.exe file disappears on launch[continued]

View previous topic View next topic Go down

.exe file disappears on launch[continued]

Post by Lance(HAOH) on Sat Nov 28, 2009 2:31 am

This is a continuation of my previous topic:
[You must be registered and logged in to see this link.]

I am now on a vista machine.

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:54 AM, on 28/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\GreedyTorrent\GTor.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\hp\kbd\kbd.exe
C:\Program Files\HP\DVDPlay\DVDPlay.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKCU\..\Run: [GreedyTorrent] "C:\Program Files\GreedyTorrent\GTor.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

--
End of file - 5963 bytes


Here is my Malwarebytes log:


Malwarebytes' Anti-Malware 1.41
Database version: 3242
Windows 6.0.6002 Service Pack 2

28/11/2009 12:05:30 AM
mbam-log-2009-11-28 (00-05-22).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|H:\|I:\|J:\|K:\|L:\|)
Objects scanned: 262868
Time elapsed: 44 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\GabrielandGerard\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> No action taken.

Lance(HAOH)
Intermediate
Intermediate

Posts Posts : 138
Joined Joined : 2008-12-12
Gender Gender : Male
OS OS : Windows XP Professional, Windows 7 Enterprise, Windows 8 Professional WMC, Ubuntu Linux
Protection Protection : Avast 8
Points Points : 30170
# Likes # Likes : 0

View user profile

Back to top Go down

Re: .exe file disappears on launch[continued]

Post by Lance(HAOH) on Sat Nov 28, 2009 4:30 pm

Could someone please help me?

Lance(HAOH)
Intermediate
Intermediate

Posts Posts : 138
Joined Joined : 2008-12-12
Gender Gender : Male
OS OS : Windows XP Professional, Windows 7 Enterprise, Windows 8 Professional WMC, Ubuntu Linux
Protection Protection : Avast 8
Points Points : 30170
# Likes # Likes : 0

View user profile

Back to top Go down

Re: .exe file disappears on launch[continued]

Post by Belahzur on Sat Nov 28, 2009 6:51 pm

Hello.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: .exe file disappears on launch[continued]

Post by Lance(HAOH) on Sun Nov 29, 2009 3:46 am

µTorrent
7-Zip 4.65
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe CSI CS4
Adobe Dreamweaver CS4
Adobe Dreamweaver CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Fireworks CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe PDF Library Files CS4
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Allway Sync version 9.4.11
Audacity 1.3.9 (Unicode)
avast! Antivirus
CCleaner
Compatibility Pack for the 2007 Office system
Connect
CyberLink DVD Suite Deluxe
Dev-C++ 5 beta 9 release (4.9.9.2)
DVD Flick 1.3.0.7
DVD Play
eBay Icon
Enhanced Multimedia Keyboard Solution
Fate of the Dragon
FFmpeg for Audacity on Windows
FormatFactory 2.20
GreedyTorrent v1.01 beta build 170
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Update
Intel A/V Codecs V2.0
Intel(R) Matrix Storage Manager
Java(TM) 6 Update 15
Java(TM) SE Runtime Environment 6 Update 1
kuler
LabelPrint
LAME v3.98.2 for Audacity
LightScribe System Software
Malwarebytes' Anti-Malware
MediaRing Talk
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NVIDIA Drivers
Paint.NET v3.5
Picasa 3
Power2Go
PowerDirector
PSPad editor
Python 2.5
Realtek High Definition Audio Driver
Recuva
Revo Uninstaller 1.83
Smart Defrag
Spelling Dictionaries Support For Adobe Reader 9
Suite Shared Configuration CS4
Unlocker 1.8.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 1.0.3
WampServer 2.0
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Xvid 1.2.2 final uninstall

Lance(HAOH)
Intermediate
Intermediate

Posts Posts : 138
Joined Joined : 2008-12-12
Gender Gender : Male
OS OS : Windows XP Professional, Windows 7 Enterprise, Windows 8 Professional WMC, Ubuntu Linux
Protection Protection : Avast 8
Points Points : 30170
# Likes # Likes : 0

View user profile

Back to top Go down

Re: .exe file disappears on launch[continued]

Post by Belahzur on Sun Nov 29, 2009 7:09 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    µTorrent
    eBay Icon
    GreedyTorrent v1.01 beta build 170
    Java(TM) 6 Update 15
    Java(TM) SE Runtime Environment 6 Update 1

  • Click on the Uninstall/Change button at the top.

Still having problems now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: .exe file disappears on launch[continued]

Post by Lance(HAOH) on Mon Nov 30, 2009 12:21 pm

Nope. But do I have to run DDS and combofix again?

Lance(HAOH)
Intermediate
Intermediate

Posts Posts : 138
Joined Joined : 2008-12-12
Gender Gender : Male
OS OS : Windows XP Professional, Windows 7 Enterprise, Windows 8 Professional WMC, Ubuntu Linux
Protection Protection : Avast 8
Points Points : 30170
# Likes # Likes : 0

View user profile

Back to top Go down

Re: .exe file disappears on launch[continued]

Post by Belahzur on Mon Nov 30, 2009 8:15 pm

No, this should be fine now if there is no more problems and you stay away from torrents/P2P.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: .exe file disappears on launch[continued]

Post by Lance(HAOH) on Mon Nov 30, 2009 11:44 pm

Thanks a lot for your help! Thank You!

Lance(HAOH)
Intermediate
Intermediate

Posts Posts : 138
Joined Joined : 2008-12-12
Gender Gender : Male
OS OS : Windows XP Professional, Windows 7 Enterprise, Windows 8 Professional WMC, Ubuntu Linux
Protection Protection : Avast 8
Points Points : 30170
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum