1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Help required Vundo virus

Discussion in 'Virus & Other Malware Removal' started by stuckinsingapore, Jun 22, 2008.

Thread Status:
Not open for further replies.
  1. stuckinsingapore

    stuckinsingapore Thread Starter

    Joined:
    Jun 22, 2008
    Messages:
    2
    My operating system is Windows XP, Internet Explorer 7, and it has some seroius issues. I have tried using directions from other persons with similar problems but have run into a dead end when unable to download WinPFind. At this moment I am only running in safe mode becuase I get almost no where in the regular mode. Below is the HijackThis log, and Malwarebytes Anti-malware log. Hijack This log was done after trying to fix it with Malwarebytes.

    Thanks for the help.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:48:19, on 6/22/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode with network support
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.markingservices.com.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.markingservices.com.sg/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.markingservices.com.sg/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {57A52E74-004C-464B-96CC-4DFE5366EA02} - C:\WINDOWS\system32\wvUmMETj.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {A22AE13C-9D42-4091-BD6C-16EE886BFA0A} - C:\WINDOWS\system32\tuvvVpOE.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = markingservices.local
    O17 - HKLM\Software\..\Telephony: DomainName = markingservices.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CCDDC184-E865-45BA-8B0D-60CEADC49AE8}: NameServer = 10.7.0.1,165.21.83.88,165.21.100.88
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = markingservices.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = markingservices.local
    O20 - Winlogon Notify: wvUmMETj - C:\WINDOWS\SYSTEM32\wvUmMETj.dll
    O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
    O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
    --
    End of file - 4494 bytes

    ____________________________________


    Malwarebytes' Anti-Malware 1.18
    Database version: 876
    10:32:04 AM 6/22/2008
    mbam-log-6-22-2008 (10-32-04).txt
    Scan type: Quick Scan
    Objects scanned: 53332
    Time elapsed: 8 minute(s), 13 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 2
    Registry Keys Infected: 6
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    C:\WINDOWS\system32\wvUmMETj.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\tuvvVpOE.dll (Trojan.Vundo) -> Unloaded module successfully.
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{57a52e74-004c-464b-96cc-4dfe5366ea02} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57a52e74-004c-464b-96cc-4dfe5366ea02} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvummetj (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{33d2932f-e95d-403e-af89-302c3b74a3b8} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33d2932f-e95d-403e-af89-302c3b74a3b8} (Trojan.Vundo) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{57a52e74-004c-464b-96cc-4dfe5366ea02} (Trojan.Vundo) -> Quarantined and deleted successfully.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    C:\WINDOWS\system32\wvUmMETj.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\tuvvVpOE.dll (Trojan.Vundo) -> Delete on reboot.
     
  2. stuckinsingapore

    stuckinsingapore Thread Starter

    Joined:
    Jun 22, 2008
    Messages:
    2
    I have looked over other posts and found one that looked similar and the cure was running combo fix. So I did and I believe I have taken care of the problem. I would still like a second opinion though, so attached is the combo fix log, malwarebytes log and the hijackthis log. Please let me know if there is any other items that need to be addressed.

    Thanks
    Stuckinsingapore

    ComboFix 08-06-20.4 - shawng 2008-06-22 17:29:38.1 - NTFSx86 NETWORK
    Running from: C:\Documents and Settings\shawng\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\shawng\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\shawng\Application Data\macromedia\Flash Player\#SharedObjects\ELP9Y8YK\iforex.com
    C:\Documents and Settings\shawng\Application Data\macromedia\Flash Player\#SharedObjects\ELP9Y8YK\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\shawng\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\shawng\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\WINDOWS\BM4310fcf7.xml
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\rqqqXaHk.ini
    C:\WINDOWS\system32\rqqqXaHk.ini2
    C:\WINDOWS\system32\scuioykb.ini
    C:\WINDOWS\system32\tuvvVpOE.dll
    C:\WINDOWS\system32\uvbbciif.ini
    C:\WINDOWS\system32\wvUmMETj.dll
    C:\WINDOWS\system32\xdohcafg.ini
    ----- BITS: Possible infected sites -----
    hxxp://mkserv01
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_CLBDRIVER
    -------\Service_clbdriver

    ((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
    .
    2008-06-22 10:50 . 2008-06-22 16:05 <DIR> d-------- C:\VundoFix Backups
    2008-06-22 10:40 . 2008-06-22 10:43 <DIR> d-------- C:\!KillBox
    2008-06-22 09:24 . 2008-06-22 09:24 90,112 --a------ C:\WINDOWS\system32\equxeyek.dll
    2008-06-22 07:33 . 2008-06-22 07:33 <DIR> d-------- C:\Documents and Settings\ShawnG.MKS07-WKSTN08\Application Data\Malwarebytes
    2008-06-22 07:16 . 2008-06-22 07:16 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-22 07:16 . 2008-06-22 07:16 <DIR> d-------- C:\Documents and Settings\shawng\Application Data\Malwarebytes
    2008-06-22 07:16 . 2008-06-22 07:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-22 07:16 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-06-22 07:16 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-21 13:23 . 2008-06-21 13:34 <DIR> d-------- C:\Program Files\RegCure
    2008-06-21 13:12 . 2008-06-21 13:21 <DIR> d-------- C:\Program Files\XoftSpySE
    2008-06-21 12:50 . 2008-06-21 12:50 90,624 --a------ C:\WINDOWS\system32\aaaaaaaaaaaa
    2008-06-21 12:50 . 2008-06-21 12:50 79,872 --a------ C:\WINDOWS\system32\aaaaa
    2008-06-21 12:35 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2008-06-21 12:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2008-06-21 12:35 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
    2008-06-21 12:35 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
    2008-06-21 12:35 . 2008-06-15 15:28 81,920 --a------ C:\WINDOWS\system32\IEDFix.C.exe
    2008-06-21 12:35 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
    2008-06-21 12:35 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2008-06-21 12:35 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2008-06-21 10:04 . 2008-06-21 10:04 <DIR> d-------- C:\Program Files\Panda Security
    2008-06-20 07:32 . 2008-06-20 07:32 <DIR> d-------- C:\_OTMoveIt
    2008-06-20 06:23 . 2008-06-21 09:54 <DIR> d-------- C:\Program Files\Enigma Software Group
    2008-06-20 04:08 . 2008-06-20 04:08 90,112 --a------ C:\WINDOWS\system32\qwpuxvlh.dll
    2008-06-19 20:46 . 2008-06-20 06:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-19 20:45 . 2008-06-19 20:45 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-06-19 20:45 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-06-19 20:20 . 2008-06-21 12:36 2,728 --a------ C:\WINDOWS\system32\tmp.reg
    2008-06-18 15:57 . 2008-06-18 15:57 <DIR> d-------- C:\Temp\itmp4
    2008-06-18 15:56 . 2006-02-28 20:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
    2008-06-12 00:50 . 2008-06-13 21:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-12 00:50 . 2008-06-13 21:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-06 16:11 . 2008-06-06 16:11 <DIR> d-------- C:\Documents and Settings\shawng\LocalLow
    2008-06-06 16:11 . 2008-06-06 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
    2008-05-25 06:27 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2008-05-25 06:27 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-05-25 06:27 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-05-25 06:27 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-21 22:26 --------- d-----w C:\Documents and Settings\shawng\Application Data\Azureus
    2008-06-19 23:39 --------- d-----w C:\Program Files\Trend Micro
    2008-06-19 09:45 --------- d-----w C:\Documents and Settings\shawng\Application Data\U3
    2008-06-18 05:07 --------- d-----w C:\Program Files\Azureus
    2008-06-17 09:58 --------- d-----w C:\Program Files\ChartNexus
    2008-06-04 22:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-06-01 02:24 --------- d-----w C:\Documents and Settings\shawng\Application Data\Move Networks
    2008-05-18 01:21 --------- d-----w C:\Program Files\Acro Software
    2008-05-16 06:39 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
    2007-07-11 08:47 73,797,904 ----a-w C:\Program Files\vw08090451en.exe
    2007-07-11 08:25 154,161,808 ----a-w C:\Program Files\msspp08090401en.exe
    2007-06-30 07:02 21,992,766 ----a-w C:\Program Files\chartnexus_2_1_setup_jre_151.exe
    2007-06-20 06:21 21,736,784 ----a-w C:\Program Files\DivXInstaller.exe
    2007-06-20 05:55 1,416,944 ----a-w C:\Program Files\WM9Codecs.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 13:48 1388544]
    "OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2007-10-29 11:17 398784]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-24 07:18 185896]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 14:12 222720]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cadab45-1d4a-11dc-8a86-000b2b10e0b0}]
    \Shell\Auto\command - setup.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cadac4b-1d4a-11dc-8a86-000b2b10e0b0}]
    \Shell\Auto\command - setup.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-06-22 03:10:47 C:\WINDOWS\Tasks\RegCure Program Check.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2008-06-21 05:36:50 C:\WINDOWS\Tasks\RegCure.job"
    - C:\Program Files\RegCure\RegCure.exe
    "2008-06-22 03:10:47 C:\WINDOWS\Tasks\XoftSpySE 2.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    "2008-06-21 05:36:50 C:\WINDOWS\Tasks\XoftSpySE.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    .
    **************************************************************************
    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-22 17:36:34
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2008-06-22 17:43:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-06-22 09:42:58
    Pre-Run: 23,156,019,200 bytes free
    Post-Run: 23,609,802,752 bytes free
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    157


    Malwarebytes' Anti-Malware 1.18
    Database version: 876
    18:16:54 2008-06-22
    mbam-log-6-22-2008 (18-16-54).txt
    Scan type: Quick Scan
    Objects scanned: 42858
    Time elapsed: 8 minute(s), 19 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:19, on 2008-06-22
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
    C:\WINDOWS\TEMP\FDAE1D.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Trend Micro\Client Server Security Agent\Pop3Trap.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.markingservices.com.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.markingservices.com.sg/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = markingservices.local
    O17 - HKLM\Software\..\Telephony: DomainName = markingservices.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CCDDC184-E865-45BA-8B0D-60CEADC49AE8}: NameServer = 10.7.0.1,165.21.83.88,165.21.100.88
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = markingservices.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = markingservices.local
    O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
    O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
    --
    End of file - 5012 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/723510

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice