1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

I Need help removing Nebuler.E, Small.AAAA, Vundo.KC and Virut.AC

Discussion in 'Malware and Virus Removal Archive' started by heyheyboobooo, 2008/01/11.

  1. 2008/01/11
    heyheyboobooo

    heyheyboobooo Inactive Thread Starter

    Joined:
    2008/01/10
    Messages:
    2
    Likes Received:
    0
    Hi, Ive been trying for about 2 weeks now to remove these 4 things from my computer:

    Trojan:Win32/Nebuler.E
    TrojanDownloader:Win32/Small.AAAA
    TrojanDownloader:Win32/Vundo.KC
    Virus:Win32/Virut.AC

    So far ive tried using AVG Antivirus, Spyware Doctor, Ad-aware, Windows oneCare(online scan) and the Panda ActiveScan(Online Scan). So far the only one that even recognizes that they are there is the Windows OneCare.

    Deckard's System Scanner v20071014.68
    Run by Kevin Halldorson on 2008-01-11 12:35:47
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Kevin Halldorson.exe) ------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:35:54 PM, on 11/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Windows Live Safety Center\wlscUploader.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Kevin Halldorson\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\KEVINH~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onecare.live.com/site/en-us/default.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe "
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q305&bd=pavilion&pf=laptop
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.5.107.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132449025343
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 11777 bytes

    -- Files created between 2007-12-11 and 2008-01-11 -----------------------------

    2008-01-11 00:37:25 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
    2008-01-11 00:29:48 8576 --a------ C:\WINDOWS\system32\drivers\cmwnfcmtpuxf.sys <Not Verified; Panda Software International; RKPavProc Driver>
    2008-01-11 00:22:11 0 d-------- C:\WINDOWS\LastGood
    2008-01-10 16:47:22 8576 --a------ C:\WINDOWS\system32\drivers\ijoekebkoqex.sys <Not Verified; Panda Software International; RKPavProc Driver>
    2008-01-10 16:42:02 0 d-------- C:\Program Files\Trend Micro
    2008-01-10 16:30:08 0 d-------- C:\WINDOWS\system32\ActiveScan
    2008-01-03 16:54:08 0 d-------- C:\WINDOWS\tiinst
    2008-01-03 16:51:17 201728 --a------ C:\WINDOWS\creator <Not Verified; SoftThinks; DeleteRP Application>
    2008-01-03 16:51:17 0 d-------- C:\Program Files\SP36691
    2008-01-03 16:21:51 0 dr------- C:\Documents and Settings\Administrator\Start Menu
    2008-01-03 16:21:51 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
    2008-01-03 16:21:51 0 dr-h----- C:\Documents and Settings\Administrator\Recent
    2008-01-03 16:21:51 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
    2008-01-03 16:21:51 0 d--h----- C:\Documents and Settings\Administrator\NetHood
    2008-01-03 16:21:51 0 dr------- C:\Documents and Settings\Administrator\My Documents
    2008-01-03 16:21:51 0 d-------- C:\Documents and Settings\Administrator\Desktop
    2008-01-03 16:21:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
    2008-01-03 16:21:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
    2008-01-03 16:21:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
    2008-01-03 01:37:40 0 dr------- C:\Documents and Settings\Administrator\Favorites
    2008-01-03 01:37:40 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
    2008-01-03 01:37:40 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
    2008-01-03 01:37:40 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2008-01-03 01:37:39 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
    2008-01-03 01:37:38 0 d--h----- C:\Documents and Settings\Administrator\Templates
    2008-01-03 01:37:36 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
    2007-12-25 22:02:12 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-25 21:54:42 0 d-------- C:\Program Files\Google
    2007-12-17 00:40:06 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7


    -- Find3M Report ---------------------------------------------------------------

    2008-01-11 05:04:38 0 d-------- C:\Program Files\Windows Live Safety Center
    2008-01-11 05:04:36 0 d-------- C:\Program Files\Winamp Toolbar
    2008-01-10 18:24:35 0 d-------- C:\Program Files\MSN Messenger
    2008-01-10 18:19:43 0 d-------- C:\Program Files\iTunes
    2008-01-10 18:16:44 0 d-------- C:\Program Files\Common Files\LightScribe
    2008-01-10 17:35:03 0 d-------- C:\Program Files\vso
    2008-01-10 17:34:42 0 d-------- C:\Documents and Settings\Kevin Halldorson\Application Data\Vso
    2008-01-10 17:34:42 33 --a------ C:\Documents and Settings\Kevin Halldorson\Application Data\pcouffin.log
    2008-01-10 17:34:34 1074 --a------ C:\Documents and Settings\Kevin Halldorson\Application Data\pcouffin.cat
    2008-01-10 17:34:33 47360 --a------ C:\Documents and Settings\Kevin Halldorson\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
    2008-01-10 17:34:31 1144 --a------ C:\Documents and Settings\Kevin Halldorson\Application Data\pcouffin.inf
    2008-01-03 16:54:39 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-12-26 21:04:15 0 d-------- C:\Program Files\Winamp
    2007-12-26 20:45:24 0 d-------- C:\Program Files\Common Files
    2007-12-18 22:00:05 0 d-------- C:\Documents and Settings\Kevin Halldorson\Application Data\Azureus
    2007-12-08 16:45:31 0 d-------- C:\Program Files\Azureus
    2007-12-07 00:31:01 0 d-------- C:\Documents and Settings\Kevin Halldorson\Application Data\AVG7
    2007-12-07 00:12:12 0 d-------- C:\Program Files\DAEMON Tools Pro
    2007-12-07 00:07:51 0 d-------- C:\Documents and Settings\Kevin Halldorson\Application Data\DAEMON Tools Pro
    2007-11-18 12:58:48 0 d-------- C:\Program Files\iPod
    2007-11-18 12:57:15 0 d-------- C:\Program Files\QuickTime


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
    04/10/2007 12:06 PM 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} "= C:\Program Files\Winamp Toolbar\winamptb.dll [04/10/2007 12:06 PM 1135968]

    [-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant "= "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [11/04/2005 02:21 PM]
    "SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/02/2005 04:12 AM]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/09/2007 02:27 AM]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [20/12/2007 03:34 PM]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [11/04/2007 02:32 PM C:\WINDOWS\KHALMNPR.Exe]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [26/07/2006 02:03 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [14/11/2007 11:43 PM]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [15/11/2007 01:11 PM]
    "SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02:29 AM]
    "WINREMOTE "= "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [20/10/2005 05:02 AM]
    "LSBWatcher "= "c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [14/10/2004 12:54 PM]
    "HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [16/02/2005 10:11 PM]
    "Easy-PrintToolBox "= "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [13/01/2004 05:10 PM]
    "eabconfg.cpl "= "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [03/12/2004 12:24 PM]
    "Cpqset "= "C:\Program Files\HPQ\Default Settings\cpqset.exe" [17/02/2005 02:01 PM]
    "Acrobat Assistant 7.0 "= "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 07:52 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr "= "C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54 PM]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00 AM]
    "StartCCC "= "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 11:35 AM]
    "WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 07:05 PM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [31/03/2006 7:16:36 PM]
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [04/11/2004 6:28:24 PM]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [10/09/2007 8:50:55 AM]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iRiver Updater]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

    *Newly Created Service* - CMWNFCMTPUXF



    -- End of Deckard's System Scanner: finished at 2008-01-11 12:36:07 ------------

    Any help would really be appreciated
    Thanks.
     
    heyheyboobooo,
    #1
  2. 2008/01/11
    heyheyboobooo

    heyheyboobooo Inactive Thread Starter

    Joined:
    2008/01/10
    Messages:
    2
    Likes Received:
    0
    I don't mean to be pushy but please, can anybody give me a hand or some advice as to help disinfect my computer?
     
    heyheyboobooo,
    #2


  3. to hide this advert.

  4. 2008/01/12
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS heyheyboobooo :)

    Just a few leftover registry entries showing in those logs. Were you given a location and/or name of the infected items found? Do you have a scan log that shows the findings?

    Scan with HijackThis and place a check next to the following entries, close all other windows then click Fix Checked.

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
     
    noahdfear,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...