Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack log, requesting a look...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack log, requesting a look...

Unread postby John H » December 29th, 2007, 2:36 am

Hi folks...

Many thanks in advance for having a look. I suspect something has crept in my computer. Very slow start-up, pop-up's getting past my pop-up blocker, lots of browser windows trying to be opened by something but the window shuts down, daily crashes, and an episode where input fields both in a browser and a different application automatically began typing the number "2"...

my log is below...

Logfile of HijackThis v1.99.1
Scan saved at 10:26:18 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\HP_Administrator\My Documents\Utilities_Programs\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program

Files\ContextTool\ContextTool-1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [DellNSCST] "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" /HIDEUI
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} (RIM AxLoader) - http://wwrex.com/handango/AxLoader.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) -

http://www.blackberry.com/YahooDownload/AxLoader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks

Shared\Platform\puresp3.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program

Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel

Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -

C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SQL Server (PTBASIC41) (MSSQL$PTBASIC41) - Unknown owner - C:\Program Files\The Monticello

Corporation\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sPTBASIC41 (file missing)
O23 - Service: SQL Server (PTPROFESSIONAL41) (MSSQL$PTPROFESSIONAL41) - Unknown owner - C:\Program Files\The

Monticello Corporation\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sPTPROFESSIONAL41 (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network

Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure

Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common

Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common

Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe




Thank you!!
John H
Regular Member
 
Posts: 32
Joined: August 6th, 2006, 5:09 am
Location: San Francisco
Advertisement
Register to Remove

Re: Hijack log, requesting a look...

Unread postby 'KotaGuy » January 3rd, 2008, 10:39 am

Sorry for the delay in a reply. If you still require help can you post a new HijackThis log please. Its been a few days since you've posted and something in it may have changed since then.

Thanks!
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Hijack log, requesting a look...

Unread postby John H » January 13th, 2008, 8:02 pm

Thanks for the reply... Sorry it took so long to get back to you, my office got dismantled during the last storm!

Here's my latest hijack log. on top of the problems stated above, the system is routinely restarting itself, takes a long time to boot up... Many thanks in advance for the help!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:42 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [DellNSCST] "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\KP6X6YSX\MAIL_3~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\PIY31GLJ\LOAD_2~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\KP6X6YSX\MAIL_1~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\Q8JE3CIG\MAIL_1~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\KP6X6YSX\__ORD_~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\Q2JS3EQM\__ORD_~2.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\PIY31GLJ\__ORD_~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\HY85GUXZ\__ORD_~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\LPNEKWAQ\MAIL_4~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\C642PKHL\MLSCAL~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\Q2JS3EQM\LOADCA~4.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\C642PKHL\DUMMY_~2.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\14GI7EW3\SFARML~1.SH! C:\
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\ADSKCL~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\UZRZ5RVR\PAGE06~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\T1QH25H4\MAIL_2~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\VYI5IXE6\LOAD_7~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\UZRZ5RVR\MAIL_1~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\UZRZ5RVR\MAIL_2~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\P4S0EFGN\MAIL_4~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\T1QH25H4\MAIL_5~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\P4S0EFGN\MENU_4~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\T1QH25H4\MAIL_3~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\T1QH25H4\PHILIP~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\VYI5IXE6\BLANK_~1.SH! C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\Content.IE5\UZRZ5RVR\FRAMES~1.SH! C:\DOCUME~1\HP_AD
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O16 - DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} (RIM AxLoader) - http://wwrex.com/handango/AxLoader.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/YahooDownload/AxLoader.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

--
End of file - 11433 bytes
John H
Regular Member
 
Posts: 32
Joined: August 6th, 2006, 5:09 am
Location: San Francisco

Re: Hijack log, requesting a look...

Unread postby 'KotaGuy » January 14th, 2008, 10:21 am

Your log isn't showing any visible sign of infection.

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Hijack log, requesting a look...

Unread postby John H » January 15th, 2008, 4:04 am

Thanks much, 'KotaGuy...

Here's the Kaspersky log:

KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 15, 2008 12:02:16 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/01/2008
Kaspersky Anti-Virus database records: 511600
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 190916
Number of viruses found: 8
Number of infected objects: 25
Number of suspicious objects: 0
Duration of the scan process: 03:52:06

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{18EB9797-E506-492D-87B2-6D378A52AC64}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{24BC48EE-0C36-4BF4-AABF-EFB9A0057C08}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{830F81C4-A3A2-4BC2-A377-034493FA7CFD}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFRC18.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmctxth_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_759481637_262144_59921 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{8C134766-07C3-4526-B12D-9F5A7AE6D96D}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbdam Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbdao Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbeam Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbeao Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbm Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\fii.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\fiih.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\hp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\rpm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012008010720080114\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012008011420080115\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF32A0.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFF5A7.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\U4GD2IEN\TAYV76IZ\Offline\HashFile.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\My Documents\My Downloads\vnc-E4_2_6-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\HP_Administrator\My Documents\My Downloads\vnc-E4_2_6-x86_win32.exe Inno: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_aac.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_b60.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\ubuntu.HP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ubuntu.HP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ubuntu.HP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ubuntu.HP\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ubuntu.HP\Local Settings\History\History.IE5\MSHist012008011420080115\index.dat Object is locked skipped
C:\Documents and Settings\ubuntu.HP\Local Settings\Temp\~DF406B.tmp Object is locked skipped
C:\Documents and Settings\ubuntu.HP\Local Settings\Temp\~DF6F6E.tmp Object is locked skipped
C:\Documents and Settings\ubuntu.HP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ubuntu.HP\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ubuntu.HP\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ContextTool\ContextHelper.dat Object is locked skipped
C:\Program Files\ContextTool\ContextTool-1.dll Infected: not-a-virus:AdWare.Win32.Agent.vm skipped
C:\Program Files\ContextTool\ContextTool-2.dll Infected: not-a-virus:AdWare.Win32.Agent.vm skipped
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Program Files\Morpheus\mymorpheusToolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Program Files\MorpheusBar\bar\1.bin\M0PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\Program Files\MorpheusBar\bar\1.bin\M0POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\Program Files\MorpheusBar\bar\1.bin\NPMORPBR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\Program Files\PlayMP3z\PlayMP3.exe Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\LOG\log_23.trc Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\LOG\log_21.trc Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP412\A0063287.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP412\A0063287.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP412\A0063287.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP412\A0063287.exe WiseSFXDropper: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP417\A0063542.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP437\A0070689.dll Infected: not-a-virus:AdWare.Win32.Agent.vm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0076514.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP488\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{78AD0E7E-F7B8-4766-AD20-AF9DBE4BF545}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D7643738-74FB-43BA-86CF-56538FFAD325}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\QB GDS P.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_ie4q0iiGY6f9d5y Object is locked skipped
C:\WINDOWS\Temp\mcmsc_D1e2gjX884BBOXF Object is locked skipped
C:\WINDOWS\Temp\mcmsc_HwwUlfDgTUTlnPl Object is locked skipped
C:\WINDOWS\Temp\mcmsc_pYIHovLTRcw2UTQ Object is locked skipped
C:\WINDOWS\Temp\mcmsc_uO9wTAgBHUrp3Bk Object is locked skipped
C:\WINDOWS\Temp\mcmsc_X2JM9OknuXwyacH Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_eb0.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP488\change.log Object is locked skipped
E:\I386\APPS\APP24087\src\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
E:\I386\APPS\APP24087\src\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
E:\I386\APPS\APP24087\src\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
E:\I386\APPS\APP24087\src\CompaqPresario_Spring06.exe WiseSFXDropper: infected - 2 skipped
E:\I386\APPS\APP24087\src\HPPavillion_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
E:\I386\APPS\APP24087\src\HPPavillion_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
E:\I386\APPS\APP24087\src\HPPavillion_Spring06.exe WiseSFX: infected - 2 skipped
E:\I386\APPS\APP24087\src\HPPavillion_Spring06.exe WiseSFXDropper: infected - 2 skipped
E:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP488\change.log Object is locked skipped

Scan process completed.
John H
Regular Member
 
Posts: 32
Joined: August 6th, 2006, 5:09 am
Location: San Francisco

Re: Hijack log, requesting a look...

Unread postby 'KotaGuy » January 15th, 2008, 9:45 am

Run HijackThis. Click the Misc Tools button. Click the Uninstall Manager button. Then the Save list button. Save the list to your Desktop. Copy/paste the contents of the list in your next reply.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Hijack log, requesting a look...

Unread postby John H » January 15th, 2008, 6:39 pm

Hijack uninstall list:

1-2-3PDFConvert v3.0
7-Zip 4.42
Able2Doc v4.0
Ad-aware 6 Professional
Adobe Acrobat 6.0 Professional
Adobe Flash Player ActiveX
Adobe Photoshop v4.0
Apple Software Update
AT&T Yahoo! Applications
AutoCAD 2005 - English
Autodesk DWF Viewer
Autodesk Revit Building 9.1
BearShare
BlackBerry Desktop Software 4.2
BlackBerry Desktop Software 4.2
Cablenut 4.08
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon EOS 5D WIA Driver
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon EOS-1D Mark II N WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 2.1
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
ContextTool
Crystal Reports for .NET Framework 2.0 (x86)
Data Fax SoftModem with SmartCP
Dell Laser MFP 1600n Software Uninstall
DocSmartz Pro v5.1
DocXpertz DOC - Expert PDF to Word Converter Tool
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
FileZilla Client 3.0.4.1
GemMaster Mystic
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GTK+ 2.10.6-1 runtime environment
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Update
HP Web Helper
IKEA HomePlanner Kitchen
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™ Software
Java(TM) 6 Update 3
Kaspersky Online Scanner
McAfee SecurityCenter
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Project Professional 2003
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (PTBASIC41)
Microsoft SQL Server 2005 Express Edition (PTPROFESSIONAL41)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Beta2)
Morpheus 5.5 (remove only)
MozBackup 1.4.5
Mozilla Thunderbird (1.5.0.14)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
Network Magic
NVIDIA Drivers
Open Workbench
OpenProj Beta 6
Opera 9.01
Panda TotalScan
PC-Doctor 5 for Windows
PDF FormulaCAD english
PDF to DOC
PDF to DWG Converter
PDFIn PDF to DWG Converter
Picasa 2
PlayMP3z
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QIF to IIF Converter
QuickBooks Basic Edition 2003
QuickBooks Pro 2007
QuickBooks Product Listing Service
Quicken 2007
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Registry Mechanic 5.2
Rhapsody
Rhapsody Player Engine
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
SketchUp 4 Bonus Pack for Architecture
SketchUp 5
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy 1.4
The Paper Tiger Professional 4.1
TileGem
todoMatrix 2007 professional 2007.02.02
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Updates from HP (remove only)
Windows Driver Package - Pure Networks, Inc. Pure Networks Device Discovery Driver (08/24/2007 4.6.7236.0)
Windows Driver Package - Pure Networks, Inc. Pure Networks Wireless Driver (08/24/2007 4.6.7236.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
John H
Regular Member
 
Posts: 32
Joined: August 6th, 2006, 5:09 am
Location: San Francisco

Re: Hijack log, requesting a look...

Unread postby 'KotaGuy » January 15th, 2008, 7:19 pm

Click Start>Run type in appwiz.cpl and hit Enter. From the list uninstall the following:

ContextTool
Morpheus 5.5 (remove only)
PlayMP3z


Search for and delete the following Folders:

C:\Program Files\ContextTool
C:\Program Files\Morpheus
C:\Program Files\MorpheusBar
C:\Program Files\PlayMP3z

Reboot.

Do another Kaspersky scan post the resulting log and let me know how your computer is behaving after the changes.

Thanks :)
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Hijack log, requesting a look...

Unread postby John H » January 16th, 2008, 2:42 am

Thank you, Sir...

Latest Kaspersky, computer still behaivng the same...

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 15, 2008 10:40:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/01/2008
Kaspersky Anti-Virus database records: 512527
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 190330
Number of viruses found: 8
Number of infected objects: 25
Number of suspicious objects: 0
Duration of the scan process: 04:03:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{18EB9797-E506-492D-87B2-6D378A52AC64}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{24BC48EE-0C36-4BF4-AABF-EFB9A0057C08}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{62E7AC1E-A0A0-496D-8352-F0BD30D6723D}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{830F81C4-A3A2-4BC2-A377-034493FA7CFD}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFRC18.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmctxth_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_759481637_262144_59921 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{8C134766-07C3-4526-B12D-9F5A7AE6D96D}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbdam Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbdao Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbeam Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbeao Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbm Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\fii.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\fiih.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\hp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\rpm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012008011520080116\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF32A0.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFF5A7.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\3R0NL3NK\setup[1].exe Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\U4GD2IEN\TAYV76IZ\Offline\HashFile.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\My Documents\My Downloads\vnc-E4_2_6-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\HP_Administrator\My Documents\My Downloads\vnc-E4_2_6-x86_win32.exe Inno: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_aac.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_b60.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ContextTool\ContextHelper.dat Object is locked skipped
C:\Program Files\ContextTool\ContextTool-1.dll Infected: not-a-virus:AdWare.Win32.Agent.vm skipped
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Program Files\MorpheusBar\bar\1.bin\M0PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\Program Files\MorpheusBar\bar\1.bin\M0POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\Program Files\MorpheusBar\bar\1.bin\NPMORPBR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\LOG\log_23.trc Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\LOG\log_21.trc Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP412\A0063287.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP412\A0063287.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP412\A0063287.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP412\A0063287.exe WiseSFXDropper: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP417\A0063542.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP437\A0070689.dll Infected: not-a-virus:AdWare.Win32.Agent.vm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0076514.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP489\A0085164.dll Infected: not-a-virus:AdWare.Win32.Agent.vm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP489\A0085179.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP489\A0085204.exe Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP489\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{78AD0E7E-F7B8-4766-AD20-AF9DBE4BF545}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D7643738-74FB-43BA-86CF-56538FFAD325}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\QB GDS P.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_ie4q0iiGY6f9d5y Object is locked skipped
C:\WINDOWS\Temp\mcmsc_BgBklJMvrH6eHR7 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_D1e2gjX884BBOXF Object is locked skipped
C:\WINDOWS\Temp\mcmsc_HwwUlfDgTUTlnPl Object is locked skipped
C:\WINDOWS\Temp\mcmsc_pA0dOixBtLHquq8 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_pYIHovLTRcw2UTQ Object is locked skipped
C:\WINDOWS\Temp\mcmsc_uO9wTAgBHUrp3Bk Object is locked skipped
C:\WINDOWS\Temp\mcmsc_X2JM9OknuXwyacH Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_eb0.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\I386\APPS\APP24087\src\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
E:\I386\APPS\APP24087\src\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
E:\I386\APPS\APP24087\src\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
E:\I386\APPS\APP24087\src\CompaqPresario_Spring06.exe WiseSFXDropper: infected - 2 skipped
E:\I386\APPS\APP24087\src\HPPavillion_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
E:\I386\APPS\APP24087\src\HPPavillion_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
E:\I386\APPS\APP24087\src\HPPavillion_Spring06.exe WiseSFX: infected - 2 skipped
E:\I386\APPS\APP24087\src\HPPavillion_Spring06.exe WiseSFXDropper: infected - 2 skipped

Scan process completed.
John H
Regular Member
 
Posts: 32
Joined: August 6th, 2006, 5:09 am
Location: San Francisco

Re: Hijack log, requesting a look...

Unread postby 'KotaGuy » January 16th, 2008, 12:35 pm

I don't see PlayMP3z in the log anymore but...

Did you uninstall all the programs and delete the folders I told you to? I shouldn't still be seeing them in the KAV log if you had.

Those would be the Context Tool and Morpheus entries.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Hijack log, requesting a look...

Unread postby John H » January 16th, 2008, 9:00 pm

oops. my bad... didn't delete the files...

morpheus.exe and the contents of morpheus bar are deleted (could not delete morpheus bar folder.

C;/ContextTool folder still contains contexthelper.dat, contexttool -1.dll, and pcre3.dll - access denied, or file being used in another program.

I'll run another Kaspersky for now unless you request another action
John H
Regular Member
 
Posts: 32
Joined: August 6th, 2006, 5:09 am
Location: San Francisco

Re: Hijack log, requesting a look...

Unread postby 'KotaGuy » January 17th, 2008, 10:01 am

Boot into Safe Mode and delete the Morpheus Bar and ContextTool folders. Empty your Recycle Bin. Reboot Windows normally and do another KAV scan and post the resulting log for me please.

Thanks.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Hijack log, requesting a look...

Unread postby John H » January 18th, 2008, 1:59 am

Thanks... no current pop-ups happening. I appreciate the help, sir...
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 17, 2008 9:54:08 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/01/2008
Kaspersky Anti-Virus database records: 519055
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 198254
Number of viruses found: 8
Number of infected objects: 25
Number of suspicious objects: 0
Duration of the scan process: 04:00:48

Infected Object Name / Virus Name / Last Action
C:\cygwin\etc\ssh_host_dsa_key Object is locked skipped
C:\cygwin\etc\ssh_host_key Object is locked skipped
C:\cygwin\etc\ssh_host_rsa_key Object is locked skipped
C:\cygwin\var\log\sshd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFRF.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmctxth_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_759481637_2293760_122076 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{D688E5C2-ACA3-44E1-9B3E-2856B88DE3E0}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbdam Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbdao Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbeam Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbeao Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbm Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\fii.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\fiih.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\hp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\rpm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Google Desktop\197e6b4bbdb4\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\MSHist012008011720080118\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Perflib_Perfdata_6c4.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF1894.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DFF2F4.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\My Documents\My Downloads\vnc-E4_2_6-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\HP_Administrator\My Documents\My Downloads\vnc-E4_2_6-x86_win32.exe Inno: infected - 1 skipped
C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_c10.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_c78.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\LOG\log_25.trc Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\The Monticello Corporation\MSSQL.2\MSSQL\LOG\log_23.trc Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_HP_Administrator.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_HP_Administrator.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_HP_Administrator.log Object is locked skipped
C:\RECYCLER\S-1-5-21-4223742102-367849687-1492711936-1007\Dc21\bar\1.bin\M0PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\RECYCLER\S-1-5-21-4223742102-367849687-1492711936-1007\Dc21\bar\1.bin\M0POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\RECYCLER\S-1-5-21-4223742102-367849687-1492711936-1007\Dc21\bar\1.bin\NPMORPBR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP412\A0063287.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP412\A0063287.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP412\A0063287.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP412\A0063287.exe WiseSFXDropper: infected - 2 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP417\A0063542.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP437\A0070689.dll Infected: not-a-virus:AdWare.Win32.Agent.vm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP477\A0076514.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP489\A0085164.dll Infected: not-a-virus:AdWare.Win32.Agent.vm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP489\A0085179.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP489\A0085204.exe Infected: not-a-virus:AdWare.Win32.Agent.jb skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP491\A0085359.dll Infected: not-a-virus:AdWare.Win32.Agent.vm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP491\A0086356.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP491\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{DB6D102A-3704-4753-AA14-275B13178135}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{19419A60-7687-4543-B2FD-5D4B59EA2944}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\QB GDS P.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_5dMlI93AvuIUSWy Object is locked skipped
C:\WINDOWS\Temp\mcmsc_hg2peu2if4e3aqE Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\I386\APPS\APP24087\src\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
E:\I386\APPS\APP24087\src\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
E:\I386\APPS\APP24087\src\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
E:\I386\APPS\APP24087\src\CompaqPresario_Spring06.exe WiseSFXDropper: infected - 2 skipped
E:\I386\APPS\APP24087\src\HPPavillion_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
E:\I386\APPS\APP24087\src\HPPavillion_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
E:\I386\APPS\APP24087\src\HPPavillion_Spring06.exe WiseSFX: infected - 2 skipped
E:\I386\APPS\APP24087\src\HPPavillion_Spring06.exe WiseSFXDropper: infected - 2 skipped

Scan process completed.
John H
Regular Member
 
Posts: 32
Joined: August 6th, 2006, 5:09 am
Location: San Francisco

Re: Hijack log, requesting a look...

Unread postby 'KotaGuy » January 18th, 2008, 10:20 am

Looking good :)

Other than some items in your System Restore Point(which we will clean out shortly) I like what I see.

Post a new HijackThis log for me please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: Hijack log, requesting a look...

Unread postby John H » January 18th, 2008, 12:27 pm

Logfile of HijackThis v1.99.1
Scan saved at 8:26:16 AM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\cygwin\bin\cygrunsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\cygwin\usr\sbin\sshd.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\McAfee\MSC\mcupdui.exe
C:\Documents and Settings\HP_Administrator\My Documents\Utilities_Programs\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program

Files\ContextTool\ContextTool-1.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [DellNSCST] "C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {4788DE08-3552-49EA-AC8C-233DA52523B9} (RIM AxLoader) - http://wwrex.com/handango/AxLoader.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) -

http://www.blackberry.com/YahooDownload/AxLoader.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) -

http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks

Shared\Platform\puresp3.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0091381200644154) (0091381200644154mcinstcleanup) - McAfee, Inc.

- C:\WINDOWS\TEMP\009138~1.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program

Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel

Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -

C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SQL Server (PTBASIC41) (MSSQL$PTBASIC41) - Unknown owner - C:\Program Files\The Monticello

Corporation\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sPTBASIC41 (file missing)
O23 - Service: SQL Server (PTPROFESSIONAL41) (MSSQL$PTPROFESSIONAL41) - Unknown owner - C:\Program Files\The

Monticello Corporation\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sPTPROFESSIONAL41 (file missing)
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network

Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure

Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common

Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common

Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: CYGWIN sshd (sshd) - Unknown owner - C:\cygwin\bin\cygrunsrv.exe
John H
Regular Member
 
Posts: 32
Joined: August 6th, 2006, 5:09 am
Location: San Francisco
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 24 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware