Sign In
Create Account
2
Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 2
10:01:54 PM 8/25/2008
mbam-log-08-25-2008 (22-01-54).txt
Scan type: Quick Scan
Objects scanned: 51605
Time elapsed: 10 minute(s), 3 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 13
Files Infected: 37
Memory Processes Infected:
C:\WINDOWS\system32\blphceg4j0ep0c.scr (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shc9g4j0ep0c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shc9g4j0ep0c\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shc9g4j0ep0c\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shc9g4j0ep0c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shc9g4j0ep0c\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shc9g4j0ep0c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shc9g4j0ep0c\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shc9g4j0ep0c\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shc9g4j0ep0c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shc9g4j0ep0c\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\shc9g4j0ep0c\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\112.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\12B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\134.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\148.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\40.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\43.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\46.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\49.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphceg4j0ep0c.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\EA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\80.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\94.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\97.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AC.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DB.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DE.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
-
This topic is locked
Back to top
#2
Posted 26 August 2008 - 03:55 AM
-
- Moderators
-
- 1,158 posts
Elite Member
- Gender:Male
-
Interests:Computer security/malware
World history
Law enforcement
Good job! Can we see a HijackThis log now please?
Disabled Veteran, U.S.C.G. 1972 - 1978
Member: U.N.I.T.E., A.S.A.P.
Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance
Member: U.N.I.T.E., A.S.A.P.
Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance
#3
Posted 27 August 2008 - 01:30 AM
-
- Members
-
- 3 posts
New Member
1972vet, on Aug 26 2008, 04:55 AM, said:
Good job! Can we see a HijackThis log now please?
[b]Panda Active Scan[/b]
Threats disinfected with the paid version (11)
Low danger level (11) Cookie/Traffic... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
Cookie/Serving... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt
Cookie/YieldMa... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
Cookie/Serving... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
Cookie/Overtur... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
Cookie/Questio... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
Cookie/Tribalf... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
Cookie/Com.com Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
Cookie/Atlas D... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Cookie/PointRo... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
Cookie/Go Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@go[1].txt
2. C:\Documents and Settings\LocalService\Cookies\system@go[1].txt
Hijack This Scan is next
#4
Posted 27 August 2008 - 01:36 AM
-
- Members
-
- 3 posts
New Member
Kellerregan, on Aug 27 2008, 02:30 AM, said:
[b]Panda Active Scan[/b]
Threats disinfected with the paid version (11)
Low danger level (11) Cookie/Traffic... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
Cookie/Serving... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt
Cookie/YieldMa... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
Cookie/Serving... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
Cookie/Overtur... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
Cookie/Questio... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
Cookie/Tribalf... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
Cookie/Com.com Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
Cookie/Atlas D... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Cookie/PointRo... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
Cookie/Go Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@go[1].txt
2. C:\Documents and Settings\LocalService\Cookies\system@go[1].txt
Hijack This Scan is next
Threats disinfected with the paid version (11)
Low danger level (11) Cookie/Traffic... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt
Cookie/Serving... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys[2].txt
Cookie/YieldMa... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
Cookie/Serving... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt
Cookie/Overtur... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@overture[2].txt
Cookie/Questio... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
Cookie/Tribalf... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
Cookie/Com.com Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
Cookie/Atlas D... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Cookie/PointRo... Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
Cookie/Go Tracking Cookie Latent Hide + Info
1. C:\Documents and Settings\Owner\Cookies\owner@go[1].txt
2. C:\Documents and Settings\LocalService\Cookies\system@go[1].txt
Hijack This Scan is next
Hijack This Log Below
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:58 PM, on 8/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
O4 - Global Startup: Microsoft Office Find Fast Indexer.lnk = C:\MSOffice\Office\FINDFAST.EXE
O4 - Global Startup: Register.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\Register.exe
O4 - Global Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {7114683A-020D-4D16-80FD-6ACE384B66DF} (FarPoint Spread 7.0 (OLEDB)) - http://ivreporting.jcpenney.com:5243/ivisi.../spread7_17.CAB
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://ivreporting.jcpenney.com:5243/ivisi...g/dialogBox.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
--
End of file - 12251 bytes
#5
Posted 27 August 2008 - 02:10 AM
-
- Moderators
-
- 1,158 posts
Elite Member
- Gender:Male
-
Interests:Computer security/malware
World history
Law enforcement
The log looks clean. You can remove these few stray Registry entries...but we need to disable your Spybot Search and Destroy's Registry protection feature "Tea Timer" first to prevent interference with hijackthis:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
Run HijackThis again and check the box next to these entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
Now close all windows except for the HijackThis application's window, then click the Fix Checked button.
Reboot and post a fresh HijackThis log. Advise how the system behaves for you now. Thanks!
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
Run HijackThis again and check the box next to these entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
Now close all windows except for the HijackThis application's window, then click the Fix Checked button.
Reboot and post a fresh HijackThis log. Advise how the system behaves for you now. Thanks!
Disabled Veteran, U.S.C.G. 1972 - 1978
Member: U.N.I.T.E., A.S.A.P.
Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance
Member: U.N.I.T.E., A.S.A.P.
Windows XP Performance and Maintenance
Windows Vista Performance and Maintenance
#6
Posted 05 September 2008 - 06:57 PM
-
- Honorary Members
-
- 3,867 posts
Delete this account!!
- Interests:would love to see some honesty around this site.
Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic.
Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.
Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
