You are here:
- Home
- Computing/Technology
- Internet/Network Security
- Computer Security & Viruses
- follow up hijackthis log
Computer Security & Viruses/follow up hijackthis log
Advertisement
Question
QUESTION: Hi Brian,
Sorry, just aske you a question about hijackthis disabled ... I thought I could upload the file, here it is pasted ...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:48 AM, on 04-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Adobe\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AllExperts\AllExperts.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\Real\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "F:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RRT-Auto] C:\DOCUME~1\acer\LOCALS~1\Temp\Temporary Directory 1 for RRT.zip\RRT.exe auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Startup: JAZZ FM.URL
O4 - Global Startup: GUARDIAN.url
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O23 - Service: McAfee Application Installer Cleanup (0152341215095500) (0152341215095500mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\015234~1.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 9369 bytes
ANSWER: Hi Andy
Please download ComboFix from here and save to your desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Please disable your antivirus application for now, as this may interfere with the removal process.
Doubleclick combofix.exe
Follow the prompts.
Note - Your internet connection will be terminated while ComboFix runs. Do Not attempt to re-enable it. Should ComboFix terminate prematurely, restart the computer to restore connectivity.
Don't use your mouse or keyboard while the fix is running, because that will cause your system to hang.
When finished and after reboot (in case it rebooted), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthis log.
Brian
---------- FOLLOW-UP ----------
QUESTION: Hi Brian,
Thanks for help so far, here are the log reports >>
Andy
ComboFix 08-07-05.1 - acer 2008-07-08 18:00:10.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.506 [GMT 8:00]
Running from: C:\Documents and Settings\acer\Desktop\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.
2008-07-08 16:50 . 2008-07-08 16:50 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-07-08 16:50 . 2008-07-08 16:50 <DIR> d--h----- C:\Documents and Settings\acer\InstallAnywhere
2008-07-08 15:43 . 2008-07-08 15:43 <DIR> d-------- C:\Program Files\ComfortKeys
2008-07-08 15:43 . 2008-07-08 15:43 <DIR> d-------- C:\Documents and Settings\acer\Application Data\ComfortSoftware
2008-07-08 14:30 . 2008-07-08 14:30 3 --a------ C:\Documents and Settings\acer\Application Data\ispnetkey.dll
2008-07-04 11:17 . 2008-07-04 11:17 <DIR> d-------- C:\Program Files\AllExperts
2008-07-03 18:05 . 2008-07-03 18:05 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-03 17:37 . 2008-07-03 17:37 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-03 17:05 . 2004-08-04 05:00 146,432 --a------ C:\WINDOWS\mpam4_regedit_XP.exe
2008-07-03 16:45 . 2004-08-04 05:00 146,432 --a------ C:\WINDOWS\Copy of regedit.exe
2008-07-03 16:15 . 2004-08-04 00:56 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-07-03 16:15 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-07-03 16:15 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-07-03 16:15 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-07-03 16:15 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-07-03 16:14 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-07-03 16:14 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-07-03 16:14 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-07-03 16:14 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-07-03 16:14 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-07-03 16:14 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\dllcache\wshirda.dll
2008-07-03 16:13 . 2001-08-17 13:28 771,581 --a------ C:\WINDOWS\system32\dllcache\winacisa.sys
2008-07-03 16:13 . 2001-08-17 13:28 701,386 --a------ C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-07-03 16:13 . 2004-08-03 22:31 154,624 --a------ C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-07-03 16:13 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-07-03 16:13 . 2001-08-17 22:36 53,760 --a------ C:\WINDOWS\system32\dllcache\wiamsmud.dll
2008-07-03 16:13 . 2001-08-17 12:10 35,871 --a------ C:\WINDOWS\system32\dllcache\wbfirdma.sys
2008-07-03 16:13 . 2001-08-17 12:12 34,890 --a------ C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-07-03 16:13 . 2004-08-03 23:08 31,744 --a------ C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-07-03 16:13 . 2004-08-03 22:29 23,615 --a------ C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2008-07-03 16:13 . 2004-08-03 23:07 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-07-03 16:11 . 2001-08-17 13:28 794,399 --a------ C:\WINDOWS\system32\dllcache\usr1806v.sys
2008-07-03 16:10 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-07-03 16:09 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-07-03 16:09 . 2001-08-17 14:56 440,576 --a------ C:\WINDOWS\system32\dllcache\tridkb.dll
2008-07-03 16:09 . 2001-08-17 14:56 315,520 --a------ C:\WINDOWS\system32\dllcache\trid3d.dll
2008-07-03 16:09 . 2001-08-17 12:51 222,336 --a------ C:\WINDOWS\system32\dllcache\trid3dm.sys
2008-07-03 16:09 . 2001-08-17 22:36 216,064 --a------ C:\WINDOWS\system32\dllcache\um34scan.dll
2008-07-03 16:09 . 2001-08-17 22:36 211,968 --a------ C:\WINDOWS\system32\dllcache\um54scan.dll
2008-07-03 16:09 . 2001-08-17 12:51 166,784 --a------ C:\WINDOWS\system32\dllcache\tridxpm.sys
2008-07-03 16:09 . 2001-08-17 12:51 159,232 --a------ C:\WINDOWS\system32\dllcache\tridkbm.sys
2008-07-03 16:09 . 2001-08-17 13:52 36,736 --a------ C:\WINDOWS\system32\dllcache\ultra.sys
2008-07-03 16:09 . 2001-08-17 13:48 11,520 --a------ C:\WINDOWS\system32\dllcache\twotrack.sys
2008-07-03 16:08 . 2001-08-17 14:01 241,664 --a------ C:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-07-03 16:08 . 2001-08-17 14:02 230,912 --a------ C:\WINDOWS\system32\dllcache\tosdvd03.sys
2008-07-03 16:08 . 2001-08-17 12:51 138,528 --a------ C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2008-07-03 16:08 . 2001-08-17 12:14 123,995 --a------ C:\WINDOWS\system32\dllcache\tjisdn.sys
2008-07-03 16:08 . 2004-08-04 00:56 82,432 --a------ C:\WINDOWS\system32\dllcache\tp4mon.exe
2008-07-03 16:08 . 2001-08-17 22:35 42,496 --a------ C:\WINDOWS\system32\dllcache\tp4res.dll
2008-07-03 16:08 . 2001-08-17 12:12 34,375 --a------ C:\WINDOWS\system32\dllcache\tpro4.sys
2008-07-03 16:08 . 2001-08-17 22:36 31,744 --a------ C:\WINDOWS\system32\dllcache\tp4.dll
2008-07-03 16:08 . 2001-08-17 12:10 28,232 --a------ C:\WINDOWS\system32\dllcache\tos4mo.sys
2008-07-03 16:08 . 2001-08-17 13:51 4,992 --a------ C:\WINDOWS\system32\dllcache\toside.sys
2008-07-03 16:06 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-07-03 16:05 . 2001-08-17 22:36 114,688 --a------ C:\WINDOWS\system32\dllcache\sonypi.dll
2008-07-03 16:05 . 2001-08-17 22:36 106,584 --a------ C:\WINDOWS\system32\dllcache\spdports.dll
2008-07-03 16:05 . 2001-08-17 22:36 99,328 --a------ C:\WINDOWS\system32\dllcache\srusd.dll
2008-07-03 16:05 . 2001-08-17 13:51 61,824 --a------ C:\WINDOWS\system32\dllcache\speed.sys
2008-07-03 16:05 . 2001-08-17 12:51 37,040 --a------ C:\WINDOWS\system32\dllcache\sonypi.sys
2008-07-03 16:05 . 2001-08-17 22:36 24,660 --a------ C:\WINDOWS\system32\dllcache\spxupchk.dll
2008-07-03 16:05 . 2001-08-17 12:51 20,752 --a------ C:\WINDOWS\system32\dllcache\sonync.sys
2008-07-03 16:05 . 2001-08-17 14:07 19,072 --a------ C:\WINDOWS\system32\dllcache\sparrow.sys
2008-07-03 16:05 . 2001-08-17 13:53 9,600 --a------ C:\WINDOWS\system32\dllcache\sonymc.sys
2008-07-03 16:05 . 2004-08-03 23:00 7,552 --a------ C:\WINDOWS\system32\dllcache\sonyait.sys
2008-07-03 16:05 . 2001-08-17 13:53 7,040 --a------ C:\WINDOWS\system32\dllcache\snyaitmc.sys
2008-07-03 16:03 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-07-03 16:02 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-07-03 16:02 . 2001-08-17 14:56 252,032 --a------ C:\WINDOWS\system32\dllcache\sis300iv.dll
2008-07-03 16:02 . 2001-07-21 14:29 161,568 --a------ C:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-07-03 16:02 . 2001-08-17 12:50 101,760 --a------ C:\WINDOWS\system32\dllcache\sis300ip.sys
2008-07-03 16:02 . 2001-08-17 12:51 98,080 --a------ C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2008-07-03 16:02 . 2001-08-17 12:19 36,480 --a------ C:\WINDOWS\system32\dllcache\sfmanm.sys
2008-07-03 16:02 . 2001-07-21 14:29 18,400 --a------ C:\WINDOWS\system32\dllcache\sgsmld.sys
2008-07-03 16:02 . 2001-08-17 13:48 17,664 --a------ C:\WINDOWS\system32\dllcache\sermouse.sys
2008-07-03 16:02 . 2001-08-17 13:53 6,912 --a------ C:\WINDOWS\system32\dllcache\seaddsmc.sys
2008-07-03 16:02 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2008-07-03 16:02 . 2004-08-04 00:56 3,901 --a------ C:\WINDOWS\system32\dllcache\siint5.dll
2008-07-03 16:00 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-07-03 15:59 . 2001-08-17 22:36 86,097 --a------ C:\WINDOWS\system32\dllcache\reslog32.dll
2008-07-03 15:59 . 2004-08-03 22:59 79,104 --a------ C:\WINDOWS\system32\dllcache\rocket.sys
2008-07-03 15:59 . 2004-08-03 23:10 59,648 --a------ C:\WINDOWS\system32\dllcache\rfcomm.sys
2008-07-03 15:59 . 2001-08-17 12:12 37,563 --a------ C:\WINDOWS\system32\dllcache\rlnet5.sys
2008-07-03 15:59 . 2001-08-17 12:19 30,720 --a------ C:\WINDOWS\system32\dllcache\rthwcls.sys
2008-07-03 15:59 . 2004-08-03 23:04 30,080 --a------ C:\WINDOWS\system32\dllcache\rndismpx.sys
2008-07-03 15:59 . 2001-08-17 12:12 19,017 --a------ C:\WINDOWS\system32\dllcache\rtl8029.sys
2008-07-03 15:59 . 2004-08-03 22:41 13,776 --a------ C:\WINDOWS\system32\dllcache\recagent.sys
2008-07-03 15:59 . 2001-08-17 22:36 9,216 --a------ C:\WINDOWS\system32\dllcache\rsmgrstr.dll
2008-07-03 15:59 . 2001-08-17 12:19 3,840 --a------ C:\WINDOWS\system32\dllcache\rpfun.sys
2008-07-03 15:57 . 2004-08-04 00:56 363,520 --a------ C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-07-03 15:56 . 2004-08-04 00:56 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-07-03 15:55 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-07-03 15:54 . 2004-08-04 00:56 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-07-03 15:53 . 2004-08-03 22:31 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-07-03 15:52 . 2004-08-04 00:56 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-07-03 15:51 . 2004-08-04 00:56 56,832 --a------ C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-07-03 15:51 . 2004-08-03 23:10 51,328 --a------ C:\WINDOWS\system32\dllcache\msdv.sys
2008-07-03 15:51 . 2001-08-17 14:02 35,200 --a------ C:\WINDOWS\system32\dllcache\msgame.sys
2008-07-03 15:51 . 2004-08-03 23:00 22,016 --a------ C:\WINDOWS\system32\dllcache\msircomm.sys
2008-07-03 15:51 . 2001-08-17 13:52 17,280 --a------ C:\WINDOWS\system32\dllcache\mraid35x.sys
2008-07-03 15:51 . 2001-08-17 13:57 16,128 --a------ C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-07-03 15:51 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\dllcache\mpe.sys
2008-07-03 15:51 . 2001-08-17 13:48 6,016 --a------ C:\WINDOWS\system32\dllcache\msfsio.sys
2008-07-03 15:51 . 2001-08-17 14:00 2,944 --a------ C:\WINDOWS\system32\dllcache\msmpu401.sys
2008-07-03 15:49 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-07-03 15:48 . 2001-08-17 22:36 242,176 --a------ C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-07-03 15:47 . 2001-08-17 22:36 372,824 --a------ C:\WINDOWS\system32\dllcache\iconf32.dll
2008-07-03 15:47 . 2001-08-17 14:06 154,496 --a------ C:\WINDOWS\system32\dllcache\icam4usb.sys
2008-07-03 15:47 . 2001-08-17 14:05 141,056 --a------ C:\WINDOWS\system32\dllcache\icam3.sys
2008-07-03 15:47 . 2001-08-17 14:06 100,992 --a------ C:\WINDOWS\system32\dllcache\icam5usb.sys
2008-07-03 15:47 . 2001-08-17 22:36 91,136 --a------ C:\WINDOWS\system32\dllcache\icam4com.dll
2008-07-03 15:47 . 2001-08-17 22:36 61,952 --a------ C:\WINDOWS\system32\dllcache\icam4ext.dll
2008-07-03 15:47 . 2001-08-17 22:36 45,056 --a------ C:\WINDOWS\system32\dllcache\icam5com.dll
2008-07-03 15:47 . 2001-08-17 22:36 26,624 --a------ C:\WINDOWS\system32\dllcache\icam3ext.dll
2008-07-03 15:47 . 2001-08-17 22:36 20,480 --a------ C:\WINDOWS\system32\dllcache\icam5ext.dll
2008-07-03 15:47 . 2001-08-17 13:52 16,000 --a------ C:\WINDOWS\system32\dllcache\ini910u.sys
2008-07-03 15:47 . 2001-08-17 13:47 13,056 --a------ C:\WINDOWS\system32\dllcache\inport.sys
2008-07-03 15:45 . 2001-08-17 13:28 542,879 --a------ C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-07-03 15:44 . 2001-08-17 13:28 907,456 --a------ C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-07-03 15:43 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-07-03 15:42 . 2001-08-17 12:14 444,416 --a------ C:\WINDOWS\system32\dllcache\fpcibase.sys
2008-07-03 15:41 . 2001-08-17 12:17 629,952 --a------ C:\WINDOWS\system32\dllcache\eqn.sys
2008-07-03 15:40 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-07-03 15:39 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-07-03 15:38 . 2001-08-17 22:36 419,357 --a------ C:\WINDOWS\system32\dllcache\dgconfig.dll
2008-07-03 15:37 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 02:44 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-05-26 02:06 --------- d-----w C:\Documents and Settings\acer\Application Data\HP
2008-05-24 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-05-24 06:34 --------- d-----w C:\Documents and Settings\LocalService\Application Data\HP
2008-05-24 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-05-24 06:28 --------- d-----w C:\Program Files\Common Files\HP
2008-05-24 06:27 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-24 06:26 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-05-24 06:09 --------- d-----w C:\Program Files\HP
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 06:40 2,400,784 ----a-w C:\Program Files\WLinstaller.exe
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-21 07:04 615,936 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-04-21 07:04 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-04-21 07:04 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-04-21 07:04 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-04-21 07:04 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-04-21 07:04 3,059,712 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-21 07:04 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-04-21 07:04 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-04-21 07:03 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2008-04-21 07:03 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-04-21 07:03 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-04-21 07:03 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-04-21 07:03 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-04-21 07:03 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-04-21 07:03 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2008-04-21 07:03 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2008-04-21 07:03 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2008-04-17 10:52 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2006-03-20 03:16 13 ---h--w C:\Documents and Settings\All Users\Application Data\ÝÙÃÄ3113›.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-07_13.35.09.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-07 01:59:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-08 08:22:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-07 02:05:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-08 06:43:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-07 02:05:14 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-08 06:43:02 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 23:42 36904]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"Acrobat Assistant 7.0"="F:\Program Files\Adobe\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"SoundMan"="SOUNDMAN.EXE" [2004-05-13 23:47 67072 C:\WINDOWS\SOUNDMAN.EXE]
C:\Documents and Settings\acer\Start Menu\Programs\Startup\
Microsoft Office Outlook 2003.lnk - C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe [2005-10-07 14:08:02 794624]
JAZZ FM.URL [2008-01-19 10:50:24 76]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
GUARDIAN.url [2006-10-10 09:58:54 81]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-03 17:34:27 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-05-29 10:44:25 25214]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders rpasspc.dll, msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
"C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"C:\\WINDOWS\\System32\\mmc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"E:\\xampp\\mysql\\bin\\mysqld.exe"=
"E:\\xampp\\apache\\bin\\apache.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\BIN\\JAVAW.EXE"=
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"E:\\RSS FEED\\listgardenwin.exe"=
"E:\\IFFC\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\Program Files\\Real\\realplay.exe"=
R2 DVDAccss;DVDAccss;C:\WINDOWS\system32\drivers\DVDAccss.sys [2003-11-21 16:15]
S3 byqprayb;byqprayb;C:\WINDOWS\system32\drivers\byqprayb.sys [2008-07-03 13:26]
S3 dbwtu;dbwtu;C:\DOCUME~1\acer\LOCALS~1\Temp\_tmp.bat []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Aaa#AAA MONKEY]
\Shell\AutoRun\command - Iexplores.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Aaa#AAA-MONKEY]
\Shell\AutoRun\command - Iexplores.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12465cf2-7965-11dc-93fe-00115b55efad}]
\Shell\AutoRun\command - H:\smartAP.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e1888ec-3772-11da-90e7-00115b55efad}]
\Shell\AutoRun\command - H:\Iexplores.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e1888ed-3772-11da-90e7-00115b55efad}]
\Shell\AutoRun\command - I:\Iexplores.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-08 06:04:02 C:\WINDOWS\Tasks\outlookxcopy.job"
- F:\OUTLOOK xcopy backup\outlookxcopy.bat
"2008-06-30 17:00:20 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
"2008-06-14 18:11:12 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-06-30 00:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 18:01:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\dbwtu]
"ImagePath"="\??\C:\DOCUME~1\acer\LOCALS~1\Temp\_tmp.bat"
.
Completion time: 2008-07-08 18:02:07
ComboFix-quarantined-files.txt 2008-07-08 10:02:04
ComboFix3.txt 2008-07-07 05:35:30
ComboFix2.txt 2008-07-08 09:42:50
Pre-Run: 3,936,370,688 bytes free
Post-Run: 3,921,788,928 bytes free
288 --- E O F --- 2008-06-20 19:05:09
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:36 PM, on 08-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
F:\Program Files\Adobe\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AllExperts\AllExperts.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "F:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Startup: JAZZ FM.URL
O4 - Global Startup: GUARDIAN.url
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
--
End of file - 7030 bytes
2006-05-06 17:04 11687 --a------ C:\Qoobox\Quarantine\C\Program Files\Instant Access\Multi\20060506110528\js\js_api_dialer.php.vir
2006-05-06 17:04 1810 --a------ C:\Qoobox\Quarantine\C\Program Files\Instant Access\DesktopIcons\INSTANT ACCESS.lnk.vir
2006-05-06 17:04 1880 --a------ C:\Qoobox\Quarantine\C\Program Files\Instant Access\Center\INSTANT ACCESS.lnk.vir
2006-05-06 17:04 26490 --a------ C:\Qoobox\Quarantine\C\Program Files\Instant Access\Multi\20060506110528\Common\module.php.vir
2006-05-06 17:04 625 --a------ C:\Qoobox\Quarantine\C\Program Files\Instant Access\Multi\20060506110528\dialerexe.ini.vir
2006-05-06 17:04 6990 --a------ C:\Qoobox\Quarantine\C\WINDOWS\tmlpcert2007.vir
2006-05-06 17:04 766 --a------ C:\Qoobox\Quarantine\C\Program Files\Instant Access\Multi\20060506110528\medias\dialer.ico.vir
2008-02-16 16:04 88 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\acer\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol.vir
2008-02-16 17:43 189 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\acer\Application Data\Macromedia\Flash Player\#SharedObjects\G2DFNMF7\www.inter-focus.cn\IFFLASHAD_PLAYER.sol.vir
2008-07-08 18:01 162 --a------ C:\Qoobox\Quarantine\catchme.log
Hi Andy
Please open HJT and run a Scan Only. Place a check mark in the box next to the following item, then click the Fix Checked button:
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll (file missing)
Next, close HJT and reboot. Let me know if you are continuing to experience problems on this computer. Otherwise, your log file is clean. Hope that did the trick. Cheers!
Brian
- Add to this Answer
- Ask a Question
Questioner's Rating
| Rating(1-10) | Knowledgeability = 9 | Clarity of Response = 10 | Politeness = 10 |
| Comment | Thanks for the help Brian. I've done as you suggested and will get back to you if my computer acts weirdly again! | ||
Related Articles
Computer Security & Viruses
Answers by Expert:
Brian Benosky
Expertise
I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.
Experience
I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here:
http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm
I am also a Top Contributor of General Computing answers in Yahoo! Questions.
Education/Credentials
College Educated
Self-taught Computer Skills
©2012 About.com, a part of The New York Times Company. All rights reserved.