Need help. Cant run Hijack

M

mbrienzo

New Member
Ive got some sort of virus. I have run malwarebytes and it doesnt find anything. I am unable to update it either. I click on the lick for hijack and it says the link is broken. If I try to go to any spyware software site it gives me a broken link as well. Once the broken link appears, it then pops up a window saying my computer is infected and then brings up a webpage. The last time I couldnt close it, had to log off to get it closed. Dont know where to go from here.

All help is greatly appreciated.

Matt
 
So i read some more posts and found a way to run hijack, combofix and update malwarebytes. Here are the log files:

Hijack;
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 8:58:38 PM, on 2/24/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: lxbl_device - - C:\Windows\system32\lxblcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8104 bytes

Combofix;
ComboFix 10-02-24.01 - Matt 02/24/2010 20:12:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1052 [GMT -5:00]
Running from: F:\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-146166976-1290263405-2568111299-500
c:\$recycle.bin\S-1-5-21-747642811-3982433225-4087218088-500
c:\users\Matt\AppData\Roaming\inst.exe
c:\windows\bill102.exe
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_srvoko6


((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.

2010-02-25 01:22 . 2010-02-25 01:27 -------- d-----w- c:\users\Matt\AppData\Local\temp
2010-02-25 01:22 . 2010-02-25 01:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-25 01:22 . 2010-02-25 01:22 -------- d-----w- c:\users\Chase_Colten\AppData\Local\temp
2010-02-25 01:22 . 2010-02-25 01:22 -------- d-----w- c:\users\Chase\AppData\Local\temp
2010-02-25 01:22 . 2010-02-25 01:22 -------- d-----w- c:\users\Audra\AppData\Local\temp
2010-02-25 01:10 . 2010-02-25 01:10 -------- d-----w- c:\program files\TrendMicro
2010-02-24 00:37 . 2010-02-24 00:37 -------- d-----w- c:\users\Audra\AppData\Roaming\Malwarebytes
2010-02-23 21:29 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-09 20:27 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-07 19:50 . 2010-02-07 19:50 -------- d-----w- c:\users\Audra\AppData\Roaming\Facebook
2010-02-07 19:33 . 2010-02-07 19:33 -------- d-----w- c:\users\Chase\AppData\Roaming\Media Player Classic
2010-01-30 21:52 . 2010-01-30 21:52 -------- d-----w- c:\users\Matt\AppData\Local\IsolatedStorage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 01:10 . 2010-02-25 01:10 388096 ----a-r- c:\users\Matt\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-25 00:35 . 2007-12-06 05:18 -------- d-----w- c:\program files\Java
2010-02-25 00:26 . 2009-02-17 13:25 56160 ----a-w- c:\programdata\nvModes.dat
2010-02-24 15:43 . 2008-03-28 08:28 79680 ----a-w- c:\users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 12:44 . 2008-03-27 14:40 79680 ----a-w- c:\users\Chase\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 22:25 . 2009-11-27 22:16 41 ----a-w- c:\users\Chase\jagex_runescape_preferences.dat
2010-02-23 22:22 . 2009-11-27 22:18 69 ----a-w- c:\users\Chase\jagex_runescape_preferences2.dat
2010-02-10 08:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-07 19:50 . 2010-02-07 19:50 50354 ----a-w- c:\users\Audra\AppData\Roaming\Facebook\uninstall.exe
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\Audra\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\Audra\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-30 21:52 . 2009-02-01 21:09 -------- d-----w- c:\program files\TurboTax
2010-01-30 12:43 . 2010-01-30 12:43 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbEE6F.tmp.exe
2010-01-27 23:38 . 2008-03-27 02:08 -------- d-----w- c:\program files\Google
2010-01-25 12:00 . 2010-02-23 21:28 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-23 21:28 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-23 21:28 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-23 21:28 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-23 21:28 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-23 21:28 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-23 21:28 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-23 21:28 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-23 21:28 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-19 01:19 . 2008-12-25 12:24 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2010-01-18 23:07 . 2008-07-02 21:10 47360 ----a-w- c:\users\Matt\AppData\Roaming\pcouffin.sys
2010-01-18 23:07 . 2008-07-02 21:10 47360 ----a-w- c:\users\Matt\AppData\Roaming\pcouffin.sys
2010-01-18 23:07 . 2008-07-02 21:10 -------- d-----w- c:\users\Matt\AppData\Roaming\Vso
2010-01-18 23:05 . 2008-03-27 01:16 -------- d-----w- c:\program files\Yahoo!
2010-01-18 22:49 . 2010-01-18 22:49 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2010-01-18 22:49 . 2010-01-18 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 22:48 . 2010-01-18 22:48 -------- d-----w- c:\programdata\Malwarebytes
2010-01-14 16:12 . 2009-10-02 20:29 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-08 00:05 . 2010-01-08 00:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_androidusb_01005.Wdf
2010-01-07 21:07 . 2010-01-18 22:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2010-01-18 22:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 15:39 . 2010-02-23 21:28 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-23 21:28 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 13:30 . 2010-02-23 21:28 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-01-21 22:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 22:07 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 22:07 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 22:07 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 00:39 . 2010-01-01 00:39 -------- d-----w- c:\users\Audra\AppData\Roaming\TomTom
2009-12-31 18:16 . 2009-12-31 18:16 -------- d-----w- c:\programdata\TomTom
2009-12-31 18:16 . 2009-12-31 18:16 -------- d-----w- c:\users\Matt\AppData\Roaming\TomTom
2009-12-31 18:15 . 2009-12-31 18:15 -------- d-----w- c:\program files\TomTom International B.V
2009-12-31 18:15 . 2009-12-31 18:15 -------- d-----w- c:\program files\TomTom HOME 2
2009-12-31 18:13 . 2009-12-31 18:13 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-12-30 01:15 . 2009-12-30 01:15 -------- d-----w- c:\programdata\Trymedia
2009-12-30 01:15 . 2009-12-30 01:15 -------- d-----w- c:\program files\Yahoo! Games
2009-12-11 11:43 . 2010-02-09 20:27 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-09 20:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-09 20:27 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-09 20:27 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 20:01 . 2009-01-29 15:49 32768 ----a-w- c:\windows\system32\drivers\o6ko.sys
2009-12-08 20:01 . 2009-01-29 15:49 104960 ----a-w- c:\windows\system32\o6ko.dll
2009-12-08 17:26 . 2010-02-09 20:27 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-09 20:27 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-09 20:27 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-09 20:27 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-09 20:27 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-09 20:27 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-09 20:27 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-09 20:27 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-09 20:27 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-09 20:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-09 20:27 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-09 20:27 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-03 21:28 . 2009-12-03 21:28 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb49CC.tmp.exe
2009-11-27 22:13 . 2009-11-27 22:13 34 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb83B1.tmp.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-27 68856]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-03-27 02:08 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
"VistaSp2"=hex(b):7a,9c,2b,1d,ef,72,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [11/8/2009 10:01 AM 114768]
R1 o6ko;Sendmail VMware Auto for;c:\windows\System32\drivers\o6ko.sys [1/29/2009 10:49 AM 32768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [11/8/2009 10:01 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [11/8/2009 10:01 AM 53328]
R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe -service --> c:\windows\system32\lxblcoms.exe -service [?]
S3 androidusb;ADB Interface Driver;c:\windows\System32\drivers\androidusb.sys [9/4/2009 4:38 PM 25728]
S4 gupdate1c9bba3b46d09f0;Google Update Service (gupdate1c9bba3b46d09f0);c:\program files\Google\Update\GoogleUpdate.exe [4/12/2009 2:20 PM 133104]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
netsvc6 REG_MULTI_SZ srvoko6

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 19:20]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 19:20]

2010-02-25 c:\windows\Tasks\User_Feed_Synchronization-{64DF82A4-4C43-4067-95A6-5FB32B806D70}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: intuit.com\ttlc
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\lxblcoms.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
**************************************************************************
.
Completion time: 2010-02-24 20:37:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-25 01:37

Pre-Run: 49,156,231,168 bytes free
Post-Run: 48,735,240,192 bytes free

- - End Of File - - 19652AEF6540D7A3E50AE0FF55C995C

Malwarebytes;
Malwarebytes' Anti-Malware 1.44
Database version: 3787
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

2/24/2010 9:05:27 PM
mbam-log-2010-02-24 (21-05-27).txt

Scan type: Quick Scan
Objects scanned: 133093
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\o6ko (Worm.KoobFace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc6 (Worm.KoobFace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\o6ko.dll (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\o6ko.sys (Worm.KoobFace) -> Quarantined and deleted successfully.


Again, all the help on the forum is greatly appreciated and a lifesaver.

Matt
 
How is your system running now? It seems malwarebytes has deleted the leftover infections from your combofix log. It is always preferred to run malwarebytes first then combofix and then hijackthis. If you are still having problems let me know.
 
The system is running good now. The problem I had was Malwarebytes wasnt finding anything and I couldnt update it until I ran combofix. Then I ran it and it found it. I do appreciate all the help this forum provides.

Matt
 
You must log in or register to reply here.
Back
Top