View Full Version : Possible Infection +Log
ta-ni-ni
03-27-2006, 07:40 AM
Logfile of HijackThis v1.99.1
Scan saved at 9:36:00 AM, on 3/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1140396711\ee\AOLSoftware.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\arservice.exe
C:\CFusion\cfam\program\ccmgr.exe
C:\CFusion\cfam\Program\dfp.exe
C:\CFusion\cfam\Program\wsm.exe
C:\CFusion\cfam\Program\wsprobe.exe
C:\CFusion\Bin\cfserver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\CFusion\Bin\cfexec.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\CFusion\JRun\bin\JRun.exe
C:\CFusion\jrun\bin\jrun.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\unzipped\hijackthis_199[1]\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140396711\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad6.exe
O4 - HKLM\..\Run: [jpplfixA] C:\WINDOWS\jpplfixA.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\9C.tmp
O4 - HKCU\..\Run: [WinMedia] "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\95.tmp3584.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv2.view22.com/view22/app/view22rte.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity3000unlimited.ea.com/us/guide/classic/simcityx/SimCityX.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avload32 - C:\WINDOWS\SYSTEM32\avload32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGFuaXNoYSBXYWxsYWNl\command.exe (file missing)
O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\JRun\bin\JRun.exe
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing)
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
nightowl
03-29-2006, 01:50 PM
Your copy of HijackThis needs to be in a folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. For this reason it cannot be run from a Zip file or from Temporary folders because the backups will be deleted. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Copy and paste HijackThis.exe to the new folder.
3. Download The Stand Alone Version of CW Shredder,Spybot, AdAware, (Links at the bottom of my message) If you have them allready make sure they are up to date.
You may want to print this out
Unplug the internet from your computer
Reboot To Safe Mode (tap F8 on Startup)
Delete this file
Delete these Files and or Folders
Still In Safe Mode Open up Hijack This and Place a check next to each of these and click Fix Checked.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad6.exe
O4 - HKLM\..\Run: [jpplfixA] C:\WINDOWS\jpplfixA.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\9C.tmp
O4 - HKCU\..\Run: [WinMedia] "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\95.tmp3584.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/.../ACNePlayer.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv2.view22.com/view22/app/view22rte.cab
O20 - Winlogon Notify: avload32 - C:\WINDOWS\SYSTEM32\avload32.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGFuaXNoYSBXYWxsYWNl\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
Still In Safe Mode Delete all Temporary Internet Files, Cookies, Run CW Shredder, AdAware and Spybot, Delete what they find , Empty Recycle Bin.
Plug the internet back in and Reboot to normal mode and post a new log..........Jim
ta-ni-ni
03-30-2006, 12:54 PM
New logfile:
Logfile of HijackThis v1.99.1
Scan saved at 2:53:52 PM, on 3/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Common Files\AOL\1140396711\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\arservice.exe
C:\CFusion\cfam\program\ccmgr.exe
C:\CFusion\Bin\cfserver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\CFusion\cfam\Program\dfp.exe
C:\CFusion\cfam\Program\wsm.exe
C:\CFusion\cfam\Program\wsprobe.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\CFusion\Bin\cfexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\CFusion\Bin\cfrdsservice.exe
C:\CFusion\JRun\bin\JRun.exe
C:\CFusion\jrun\bin\jrun.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\CFusion\cfam\bin\CANamingAdapter.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\My Documents\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140396711\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity3000unlimited.ea.com/us/guide/classic/simcityx/SimCityX.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: avload32 - C:\WINDOWS\SYSTEM32\avload32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe
O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\JRun\bin\JRun.exe
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing)
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
Right off the bat I noticed that winlogin is still there....
nightowl
03-30-2006, 08:37 PM
This seems to be a new problem. Took me over an hour to find a possible fix. Good news is I found another message board fixing the same problem. So we will give it a try.
Part 1
Download Ewido Security Suite install, update and run it.
http://www.ewido.net/en/download/
Please set up as :-
1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. Run Ewido --- When you run it for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes (the status bar at the bottom will display "Update successful")
5. You may need to manually update the definitions which you can get HERE
http://www.ewido.net/en/download/updates/
6. Exit Ewido. DO NOT scan yet.
Boot into safemode(Tap F8 on Startup)...and scan with Ewido
7. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
8. If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.
9. Once the ewido scan has completed, there will be a button located on the bottom of the screen called Save report.
Important - You need to click "Save report" and Save it to your desktop, or you wont have a log
reboot
post a new hijackthis log + the ewido log ..........Jim
ta-ni-ni
04-02-2006, 06:45 AM
Ewido Log:
ÿþ- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
e w i d o a n t i - m a l w a r e - S c a n r e p o r t
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+ C r e a t e d o n : 1 1 : 5 5 : 1 4 P M , 4 / 1 / 2 0 0 6
+ R e p o r t - C h e c k s u m : 2 0 A 5 6 5 B 8
+ S c a n r e s u l t :
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ f i l e \ V e r i f i e r B u g . c l a s s - 4 3 4 0 4 e 4 a - 2 9 7 c 2 d 6 6 . c l a s s - > N o t - A - V i r u s . E x p l o i t . J a v a . B y t v e r i f y : I g n o r e d
C : \ W I N D O W S \ D o w n l o a d e d P r o g r a m F i l e s \ p o p c a p l o a d e r . d l l - > N o t - A - V i r u s . D o w n l o a d e r . W i n 3 2 . P o p C a p . b : I g n o r e d
C : \ W I N D O W S \ s y s t e m 3 2 \ d l l c a c h e \ w i n 3 2 \ p s s h u t d o w n . e x e - > N o t - A - V i r u s . H a c k T o o l . W i n 3 2 . B r u m e r . e : I g n o r e d
C : \ W I N D O W S \ t o o l 2 . e x e - > N o t - A - V i r u s . H o a x . W i n 3 2 . R e n o s . b w : I g n o r e d
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ 2 o 7 [ 2 ] . t x t - > T r a c k i n g C o o k i e . 2 o 7 : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ a d o p t . e u r o c l i c k [ 1 ] . t x t - > T r a c k i n g C o o k i e . E u r o c l i c k : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ a d o p t . s p e c i f i c c l i c k [ 2 ] . t x t - > T r a c k i n g C o o k i e . S p e c i f i c c l i c k : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ a d s . a d d y n a m i x [ 2 ] . t x t - > T r a c k i n g C o o k i e . A d d y n a m i x : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ a d v e r t i s i n g [ 1 ] . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ a t d m t [ 2 ] . t x t - > T r a c k i n g C o o k i e . A t d m t : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ b u r s t n e t [ 2 ] . t x t - > T r a c k i n g C o o k i e . B u r s t n e t : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ c a s a l e m e d i a [ 2 ] . t x t - > T r a c k i n g C o o k i e . C a s a l e m e d i a : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ c o u n t e r 1 0 . s e x t r a c k e r [ 1 ] . t x t - > T r a c k i n g C o o k i e . S e x t r a c k e r : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ c o u n t e r 1 2 . s e x t r a c k e r [ 1 ] . t x t - > T r a c k i n g C o o k i e . S e x t r a c k e r : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ c o u n t e r 9 . s e x t r a c k e r [ 1 ] . t x t - > T r a c k i n g C o o k i e . S e x t r a c k e r : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ c s . s e x c o u n t e r [ 2 ] . t x t - > T r a c k i n g C o o k i e . S e x c o u n t e r : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ c z 1 1 . c l i c k z s [ 2 ] . t x t - > T r a c k i n g C o o k i e . C l i c k z s : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ d o u b l e c l i c k [ 1 ] . t x t - > T r a c k i n g C o o k i e . D o u b l e c l i c k : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ f a s t c l i c k [ 2 ] . t x t - > T r a c k i n g C o o k i e . F a s t c l i c k : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ l o g i n . t r a c k i n g 1 0 1 [ 1 ] . t x t - > T r a c k i n g C o o k i e . T r a c k i n g 1 0 1 : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ m e d i a . f a s t c l i c k [ 1 ] . t x t - > T r a c k i n g C o o k i e . F a s t c l i c k : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ m e d i a p l e x [ 1 ] . t x t - > T r a c k i n g C o o k i e . M e d i a p l e x : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ q u e s t i o n m a r k e t [ 2 ] . t x t - > T r a c k i n g C o o k i e . Q u e s t i o n m a r k e t : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ s e r v e d b y . a d v e r t i s i n g [ 1 ] . t x t - > T r a c k i n g C o o k i e . A d v e r t i s i n g : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ s e r v i n g - s y s [ 2 ] . t x t - > T r a c k i n g C o o k i e . S e r v i n g - s y s : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ s e x l i s t [ 2 ] . t x t - > T r a c k i n g C o o k i e . S e x l i s t : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ s e x t r a c k e r [ 2 ] . t x t - > T r a c k i n g C o o k i e . S e x t r a c k e r : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ s t a t c o u n t e r [ 1 ] . t x t - > T r a c k i n g C o o k i e . S t a t c o u n t e r : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ t r a d e d o u b l e r [ 1 ] . t x t - > T r a c k i n g C o o k i e . T r a d e d o u b l e r : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ t r a f f i c m p [ 1 ] . t x t - > T r a c k i n g C o o k i e . T r a f f i c m p : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ z 1 . a d s e r v e r [ 1 ] . t x t - > T r a c k i n g C o o k i e . A d s e r v e r : C l e a n e d w i t h b a c k u p
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ C o o k i e s \ h p _ a d m i n i s t r a t o r @ z e d o [ 1 ] . t x t - > T r a c k i n g C o o k i e . Z e d o : C l e a n e d w i t h b a c k u p
C : \ P r o g r a m F i l e s \ N e w D o t N e t - > A d w a r e . N e w D o t N e t : C l e a n e d w i t h b a c k u p
C : \ P r o g r a m F i l e s \ N e w D o t N e t \ n e w d o t n e t 6 _ 3 8 . d l l - > A d w a r e . N e w D o t N e t : C l e a n e d w i t h b a c k u p
C : \ P r o g r a m F i l e s \ N e w D o t N e t \ r e a d m e . h t m l - > A d w a r e . N e w D o t N e t : C l e a n e d w i t h b a c k u p
C : \ P r o g r a m F i l e s \ N e w D o t N e t \ u n i n s t a l l 6 _ 3 8 . e x e - > A d w a r e . N e w D o t N e t : C l e a n e d w i t h b a c k u p
C : \ P r o g r a m F i l e s \ Y a z z l e S u d o k u \ S u d o k u . e x e - > D r o p p e r . V B . k k : C l e a n e d w i t h b a c k u p
C : \ u n z i p p e d \ h i j a c k t h i s _ 1 9 9 [ 1 ] \ b a c k u p s \ b a c k u p - 2 0 0 6 0 3 2 7 - 0 9 2 6 3 8 - 1 5 9 . d l l - > D o w n l o a d e r . D y f u c a : C l e a n e d w i t h b a c k u p
C : \ u n z i p p e d \ h i j a c k t h i s _ 1 9 9 [ 1 ] \ b a c k u p s \ b a c k u p - 2 0 0 6 0 3 2 7 - 0 9 2 6 3 8 - 5 7 4 . d l l - > H i j a c k e r . S m a l l . j f : C l e a n e d w i t h b a c k u p
C : \ W H C C 2 . e x e / w h A g e n t . e x e - > A d w a r e . W e b H a n c e r : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ D H . d l l - > H i j a c k e r . S m a l l . j f : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ k e y b o a r d 6 . e x e - > D o w n l o a d e r . V B . z o : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ m o u s e p a d 6 . e x e - > H i j a c k e r . V B . l y : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ m s 1 . e x e - > D o w n l o a d e r . S m a l l . c p a : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ N D N u n i n s t a l l 6 _ 3 8 . e x e - > A d w a r e . N e w D o t N e t : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ n e w n a m e 6 . e x e - > D o w n l o a d e r . A d l o a d . a e : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ o f f u n . e x e - > D o w n l o a d e r . V B . n w : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ S Y S C 0 0 . e x e - > T r o j a n . V B . t g : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ s y s t e m \ s v c h o s t . d l l - > B a c k d o o r . A g e n t . i w : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ s y s t e m \ s v c h o s t . e x e - > B a c k d o o r . A g e n t . i w : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ s y s t e m 3 2 \ d m o n w v . d l l - > D o w n l o a d e r . A g e n t . a g w : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ s y s t e m 3 2 \ f a o t v p a p 7 . e x e - > T r o j a n . R u n n e r . h : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ s y s t e m 3 2 \ s l k 8 x 2 p e u . e x e - > A d w a r e . S u g g e s t o r : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ s y s t e m 3 2 \ w 9 s e q . d l l - > A d w a r e . S u g g e s t o r : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ s y s t e m 3 2 \ w n l o g o w . s y s - > B a c k d o o r . H a x d o o r . h a : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ t o o l b a r . e x e - > D o w n l o a d e r . A d l o a d . w : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ u n i n 1 0 1 . e x e - > T r o j a n . V B . t g : C l e a n e d w i t h b a c k u p
C : \ W I N D O W S \ u n i _ e h . e x e - > T r o j a n . V B . t g : C l e a n e d w i t h b a c k u p
: : R e p o r t E n d
HiJack this:
Logfile of HijackThis v1.99.1
Scan saved at 8:39:31 AM, on 4/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\AOL\1140396711\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\arservice.exe
C:\CFusion\cfam\program\ccmgr.exe
c:\program files\common files\aol\1140396711\ee\aim6.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\CFusion\Bin\cfserver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\CFusion\cfam\Program\dfp.exe
C:\CFusion\cfam\Program\wsm.exe
C:\CFusion\cfam\Program\wsprobe.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\CFusion\Bin\cfexec.exe
C:\CFusion\Bin\cfrdsservice.exe
C:\CFusion\JRun\bin\JRun.exe
C:\CFusion\jrun\bin\jrun.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\CFusion\jre\bin\ntConsoleJava.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mcafee.com\agent\mcupdate.exe
C:\WINDOWS\system32\svchost.exe
C:\CFusion\cfam\bin\CANamingAdapter.exe
C:\Documents and Settings\HP_Administrator\My Documents\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140396711\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MegaPanel] C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity3000unlimited.ea.com/us/guide/classic/simcityx/SimCityX.cab
O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O20 - Winlogon Notify: avload32 - avload32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ColdFusion Monitoring Service (ClusterCATS Service) - Unknown owner - C:\CFusion\cfam\program\ccmgr.exe
O23 - Service: Cold Fusion Application Server - Macromedia Inc. - C:\CFusion\Bin\cfserver.exe
O23 - Service: ColdFusion Executive (Cold Fusion Executive) - Macromedia Inc. - C:\CFusion\Bin\cfexec.exe
O23 - Service: ColdFusion RDS (Cold Fusion RDS) - Macromedia Inc. - C:\CFusion\Bin\cfrdsservice.exe
O23 - Service: ColdFusion Graphing Server - Unknown owner - C:\CFusion\JRun\bin\JRun.exe
O23 - Service: ColdFusion Management Repository Server (ColdFusion Management Repository) - Unknown owner - C:\CFusion\jrun\bin\jrun.exe" -jrundir "C:\CFusion\jrun" -nt "ColdFusion Management Repository" "cfam (file missing)
O23 - Service: ColdFusion Management Service - Unknown owner - C:\CFusion\cfam\bin\CANamingAdapter.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
nightowl
04-02-2006, 08:25 PM
How are things running now, Any improovements?
I see you ignored a few things on your Ewido Log. Run Ewido again and make sure these are deleted.
C : \ D o c u m e n t s a n d S e t t i n g s \ H P _ A d m i n i s t r a t o r \ A p p l i c a t i o n D a t a \ S u n \ J a v a \ D e p l o y m e n t \ c a c h e \ j a v a p i \ v 1 . 0 \ f i l e \ V e r i f i e r B u g . c l a s s - 4 3 4 0 4 e 4 a - 2 9 7 c 2 d 6 6 . c l a s s - > N o t - A - V i r u s . E x p l o i t . J a v a . B y t v e r i f y : I g n o r e d
C : \ W I N D O W S \ D o w n l o a d e d P r o g r a m F i l e s \ p o p c a p l o a d e r . d l l - > N o t - A - V i r u s . D o w n l o a d e r . W i n 3 2 . P o p C a p . b : I g n o r e d
C : \ W I N D O W S \ t o o l 2 . e x e - > N o t - A - V i r u s . H o a x . W i n 3 2 . R e n o s . b w : I g n o r e d
I never seen an Ewido log like this with spaces in between each letter. Hope I dont see it again, makes it harder to check.
On this one, If you know what it is it should be ok, If not delete it also.
C : \ W I N D O W S \ s y s t e m 3 2 \ d l l c a c h e \ w i n 3 2 \ p s s h u t d o w n . e x e - > N o t - A - V i r u s . H a c k T o o l . W i n 3 2 . B r u m e r . e : I g n o r e d
Reboot to Safe Mode and remove this entry.
O20 - Winlogon Notify: avload32 - avload32.dll (file missing)
It should delete now it says file missing.
Still In Safe Mode Delete all Temporary Internet Files, Cookies, Run AdAware and Spybot, Delete what they find , Empty Recycle Bin.
Plug the internet back in and Reboot to normal mode and post your new Ewido and HijackThis Logs..........Jim
vBulletin® v3.7.0, Copyright ©2000-2008, Jelsoft Enterprises Ltd.