Help - Search - Members - Calendar
Full Version: Hijackthis Log
BleepingComputer.com > Security > HijackThis Logs and Malware Removal > Misplaced HJT Logs
   
Gabriel516
Jul 1 2008, 02:16 AM
I'm running Trend Micro antivirus protection on my computer and the past few days its been notifying me that I have a trojan virus. I keep thinking the problem has been fixed but it comes back again. Someone suggested I post my Hijackthis log here, so that's what I'm doing. What other info do you need?

CODE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:00 AM, on 7/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\System32\mobsync.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccVScan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {242CEEF0-8490-4C33-8D69-AC5056765A03} - C:\Windows\system32\ddcBQhgg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnnkLEvV.dll,#1
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11067 bytes

Gabriel516
Jul 1 2008, 02:20 AM
Here's an Autoruns log too.


CODE
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup            
HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon            
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon            
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit            
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell            
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell            
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell            
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell            
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman            
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run            
+ Adobe Reader Speed Launcher    Adobe Acrobat SpeedLauncher    (Verified) Adobe Systems, Incorporated    c:\program files\adobe\reader 8.0\reader\reader_sl.exe
+ DELL Webcam Manager    Dell Webcam Manager Application    (Not verified) Creative Technology Ltd.    c:\program files\dell\dell webcam manager\dellwmgr.exe
+ IAAnotif    Event Monitor User Notification Tool    (Verified) Intel Corporation    c:\program files\intel\intel matrix storage manager\iaanotif.exe
+ ISUSPM Startup    Macrovision FLEXnet Connect Software Manager    (Not verified) Macrovision Corporation    c:\program files\common files\installshield\updateservice\isuspm.exe
+ ISUSScheduler    Macrovision FLEXnet Connect Scheduler    (Not verified) Macrovision Corporation    c:\program files\common files\installshield\updateservice\issch.exe
+ MSServer            c:\windows\system32\nnnklevv.dll
+ pccguide.exe    PCCGuide    (Verified) Trend Micro, Inc.    c:\program files\trend micro\internet security 14\pccguide.exe
+ PSQLLauncher    Fingerprint Launcher    (Verified) UPEK Inc.    c:\program files\fingerprint reader suite\launcher.exe
+ QuickTime Task    QuickTime Task    (Not verified) Apple Inc.    c:\program files\quicktime\qttask.exe
+ SunJavaUpdateSched    Java(TM) Platform SE binary    (Verified) Sun Microsystems, Inc.    c:\program files\java\jre1.6.0_06\bin\jusched.exe
+ TMRUBottedTray        (Verified) Trend Micro, Inc.    c:\program files\trend micro\rubotted\tmrubottedtray.exe
+ UpdReg    Creative UpdReg    (Not verified) Creative Technology Ltd.    c:\windows\updreg.exe
+ VolPanel    VolPanlu.exe    (Not verified) Creative Technology Ltd    c:\program files\creative\sbaudigy\volume panel\volpanlu.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx            
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce            
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup            
+ Adobe Gamma.lnk    Adobe Gamma Loader    (Not verified) Adobe Systems, Inc.    c:\program files\common files\adobe\calibration\adobe gamma loader.exe
+ Bluetooth.lnk    Bluetooth Tray Application    (Verified) Broadcom Corporation    c:\program files\widcomm\bluetooth software\bttray.exe
+ QuickSet.lnk    QuickSet    (Verified) Dell Inc.    c:\program files\dell\quickset\quickset.exe
C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup            
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load            
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run            
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run            
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run            
HKCU\Software\Microsoft\Windows\CurrentVersion\Run            
+ AdobeUpdater    Adobe Updater    (Verified) Adobe Systems Incorporated    c:\program files\common files\adobe\updater5\adobeupdater.exe
+ Aim6    AIM    (Verified) AOL LLC    c:\program files\aim6\aim6.exe
+ Steam    Steam    (Verified) Valve    c:\program files\steam\steam.exe
+ swg    GoogleToolbarNotifier    (Verified) Google Inc    c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
+ Uniblue RegistryBooster 2    Uniblue Registry Booster    (Verified) Uniblue Systems    c:\program files\uniblue\registrybooster 2\startregistrybooster.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce            
HKLM\SOFTWARE\Classes\Protocols\Filter            
HKLM\SOFTWARE\Classes\Protocols\Handler            
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components            
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components            
HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components            
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler            
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad            
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad            
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks            
+ nnnklevv.dll            c:\windows\system32\nnnklevv.dll
HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers            
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers            
+ WinRAR            c:\program files\winrar\rarext.dll
HKCU\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers            
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers            
+ SafearchiveContextMenu    PSQL file safe    (Not verified) UPEK Inc.    c:\program files\fingerprint reader suite\farchns.dll
HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers            
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers            
+ WinRAR            c:\program files\winrar\rarext.dll
HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers            
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers            
+ WinRAR            c:\program files\winrar\rarext.dll
HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers            
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers            
HKCU\Software\Classes\Folder\Shellex\ColumnHandlers            
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers            
+ PDF Shell Extension    PDF Shell Extension    (Not verified) Adobe Systems, Inc.    c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers            
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers            
+ UEAFOverlay    PSQL file safe    (Not verified) UPEK Inc.    c:\program files\fingerprint reader suite\farchns.dll
+ UEAFOverlayOpen    PSQL file safe    (Not verified) UPEK Inc.    c:\program files\fingerprint reader suite\farchns.dll
HKCU\Software\Microsoft\Ctf\LangBarAddin            
HKLM\Software\Microsoft\Ctf\LangBarAddin            
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved            
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved            
+ iTunes    iTunes Mini Player DLL    (Verified) Apple Inc.    c:\program files\itunes\itunesminiplayer.dll
+ Monitor    BTNCopy Module    (Not verified) Broadcom Corporation.    c:\windows\system32\btncopy.dll
+ Safearchive ContextMenu Class    PSQL file safe    (Not verified) UPEK Inc.    c:\program files\fingerprint reader suite\farchns.dll
+ Safearchive ExtractIcon Class    PSQL file safe    (Not verified) UPEK Inc.    c:\program files\fingerprint reader suite\farchns.dll
+ Safearchive PropertySheetHandler Class    PSQL file safe    (Not verified) UPEK Inc.    c:\program files\fingerprint reader suite\farchns.dll
+ Safearchive ShellFolder Class    PSQL file safe    (Not verified) UPEK Inc.    c:\program files\fingerprint reader suite\farchns.dll
+ WinRAR shell extension            c:\program files\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects            
+ Google Toolbar Helper    Google IE Client Toolbar    (Verified) Google Inc    c:\program files\google\googletoolbar2.dll
+ SSVHelper Class    Java(TM) Platform SE binary    (Verified) Sun Microsystems, Inc.    c:\program files\java\jre1.6.0_06\bin\ssv.dll
+ {242CEEF0-8490-4C33-8D69-AC5056765A03}            c:\windows\system32\ddcbqhgg.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks            
HKLM\Software\Microsoft\Internet Explorer\Toolbar            
+ &Google    Google IE Client Toolbar    (Verified) Google Inc    c:\program files\google\googletoolbar2.dll
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars            
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars            
HKCU\Software\Microsoft\Internet Explorer\Extensions            
HKLM\Software\Microsoft\Internet Explorer\Extensions            
+ Send to &Bluetooth Device...            c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Task Scheduler            
+ \Apple\AppleSoftwareUpdate    Apple Software Update    (Verified) Apple Computer, Inc.    c:\program files\apple software update\softwareupdate.exe
HKLM\System\CurrentControlSet\Services            
+ AdobeActiveFileMonitor6.0    Tracks files that are managed by Adobe Photoshop Elements    (Verified) Adobe Systems Incorporated    c:\program files\adobe\photoshop elements 6.0\photoshopelementsfileagent.exe
+ Creative Labs Licensing Service    Provides licensing services for Creative Labs applications.    (Not verified) Creative Labs    c:\program files\common files\creative labs shared\service\creativelicensing.exe
+ Creative Service for CDROM Access    Creative Service for CDROM Access    (Not verified) Creative Technology Ltd    c:\windows\system32\ctsvccda.exe
+ EvtEng    Manages the event trace messages for all the components of Intel(R) PROSet/Wireless software.    (Not verified) Intel Corporation    c:\program files\intel\wireless\bin\evteng.exe
+ IAANTMON    RAID Monitor    (Verified) Intel Corporation    c:\program files\intel\intel matrix storage manager\iaantmon.exe
+ PcCtlCom    Manages the Trend Micro PC-cillin components.    (Verified) Trend Micro, Inc.    c:\program files\trend micro\internet security 14\pcctlcom.exe
+ RegSrvc    Intel(R) PROSet/Wireless Registry Service    (Not verified) Intel Corporation    c:\program files\intel\wireless\bin\regsrvc.exe
+ Rpcnet    rpcnet    (Verified) Absolute Software Corp.    c:\windows\system32\rpcnet.exe
+ RUBotted    Show Trend Micro RUBotted warnings    (Verified) Trend Micro, Inc.    c:\program files\trend micro\rubotted\tmrubotted.exe
+ Tmntsrv    Enables scanning in real time.    (Verified) Trend Micro, Inc.    c:\program files\trend micro\internet security 14\tmntsrv.exe
+ TmPfw    Manages the Trend Micro Personal Firewall.    (Verified) Trend Micro, Inc.    c:\program files\trend micro\internet security 14\tmpfw.exe
+ tmproxy    Manages the Trend Micro Proxy.    (Verified) Trend Micro, Inc.    c:\program files\trend micro\internet security 14\tmproxy.exe
+ Viewpoint Manager Service    Ensures Viewpoint 3D and Rich Media Technologies are up to date    (Not verified) Viewpoint Corporation    c:\program files\viewpoint\common\viewpointservice.exe
HKLM\System\CurrentControlSet\Services            
+ DSproct    Process Trigger Driver    (Not verified) Gteko Ltd.    c:\program files\dellsupport\gtaction\triggers\dsproct.sys
+ IpInIp    IP in IP Tunnel Driver        File not found: system32\DRIVERS\ipinip.sys
+ NwlnkFlt    IPX Traffic Filter Driver        File not found: system32\DRIVERS\nwlnkflt.sys
+ NwlnkFwd    IPX Traffic Forwarder Driver        File not found: system32\DRIVERS\nwlnkfwd.sys
+ PxHelp20    Px Engine Device Driver for Windows 2000/XP    (Verified) Sonic Solutions    c:\windows\system32\drivers\pxhelp20.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute            
HKLM\System\CurrentControlSet\Control\Session Manager\SetupExecute            
HKLM\System\CurrentControlSet\Control\Session Manager\Execute            
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options            
HKLM\Software\Microsoft\Command Processor\Autorun            
HKCU\Software\Microsoft\Command Processor\Autorun            
HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default)            
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls            
+ C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL    Google Desktop    (Not verified) Google    c:\program files\google\google desktop search\googledesktopnetwork3.dll
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls            
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System            
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost            
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify            
+ psfus    Logon stub    (Not verified) UPEK Inc.    c:\windows\system32\psqlpwd.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL            
+ vrlogon.dll    GINA replacement    (Not verified) UPEK Inc.    c:\windows\system32\vrlogon.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman            
HKCU\Control Panel\Desktop\Scrnsave.exe            
HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImagePath            
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries            
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries            
+ mdnsNSP    Bonjour Namespace Provider    (Not verified) Apple Inc.    c:\program files\bonjour\mdnsnsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors            
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders            
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages            
+ C:\Windows\system32\ddcBQhgg            c:\windows\system32\ddcbqhgg.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages            
+ psqlpwd    Logon stub    (Not verified) UPEK Inc.    c:\windows\system32\psqlpwd.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages            
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers            
+ Provider Object    Windows Vista Credential Provider    (Not verified) UPEK Inc.    c:\program files\fingerprint reader suite\provider.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters            
+ Provider Filter Object    Windows Vista Credential Provider    (Not verified) UPEK Inc.    c:\program files\fingerprint reader suite\provider.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers            
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order            
C:\Users\Gabriel\AppData\Local\Microsoft\Windows Sidebar\Settings.ini            
+ Clock    Watch the clock in your own time zone or any city in the world.    (Not verified) Microsoft Corporation    C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml
+ Feed Headlines    Track the latest news, sports, and entertainment headlines.    (Not verified) Microsoft Corporation    C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-US\Gadget.xml
+ Slide Show    Show a continuous slide show of your pictures.    (Not verified) Microsoft Corporation    C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-US\Gadget.xml

quietman7
Jul 1 2008, 11:29 AM
I have moved your Topic that includes a HijackThis log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis logs analysis and probably missed the directions we provide to those who require assistance. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware anlaysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not.

Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system.

Please complete all the steps in the Guide. If you have performed some of them already, then just continue with the next. There are instructions for downloading and running Deckard's System Scanner (DSS) which will create a hijackthis log for you, or automatically download and install the most current version of HijackThis if it's not already installed on your computer.

Please note that it is important that Deckard's System Scanner be run and a log created while in normal mode. If you run it and create your log while in safe mode, you will be asked to redo it again properly. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Guide to post a new log.

Please DO NOT post any more logs to this topic, or post a log again in the wrong forum.

The Misplaced HJT Logs forum is strictly a holding area where the BC Staff can assist you with preparations for and to properly post your log. If you have a question or encounter a problem in the Prep Guide, please do post back to this topic; that is what it is here for.

When your new HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done.

Thanks for your cooperation and good luck.
The BC Staff
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.