Need help with my cousin's computer, started off with a weird pop up regarding loading some settings; started in Safe mode, scanned with Malwarebytes, AVG, Spybot Search and Destroy. Decided to use Hijackthis to get a log, take a look. I'm not that knowledgeable with Hijackthis, so I can't completely understand what the log says, but I'm somewhat certain the exe's running from TEMP are from a virus.
Thanks in Advance.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:04:39 PM, on 7/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\lxdpcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\mdm.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\smss.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\notepad.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\gdi32.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\s5pk62ymb.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winamp.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\lsass.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\win32.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\drweb.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\s5pk62ymb.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\gdi32.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\csrss.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\sysedit.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\avp32.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\spoolsv.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\services.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\mns1ov.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\login.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\svchost.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\user.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\cmd.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\hexdump.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\winlogon.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ny3pr8920r.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\cmd.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\iexplarer.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\debug.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\nvsvc32.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\wininst.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\gccykxdtuttl1xs8.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\spj802c3ib.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\system.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ypkit15n.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\cmd.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\install.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\setup.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\win16.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://start.shaw.ca/start/enca/addons/search/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://start.shaw.ca/start/enca/addons/search/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://start.shaw.ca/start/enca/addons/search/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://start.shaw.ca/start/enca/addons/search/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://start.shaw.ca/start/enca/addons/search/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.mymanitoba.sympatico.ca/R3 - URLSearchHook: (no name) - {77A160CE-F3AE-DA07-6BD4-83EFCE361B45} - nmdllw.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: 64.233.167.104 sandbox.norman.no
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: m
O1 - Hosts: om
O1 - Hosts: om
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: com
O1 - Hosts: .com
O1 - Hosts: .com
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: d.com
O1 - Hosts: nd.com
O1 - Hosts: nd.com
O1 - Hosts: ind.com
O1 - Hosts: ind.com
O1 - Hosts: find.com
O1 - Hosts: find.com
O1 - Hosts: yfind.com
O1 - Hosts: yfind.com
O1 - Hosts: tyfind.com
O1 - Hosts: tyfind.com
O1 - Hosts: styfind.com
O1 - Hosts: styfind.com
O1 - Hosts: estyfind.com
O1 - Hosts: estyfind.com
O2 - BHO: C:\WINDOWS\system32\nw51jc9rb.dll - {C2BA40A2-75F1-51BD-F413-04B15A2C8950} - C:\WINDOWS\system32\nw51jc9rb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [sta] rundll32 "wxsyp.dll",,Run
O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\jxsyp.exe
O4 - HKLM\..\RunServices: [xpupdate] updates.exe
O4 - HKCU\..\Run: [mcexecwin] rundll32.exe C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\yxh5l.dll, RestoreWindows
O4 - HKCU\..\Run: [uiha98uiohf873yuiadnhgjesgregas] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\spj802c3ib.exe
O4 - HKCU\..\Run: [hsehf98u34i9tjioaugy987iuegdsg] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\wininst.exe
O4 - HKCU\..\Run: [Ebupikufevorido] rundll32.exe "C:\WINDOWS\pvint0.dll",Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [jgyo0w] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\19aqp.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -
http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} -
http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cabO16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} -
http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://www.shockwave.com/content/bejeweled...aploader_v6.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cabO17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: comlib - C:\WINDOWS\inf\comlib.dll (file missing)
O20 - Winlogon Notify: keyrun - C:\WINDOWS\Fonts\keyrun.dll (file missing)
O20 - Winlogon Notify: lsasdlg - lsasdlg.dll (file missing)
O20 - Winlogon Notify: nnnmnki - nnnmnki.dll (file missing)
O20 - Winlogon Notify: qomkihi - qomkihi.dll (file missing)
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat (file missing)
O20 - Winlogon Notify: vtUmmkLC - vtUmmkLC.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: jkzoiefu9s3huishf87efushdjkfgyuisfiud - {C2BA40A2-75F1-51BD-F413-04B15A2C8950} - C:\WINDOWS\system32\nw51jc9rb.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdpCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe
O23 - Service: lxdp_device - - C:\WINDOWS\system32\lxdpcoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
--
End of file - 13166 bytes