD49-39BC-42DF-898A-D871697ECE74}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{31EADFB6-4E15-4BB4-9D24-FE7A51EEA7D4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{89496591-A46A-4705-BA6A-197B2D895317}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A7B68BB3-BAE0-405A-A161-FBCF623DF3F1}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6C254F4D-3AD4-4A7B-9339-936AFF1163D5}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{977ED378-CE2C-4C08-8138-C92068FDB1E0}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8A566055-2E7E-43A0-8FD9-1E0AC3659518}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{9B7913B4-02CE-491B-8740-21B9EF2FE56F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\S tatic\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\Auth orizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 11:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 11:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 11:32]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 08:19]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-05-09 03:52]
R3 HSXHWBS3;HSXHWBS3;C:\Windows\system32\DRIVERS\HSXHWBS3.sys [2007-04-26 10:18]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-09-24 04:09]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);C:\Windows\system32\DRIVERS\xcbda.sys [2007-09-07 07:36]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2008-03-28 16:04]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-12 18:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{ab8039e7-00d8-11dd-8fc9-001e8c97a995}]
\shell\AutoRun\command - K:\setupSNK.exe

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 15:09:29
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-08 15:10:07
ComboFix-quarantined-files.txt 2008-05-08 22:10:04
ComboFix2.txt 2008-05-08 21:48:29

Pre-Run: 239,136,473,088 bytes free
Post-Run: 239,106,183,168 bytes free

197 --- E O F --- 2008-05-06 19:15:12
Reply

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are Off
Refbacks are Off

Related Sites: Support.com | Tech Gift Ideas | Mobile TechGuy | Advertise on TSG
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 01:54 AM.
Copyright © 1996 - 2008 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0
Powered by Cermak Technologies, Inc.