Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Nov 21st, 2008, 4:43am
   Mischel Internet Security Forum
   Malware
   Adware, Browser Hijackers and other Malware (Moderators: Helena, Gavin_Coe, Magnus)
   Please Help - HijackThis Scan log		 « Previous topic | Next topic »
Pages: 1 2  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Please Help - HijackThis Scan log  (Read 610 times)
GodsSoldier
Newbie
*





   


Posts: 15
Please Help - HijackThis Scan log
« on: May 23rd, 2008, 6:58pm »		 Quote Quote  Modify Modify
How bad is it? Thank you very much for your help!
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:02 PM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe
C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\REGEDIT.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\system32\wuauclt.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo. com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo. com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo. com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo. com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {99C92EED-01D9-420A-9BA1-D3AC9B57D71F} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Video - {F856BB9E-855B-498D-883E-3509C550A031} - C:\WINDOWS\korad.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [xclzreq] c:\windows\system32\xzrcser.exe r
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ndZ] C:\windows\temp\ndZ.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [jgqemc] C:\WINDOWS\System32\jjcvhsmm.exe
O4 - HKLM\..\Run: [irznlKCax] C:\documents and settings\flaca\local settings\temp\irznlKCax.exe
O4 - HKLM\..\Run: [ibecdbv8] C:\WINDOWS\system32\ibecdbv8.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [defghijklm] C:\WINDOWS\System32\defghijklm.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Flaca\LOCALS~1\Temp\TEMPOR~1\Content.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\TEMPOR~1.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\History\History.IE5\MSE813~1.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\History\History.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\History.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\Cookies.SH!
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=f32e3517-f0f7-44fb-abc7-08febf233be5
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: FriendFinder Messenger.lnk = C:\Program Files\FriendFinder Messenger\FriendFinder Messenger.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -  
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - http://playgames.comcast.net/online2/mahjong_escape_ancient_japan/SpinTo pGamesLauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} -  
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5245/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: entrsv - C:\WINDOWS\inf\entrsv.dll (file missing)
O20 - Winlogon Notify: lvruvhux - lvruvhux.dll (file missing)
O20 - Winlogon Notify: vvfnmsop - vvfnmsop.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Anonymizer Anti-Spyware Service (AnonAswSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe
O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
 
--
End of file - 18611 bytes
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5799
Re: Please Help - HijackThis Scan log
« Reply #1 on: May 24th, 2008, 11:30am »		 Quote Quote  Modify Modify
Welcome to the forum GodsSoldier,  Cheesy
 
There are some infections showing up.  Please do this:
 
1.  Run another Hijackthis scan.
 
2.  When the scan is completed, place a check mark next to the following items.  BE SURE that these are the only items checked.
 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
 
O2 - BHO: (no name) - {99C92EED-01D9-420A-9BA1-D3AC9B57D71F} - (no file)
 
O2 - BHO: Video - {F856BB9E-855B-498D-883E-3509C550A031} - C:\WINDOWS\korad.dll (file missing)
 
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
 
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
 
O20 - Winlogon Notify: entrsv - C:\WINDOWS\inf\entrsv.dll (file missing)
 
O20 - Winlogon Notify: lvruvhux - lvruvhux.dll (file missing)
 
O20 - Winlogon Notify: vvfnmsop - vvfnmsop.dll (file missing)
 
3.  Close your Browser window
 
4.  Then click on Fix Checked located at the bottom left of the HJT window.  Confirm that you want these items fixed and let HJT fix them.
 
5.  Close HiJackthis and immediately reboot.
 
After you reboot, please do the following:
 
1.  Go to the link below and download program Combofix.exe and save it on your desktop.  
   
http://download.bleepingcomputer.com/sUBs/ComboFix.exe  
   
2.  Temporarily de-activate all your security programs EXCEPT your software firewall.  
   
3.  Close down as many programs as you can (programs in the Notification Tray-  next to the clock).  
   
4.  Close your browser.  
   
5.  Double click on Combofix.exe to execute it and follow the instructions.  
   
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
   
-  When Combofix.exe is finished, it will save a log on your system.    
   
6.  Post the Combofix log back here    
   
7.  Run Hijackthis and post the new HiJackthis scan log back here.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
GodsSoldier
Newbie
*





   


Posts: 15
Re: Please Help - HijackThis Scan log
« Reply #2 on: May 24th, 2008, 12:55pm »		 Quote Quote  Modify Modify
Thank You! Grin
 
I did all that already, I actually read some posts and did all of that.  How do programs like friend finder get on my machine that I never download? I have noticed some stuff in the log I have never even used. Are these all hackers Angry and should i look out for them in the future?
 
It says my post is too long I am posting separately I hope that is ok.
 
Here is beginning of combolog:
 
ComboFix 08-05-21.3 - Flaca 2008-05-24 13:25:30.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.563 [GMT -4:00]
Running from: C:\Documents and Settings\Flaca\Desktop\ComboFix.exe
 
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
 
(((((((((((((((((((((((((   Files Created from 2008-04-24 to 2008-05-24  )))))))))))))))))))))))))))))))
.
 
2008-05-24 12:45 . 2008-05-24 13:23
54,156
--ah-----
C:\WINDOWS\QTFont.qfn
2008-05-24 12:45 . 2008-05-24 12:45
1,409
--a------
C:\WINDOWS\QTFont.for
2008-05-24 12:30 . 2008-05-24 12:30
<DIR>
d--------
C:\Program Files\PC Drivers HeadQuarters
2008-05-24 12:30 . 2008-05-24 12:30
<DIR>
d--------
C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-05-24 01:03 . 2008-05-24 01:03
<DIR>
d--------
C:\Documents and Settings\Flaca\Application Data\cerasus.media
2008-05-24 01:03 . 2008-05-24 01:03
<DIR>
d--------
C:\Documents and Settings\All Users\Application Data\cerasus.media
2008-05-24 00:58 . 2008-05-24 01:45
<DIR>
d--------
C:\Program Files\Chill
2008-05-23 21:32 . 2008-05-23 21:32
<DIR>
d--------
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-23 20:37 . 2008-05-23 20:38
<DIR>
d--------
C:\Program Files\CCleaner
2008-05-23 19:33 . 2008-05-23 20:55
<DIR>
d--------
C:\Program Files\TrojanHunter 5.0
2008-05-21 21:11 . 2008-05-21 21:11
<DIR>
d--------
C:\Program Files\Common Files\Wise Installation Wizard
2008-05-20 17:49 . 2008-05-20 17:49
<DIR>
d--------
C:\Documents and Settings\All Users\Application Data\{9E97B640-FCFE-4900-B18A-72FAE662D6B7}
2008-05-20 17:48 . 2007-10-08 14:04
939,368
--a------
C:\WINDOWS\SYSTEM32\flash.ocx
2008-05-20 17:00 . 2000-03-23 12:50
446,464
-ra------
C:\WINDOWS\SYSTEM32\hhactivex.dll
2008-05-20 17:00 . 1999-05-07 13:24
414,944
--a------
C:\WINDOWS\SYSTEM32\COMCT332.OCX
2008-05-20 17:00 . 1998-11-10 10:46
328,480
--a------
C:\WINDOWS\SYSTEM32\ssa3d30.ocx
2008-05-20 17:00 . 2002-01-08 17:00
176,128
--a------
C:\WINDOWS\SYSTEM32\RcdScan.dll
2008-05-20 17:00 . 1998-09-24 12:03
171,967
--a------
C:\WINDOWS\SYSTEM32\Odbcjet.hlp
2008-05-20 17:00 . 1998-06-17 23:00
89,360
--a------
C:\WINDOWS\SYSTEM32\VB5DB.DLL
2008-05-20 17:00 . 1998-09-24 12:03
7,348
--a------
C:\WINDOWS\SYSTEM32\Odbcjet.cnt
2008-05-20 12:22 . 2008-05-20 12:22
<DIR>
d--------
C:\WINDOWS\SYSTEM32\Migration
2008-05-20 11:50 . 2008-05-20 11:50
<DIR>
d--------
C:\Program Files\RegCure
2008-05-19 18:53 . 2008-05-19 18:53
221,184
--a------
C:\WINDOWS\SnoopFreeUI.exe
2008-05-19 18:53 . 2008-05-19 18:53
90,112
--a------
C:\WINDOWS\SYSTEM32\SnoopFreeSvc.exe
2008-05-19 18:53 . 2008-05-19 18:53
45,056
--a------
C:\WINDOWS\SnoopFreeDll.dll
2008-05-19 18:53 . 2008-05-19 18:53
9,472
--a------
C:\WINDOWS\SYSTEM32\DRIVERS\SnopFree.sys
2008-05-16 11:58 . 2008-05-16 11:58
12,632
--a------
C:\WINDOWS\SYSTEM32\lsdelete.exe
2008-04-29 11:20 . 2008-04-29 11:20
15,648
--a------
C:\WINDOWS\SYSTEM32\DRIVERS\NSDriver.sys
2008-04-29 11:19 . 2008-04-29 11:19
15,648
--a------
C:\WINDOWS\SYSTEM32\DRIVERS\Awrtrd.sys
2008-04-29 11:19 . 2008-04-29 11:19
12,960
--a------
C:\WINDOWS\SYSTEM32\DRIVERS\Awrtpd.sys
 
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 16:31
---------
d--h--w
C:\Program Files\InstallShield Installation Information
2008-05-24 05:52
---------
d---a-w
C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-24 04:58
---------
d-----w
C:\Program Files\Common Files\Oberon Media
2008-05-24 01:05
---------
d-----w
C:\Program Files\Spybot - Search & Destroy
2008-05-24 01:04
---------
d-----w
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-24 00:56
---------
d-----w
C:\Program Files\Trapware Corporation
2008-05-24 00:37
---------
d-----w
C:\Program Files\Yahoo!
2008-05-24 00:05
---------
d-----w
C:\Program Files\Google
2008-05-22 01:12
---------
d-----w
C:\Program Files\Lavasoft
2008-05-22 01:12
---------
d-----w
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-20 16:24
---------
d-----w
C:\Documents and Settings\All Users\Application Data\avg7
2008-05-20 16:11
---------
d-----w
C:\Program Files\Real
2008-05-20 16:11
---------
d-----w
C:\Documents and Settings\Flaca\Application Data\Move Networks
2008-05-17 13:05
---------
d-----w
C:\Documents and Settings\Flaca\Application Data\AdobeUM
2008-05-04 20:45
---------
d-----w
C:\Program Files\XoftSpySE
2008-04-27 19:07
---------
d-----w
C:\Program Files\Common Files\Adobe
2008-04-22 02:38
---------
d-----w
C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-04-21 19:23
---------
d-----w
C:\Program Files\VirtualDJ
2008-04-21 18:36
---------
d-----w
C:\Program Files\McAfee
2008-04-21 17:26
---------
d-----w
C:\Documents and Settings\Flaca\Application Data\AVG7
2008-04-20 22:05
---------
d-----w
C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-20 18:36
---------
d-----w
C:\Program Files\Viewpoint
2008-04-17 23:30
---------
d-----w
C:\Program Files\Trend Micro
2008-04-17 20:07
---------
d-----w
C:\Program Files\RegistryFix
2008-04-16 02:40
---------
d-----w
C:\Program Files\MSECache
2008-04-04 00:17
---------
d-----w
C:\Program Files\iTunes
2008-04-04 00:17
---------
d-----w
C:\Program Files\iPod
2008-04-04 00:13
---------
d-----w
C:\Program Files\QuickTime
2008-03-27 08:12
151,583
----a-w
C:\WINDOWS\SYSTEM32\msjint40.dll
2008-03-19 09:47
1,845,248
----a-w
C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-01 13:06
826,368
----a-w
C:\WINDOWS\SYSTEM32\wininet.dll
2008-02-25 20:18
0
----a-w
C:\WINDOWS\Fonts\AeroOutline.tt
2008-02-25 20:18
0
----a-w
C:\WINDOWS\Fonts\AeroLight.tt
2008-02-25 20:18
0
----a-w
C:\WINDOWS\Fonts\AeroExtended.tt
2008-02-25 20:18
0
----a-w
C:\WINDOWS\Fonts\AeroCondensed.tt
2008-02-25 20:18
0
----a-w
C:\WINDOWS\Fonts\Aero.tt
2008-02-25 20:17
82
----a-w
C:\WINDOWS\Fonts\._.DS_Store
2007-02-03 17:20
974,268
--sha-w
C:\WINDOWS\INF\vsrtne.ini2
2006-07-15 02:39
10,752
--sha-w
C:\Program Files\Thumbs.db
2005-09-02 00:06
186
----a-w
C:\Program Files\seven.reg
2005-07-30 00:00
664,654
----a-w
C:\Program Files\screen_03.exe
2005-07-29 23:59
967,234
----a-w
C:\Program Files\screen_04.exe
2005-07-29 23:58
683,024
----a-w
C:\Program Files\screen_02.exe
2005-07-29 23:56
664,203
----a-w
C:\Program Files\screen_01.exe
2005-07-25 19:24
1,782,960
----a-w
C:\Program Files\tmas-web-scan.exe
2005-03-09 21:44
4,970
----a-w
C:\Program Files\SEvEN.nfo
2005-03-09 21:41
174
----a-w
C:\Program Files\seven.dat
2005-03-09 21:14
49,152
----a-w
C:\Program Files\snd3d.dll
2005-03-09 21:14
32,768
----a-w
C:\Program Files\snd3d_fmod.dll
2005-03-09 21:14
193,772
----a-w
C:\Program Files\splashscreen.jpg
2005-03-09 21:14
176,128
----a-w
C:\Program Files\ui2.dll
2005-03-09 21:14
16,255,227
----a-w
C:\Program Files\data.mjz
2004-12-09 03:06
893,252
----a-r
C:\Program Files\What's New in 6_0.pdf
2004-12-09 03:06
632,550
----a-r
C:\Program Files\Contacting Quark.pdf
2004-12-09 03:06
509,570
----a-r
C:\Program Files\Demo ReadMe.pdf
2004-12-09 03:06
152,053
----a-r
C:\Program Files\License Agreement.pdf
2004-12-09 03:06
1,082,258
----a-r
C:\Program Files\Guide to QXP Addendum.pdf
2004-12-09 03:05
474,353
----a-r
C:\Program Files\Updater ReadMe.pdf
2004-12-04 00:03
50,665,546
----a-r
C:\Program Files\Data1.cab
2004-12-04 00:03
4,188,160
----a-r
C:\Program Files\QuarkXPress 6.5 Demo.msi
2004-08-18 19:01
2,931,712
---ha-w
C:\Program Files\BOOTIMG.BIN
2004-08-18 19:00
2,048
---ha-w
C:\Program Files\BOOTCAT.BIN
2004-08-18 13:34
2,740
----a-w
C:\Program Files\INSTOPTS.DAT
2004-08-18 13:09
577,024
----a-w
C:\Program Files\SCRBLOCK.MSI
2004-08-18 13:09
204,997
----a-w
C:\Program Files\DEFRULES.DAT
2004-08-18 13:09
2,182,656
----a-w
C:\Program Files\IWP.MSI
2004-08-18 13:08
556,032
----a-w
C:\Program Files\PARENT.MSI
2004-08-18 13:08
100,864
----a-w
C:\Program Files\MSREDIST.MSI
2004-08-18 13:08
1,132,544
----a-w
C:\Program Files\SYMLT.MSI
2004-08-18 13:08
1,121,280
----a-w
C:\Program Files\NAV.MSI
2004-08-18 12:54
1,475,072
----a-w
C:\Program Files\DISK3.IMG
2004-08-18 12:51
1,475,072
----a-w
C:\Program Files\DISK2.IMG
2004-08-18 12:49
1,475,072
----a-w
C:\Program Files\DISK1.IMG
2004-08-18 12:44
99,456
----a-w
C:\Program Files\APWCMD9X.DLL
2004-08-18 12:20
110
----a-w
C:\Program Files\VERSION.DAT
2004-08-18 03:36
87,192
----a-w
C:\Program Files\SYMLTCOM.DLL
2004-08-18 03:36
74,904
----a-w
C:\Program Files\LTCHKRES.DLL
2004-08-18 03:36
656,536
----a-w
C:\Program Files\SYMUIHLP.DLL
2004-08-18 03:36
324,760
----a-w
C:\Program Files\SYMUIAX2.OCX
2004-08-18 03:36
226,456
----a-w
C:\Program Files\ACTRES.DLL
2004-08-18 03:36
22,168
----a-w
C:\Program Files\LRSEND.EXE
2004-08-18 03:36
169,112
----a-w
C:\Program Files\SLTCHK01.DLL
2004-08-18 03:36
169,112
----a-w
C:\Program Files\DJSALERT.DLL
2004-08-18 03:36
148,632
----a-w
C:\Program Files\SYMLCUI.DLL
2004-08-18 03:36
140,440
----a-w
C:\Program Files\SYMBBAAX.OCX
2004-08-18 03:36
132,248
----a-w
C:\Program Files\CFGWIZ.EXE
2004-08-18 03:22
9,728
----a-w
C:\Program Files\UNIN.DLL
2004-08-18 03:22
9,728
----a-w
C:\Program Files\SYMHELP.DLL
2004-08-18 03:22
9,728
----a-w
C:\Program Files\SUPT_CPD.DLL
2004-08-18 03:22
9,728
----a-w
C:\Program Files\OPTIONS.DLL
2004-08-18 03:22
9,728
----a-w
C:\Program Files\MONITOR.DLL
2004-08-18 03:22
9,728
----a-w
C:\Program Files\LU_SUB.DLL
2004-08-18 03:22
3,832
----a-w
C:\Program Files\CFGWIZ.TLB
2004-08-18 03:22
112,640
----a-w
C:\Program Files\HELP.MSI
2004-08-18 03:21
9,728
----a-w
C:\Program Files\NAV_001.DLL
2004-08-18 03:21
9,728
----a-w
C:\Program Files\LU_PC.DLL
2004-08-18 03:21
9,728
----a-w
C:\Program Files\LU_MODE.DLL
2004-08-18 03:21
9,728
----a-w
C:\Program Files\LU_FAQ.DLL
2004-08-18 03:21
9,728
----a-w
C:\Program Files\LU_004.DLL
2004-08-18 03:21
9,728
----a-w
C:\Program Files\LU_003.DLL
2007-02-03 17:20
974,268
--sha-w
C:\WINDOWS\INF\vsrtne.ini2
.
 
(((((((((((((((((((((((((((((   snapshot@2008-05-23_21.54.18.28   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-24 16:30:44
184,320
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\3ca8 c7d362d7a3675c344c1579b30005\DriversHQ.DriverDetective.Common.ni.dll
+ 2008-05-24 16:30:26
2,236,416
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\44eb d042ef56bf4c9ca617adb1942a74\DriversHQ.DriverDetective.Client.ni.exe
+ 2008-05-24 16:30:45
57,856
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\ad84 0beeac4cf221d79b894e731a52a5\DriversHQ.DriverDetective.ExceptionLogging. ni.dll
+ 2008-05-24 16:30:37
225,280
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\c533 129262205686976f2d05d3fc89e9\DriversHQ.DriverDetective.Client.Communicat ion.ni.dll
+ 2008-05-24 16:30:45
249,856
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\9b29 f77352782e25520051e9a2165ccd\Microsoft.ApplicationBlocks.Updater.ni.dll
+ 2008-05-24 16:30:53
2,441,216
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\b3b62fe 820b416515420a6ec17b247c3\Microsoft.JScript.ni.dll
+ 2008-05-24 16:30:55
167,936
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\264a 02da4ba71b8ad3bc5c65d21f535a\Microsoft.Practices.EnterpriseLibrary.Secur ity.Cryptography.ni.dll
+ 2008-05-24 16:30:54
356,352
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\7752 f8cfb86957944f4882ace6f996c2\Microsoft.Practices.ObjectBuilder.ni.dll
+ 2008-05-24 16:30:47
368,640
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\ea85 63fc0a0c59330ab878a2f428a3f6\Microsoft.Practices.EnterpriseLibrary.Commo n.ni.dll
+ 2008-05-24 16:30:37
17,920
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd07306 94ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2008-05-24 16:30:53
77,824
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e674ba75a51 4e00b26329e212da938e0\Microsoft.Vsa.ni.dll
+ 2008-05-24 16:30:35
163,840
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c466 25ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2008-05-24 16:30:43
1,183,744
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abd b47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2008-05-24 16:30:33
2,756,608
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504 af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2008-05-24 16:30:49
1,064,960
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\29c7192 327cf3999961560bf3a3995c6\System.Management.ni.dll
+ 2008-05-24 16:30:40
815,104
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2008-05-24 16:30:35
339,968
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5c f8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soa p.ni.dll
+ 2008-05-24 16:30:56
139,264
----a-w
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\1fcfda856 b6a110ed833efa1ec27e647\XPBurnComponent.ni.dll
- 2008-05-24 01:40:46
2,048
--s-a-w
C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-24 17:23:32
2,048
--s-a-w
C:\WINDOWS\BOOTSTAT.DAT
+ 2008-05-24 16:30:07
26,694
----a-r
C:\WINDOWS\Installer\{621C02EA-AAFF-4026-A903-165D59529A16}\ARPPRODUCTIC ON.exe
+ 2008-05-24 16:30:07
69,632
----a-r
C:\WINDOWS\Installer\{621C02EA-AAFF-4026-A903-165D59529A16}\DriversHQ.Dr iverDe_212B77217E284373BD0AA155B0932A89.exe
+ 2008-05-24 16:30:07
69,632
----a-r
C:\WINDOWS\Installer\{621C02EA-AAFF-4026-A903-165D59529A16}\DriversHQ.Dr iverDe_212B77217E284373BD0AA155B0932A89_1.exe
.
(((((((((((((((((((((((((((((((((((((((((((((   AWF   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w      278,528 2005-05-14 04:20:50  C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w      267,048 2008-03-30 14:36:40  C:\Program Files\iTunes\iTunesHelper.exe
 
----a-w  98,304 2005-07-25 23:01:09  C:\Program Files\QuickTime\bak\qttask.exe
----a-w      413,696 2008-03-29 03:37:20  C:\Program Files\QuickTime\QTTask.exe
 
----a-w  13,312 2003-07-16 16:20:13  C:\WINDOWS\SYSTEM32\bak\ctfmon.exe
----a-w  15,360 2004-08-04 05:56:50  C:\WINDOWS\SYSTEM32\ctfmon.exe
 
----a-w      172,032 2004-04-06 10:28:46  C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb11.exe
 
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown  
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [ ]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.exe" [2007-01-17 19:02 95784]
"CheckNetworkConnection"="C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" [ ]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xclzreq"="c:\windows\system32\xzrcser.exe" [ ]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 18:24 28672 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-26 17:20 185896]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [ ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [ ]
"jgqemc"="C:\WINDOWS\System32\jjcvhsmm.exe" [ ]
"irznlKCax"="C:\documents and settings\flaca\local settings\temp\irznlKCax.exe" [ ]
"ibecdbv8"="C:\WINDOWS\system32\ibecdbv8.exe" [ ]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 12:27 28672]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 03:04 114741]
"Dell AIO Printer A960"="C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" [ ]
"defghijklm"="C:\WINDOWS\System32\defghijklm.exe" [ ]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 14:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 12:22 20480]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 22:34 49152]
"SnoopFreeUI"="SnoopFreeUI.exe" [2008-05-19 18:53 221184 C:\WINDOWS\SnoopFreeUI.exe]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [ ]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [ ]
"AIMPro"="C:\Program Files\AIM\AIM Pro\aimpro.exe" [ ]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58 856064]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-04 01:56 15360]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 01:56 53760 C:\WINDOWS\SYSTEM32\narrator.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 01:59 44544]
 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.e xe [2007-10-16 18:20:26 25214]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-02-17 23:25:57 110592]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.MSNAUDIO"= msnaudio.acm
"SENTINEL"= snti386.dll
"VIDC.JDCT"= jl_jdct.drv
 
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
IP Logged
GodsSoldier
Newbie
*





   


Posts: 15
Re: Please Help - HijackThis Scan log
« Reply #3 on: May 24th, 2008, 12:58pm »		 Quote Quote  Modify Modify
combolog cont:
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2LRX2W83X2T3MQ]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4kOc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\6gxNuiUtt]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defghijklm]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker0]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibecdbv8]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irznlKCax]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jgqemc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndZ]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rxagik]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\satmat]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Anonymizer\\Anonymizer Software\\common\\AnonProxy.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
 
R2 AnonAswSvc;Anonymizer Anti-Spyware Service;"C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe"  [2007-10-22 05:12]
R2 AnonMgmtSvc;Anonymizer Management Service;"C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe"  [2007-10-22 05:12]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys []
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 00:04]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12
REG_MULTI_SZ    
Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt
REG_MULTI_SZ    
hpqcxs08 hpqddsvc
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##192.168.1.10#c$#Deploy#Office_2003]
\Shell\AutoRun\command - Z:\SETUP.EXE /AUTORUN
\Shell\configure\command - Z:\SETUP.EXE
\Shell\install\command - Z:\SETUP.EXE
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{908d84df-91d8-11db-911b-000cf193dd71}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8364dca-0eab-11dc-925e-000cf193dd71}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
 
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-24 17:00:01 C:\WINDOWS\Tasks\AF2C9B4E90A3120E.job"
- c:\progra~1\hecktr~1\Bendantiobj.exe
"2008-05-23 22:10:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-15 05:02:30 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-01 06:00:33 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-20 22:00:00 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
"2008-05-24 17:23:40 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-20 15:51:10 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
************************************************************************ **
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 13:31:46
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...  
 
scanning hidden autostart entries ...
 
scanning hidden files ...  
 
scan completed successfully
hidden files: 0
 
************************************************************************ **
.
--------------------- DLLs Loaded Under Running Processes ---------------------
 
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\SnoopFreeDll.dll
.
Completion time: 2008-05-24 13:35:51
ComboFix-quarantined-files.txt  2008-05-24 17:35:36
ComboFix2.txt  2008-05-24 01:54:48
 
Pre-Run: 14,050,951,168 bytes free
Post-Run: 14,042,021,888 bytes free
 
324
--- E O F ---
2008-05-17 18:23:33
IP Logged
GodsSoldier
Newbie
*





   


Posts: 15
Re: Please Help - HijackThis Scan log
« Reply #4 on: May 24th, 2008, 12:58pm »		 Quote Quote  Modify Modify
Hijack This (thanks again!):
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:27 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo. com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo. com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [xclzreq] c:\windows\system32\xzrcser.exe r
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [jgqemc] C:\WINDOWS\System32\jjcvhsmm.exe
O4 - HKLM\..\Run: [irznlKCax] C:\documents and settings\flaca\local settings\temp\irznlKCax.exe
O4 - HKLM\..\Run: [ibecdbv8] C:\WINDOWS\system32\ibecdbv8.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [defghijklm] C:\WINDOWS\System32\defghijklm.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Flaca\LOCALS~1\Temp\TEMPOR~1\Content.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\TEMPOR~1.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\History\History.IE5\MSE813~1.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\History\History.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\History.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\Cookies.SH!
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=f32e3517-f0f7-44fb-abc7-08febf233be5
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -  
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - http://playgames.comcast.net/online2/mahjong_escape_ancient_japan/SpinTo pGamesLauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} -  
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5245/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Anonymizer Anti-Spyware Service (AnonAswSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe
O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
--
End of file - 16155 bytes
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5799
Re: Please Help - HijackThis Scan log
« Reply #5 on: May 24th, 2008, 2:27pm »		 Quote Quote  Modify Modify
Okay, now please do this:
 
1.  Download/install the Trial version of TrojanHunter.  The download link is at the top of this forum page.
 
2.  Because the Trial version does not activate LiveUpdate, go to the link below and manually update the TH rulesets to the latest version.
 
http://www.misec.net/trojanhunter/updating/
 
3.  Go the link below and download/install the Free version of SuperAntiSpyware.
 
http://www.SuperAntiSpyware.com
 
4.  Be sure to update to the latest definitions during the installation of SuperAntiSpyware.
 
(The Free version of SAS requires manually updating the core and trace definitions.  The link for this is below)
 
http://www.superantispyware.com/definitions.html
 
The bottom of the above webpage tells you how to install these updates.
 
5.  Once you get both of these two programs installed and updated, reboot your computer in SAFE MODE.
 
6.  Run a Full System scan of your computer with TrojanHunter.  Let it quarantine what it finds.  After TH has completed its scan and has completed the quarantining, reboot your computer again back into SAFE MODE.
 
7.  Run a Complete Scan of your system with SuperAntiSpyware.  Let it quarantine what it finds.
 
8.  When SAS has completed, reboot your computer back into Normal Mode.
 
9.  Post the log for the TrojanHunter scan.  It is located in C:\Program Files\TrojanHunter 5.0\Scan Reports.
 
10.  Post the log for the SuperAntispyware scan.  You can get the scan log by opening SuperAntiSpyware to the main window, clicking on Preferences, and then selecting the Statistics/Logs tab.  
 
11.  Post a NEW Hijackthis log.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
GodsSoldier
Newbie
*





   


Posts: 15
Re: Please Help - HijackThis Scan log
« Reply #6 on: May 24th, 2008, 7:45pm »		 Quote Quote  Modify Modify
Thanks. Wink Log for the TrojanHunter scan:
 
TrojanHunter Scan Report - Saved 2008-05-24 18:27
 
Error: Directory not found: A:\
Error: Directory not found: A:\
Found trojan file: C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP200\A006337 2.exe (TrojanDownloader.Peregar.115)
Error: Directory not found: D:\
Error: Directory not found: D:\
Error: Directory not found: E:\
Error: Directory not found: E:\
Quarantined file C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP200\A006337 2.exe
 
Log for the SuperAntispyware scan:
 
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
 
Generated 05/24/2008 at 08:19 PM
 
Application Version : 4.1.1046
 
Core Rules Database Version : 3468
Trace Rules Database Version: 1459
 
Scan type  : Complete Scan
Total Scan Time : 01:46:02
 
Memory items scanned : 158
Memory threats detected   : 0
Registry items scanned    : 6610
Registry threats detected : 0
File items scanned   : 30270
File threats detected     : 0
 
NEW Hijackthis log:
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:31 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe
C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo. com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo. com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [xclzreq] c:\windows\system32\xzrcser.exe r
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [jgqemc] C:\WINDOWS\System32\jjcvhsmm.exe
O4 - HKLM\..\Run: [irznlKCax] C:\documents and settings\flaca\local settings\temp\irznlKCax.exe
O4 - HKLM\..\Run: [ibecdbv8] C:\WINDOWS\system32\ibecdbv8.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [defghijklm] C:\WINDOWS\System32\defghijklm.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\Flaca\LOCALS~1\Temp\TEMPOR~1\Content.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\TEMPOR~1.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\HSPERF~1.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\History\History.IE5\MSE813~1.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\History\History.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\History.SH! C:\DOCUME~1\Flaca\LOCALS~1\Temp\Cookies.SH!
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=f32e3517-f0f7-44fb-abc7-08febf233be5
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -  
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} - http://playgames.comcast.net/online2/mahjong_escape_ancient_japan/SpinTo pGamesLauncher.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} -  
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5245/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Anonymizer Anti-Spyware Service (AnonAswSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe
O23 - Service: Anonymizer Management Service (AnonMgmtSvc) - Anonymizer - C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 
--
End of file - 16627 bytes[/b]
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5799
Re: Please Help - HijackThis Scan log
« Reply #7 on: May 25th, 2008, 12:45am »		 Quote Quote  Modify Modify
Okay, now please do the following:
 
1.  Run another HJT scan.
 
2.  When the scan is completed, place a check mark in the box next to the following items.  
 
O4 - HKLM\..\Run: [xclzreq] c:\windows\system32\xzrcser.exe r