Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help please - My Hijack this log & problem description

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help please - My Hijack this log & problem description

Unread postby GillH » December 2nd, 2008, 12:19 pm

I have been having problems with my PC for the last week. Frequently, the mouse no longer controls the pointer; instead, the pointer moves around the screen without me touching it, and closes down programmes, goes to the Start and Program menus and starts changing settings, and often eventually it all freezes. I think I have probably got some sort of virus (I'm not an expert, but is it a bot?) The PC has McAfee protection, and I have tried running several other anti-spyware and anti-rootkit programmes too, but they found nothing. I have also suspected recently that my email address has been taken over and used. Any help would be appreciated! Thanks in advance...

Here is my Hijack This log -

Scan saved at 15:53:03, on 02/12/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\System32\khooker.exe
C:\WINNT\System32\ELAN.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINNT\System32\ELAN.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PnPUI Registrator] C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=24931
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdeskt ... reQual.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 7812 bytes
GillH
Active Member
 
Posts: 11
Joined: December 2nd, 2008, 12:02 pm
Advertisement
Register to Remove

Re: Help please - My Hijack this log & problem description

Unread postby Katana » December 10th, 2008, 6:55 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly Image

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe


----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Help please - My Hijack this log & problem description

Unread postby GillH » December 11th, 2008, 11:14 am

Many thanks, Katana. Here is the log file. Having trouble getting the info file copied as PC is playing up again, but will persevere...

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-12-11 15:18:26
Microsoft Windows 2000 Professional Service Pack 4
System drive C: has 14 GB (70%) free of 20 GB
Total RAM: 247 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:51, on 11/12/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\System32\khooker.exe
C:\WINNT\System32\ELAN.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6Q6DDDW6\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/cust ... _side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/cust ... yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [RemoveElanIcon] C:\WINNT\System32\ELAN.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [PnPUI Registrator] C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\YAHOO!\common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=24931
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/bbdeskt ... reQual.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 8090 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\Symantec NetDetect.job
C:\WINNT\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\PROGRA~1\YAHOO!\common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2008-06-20 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll [2007-12-24 323568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINNT\System32\msdxm.ocx [2005-03-31 844560]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"=mobsync.exe /logon []
"SiS KHooker"=C:\WINNT\System32\khooker.exe [2001-09-02 294912]
"RemoveElanIcon"=C:\WINNT\System32\ELAN.exe [2002-02-20 28672]
"AME_CSA"=rundll32 amecsa.cpl []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-06-24 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-07-08 98304]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-23 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2001-02-20 8192]
"PnPUI Registrator"=C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe [2004-11-22 163840]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-25 68856]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-11-17 1805552]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
EPSON Status Monitor 3 Environment Check.lnk - C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-12-11 15:18:25 ----D---- C:\rsit
2008-12-02 15:52:35 ----D---- C:\Program Files\Trend Micro
2008-12-02 12:49:22 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-02 12:49:00 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-02 12:48:59 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-02 12:47:46 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-23 20:32:44 ----D---- C:\WINNT\Sun
2008-11-23 20:31:59 ----A---- C:\WINNT\system32\javaws.exe
2008-11-23 20:31:59 ----A---- C:\WINNT\system32\javaw.exe
2008-11-23 20:31:59 ----A---- C:\WINNT\system32\deploytk.dll
2008-11-23 20:31:58 ----A---- C:\WINNT\system32\java.exe
2008-11-23 20:31:01 ----D---- C:\Program Files\Java
2008-11-23 20:29:13 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2008-11-23 20:18:59 ----D---- C:\Documents and Settings\All Users\Application Data\Applications
2008-11-23 11:32:54 ----D---- C:\Program Files\Sophos
2008-11-22 16:13:50 ----A---- C:\WINNT\system32\pid.dll
2008-11-21 18:54:06 ----HD---- C:\WINNT\$NtUninstallKB954211$
2008-11-21 18:53:10 ----HD---- C:\WINNT\$NtUninstallKB956391$
2008-11-21 18:51:55 ----HD---- C:\WINNT\$NtUninstallKB955069$
2008-11-21 18:45:12 ----HD---- C:\WINNT\$NtUninstallKB956390-IE6SP1-20080820.120000$
2008-11-21 18:44:04 ----HD---- C:\WINNT\$NtUninstallKB957097$
2008-11-21 18:43:38 ----HD---- C:\WINNT\$NtUninstallKB958644$
2008-11-21 18:42:34 ----HD---- C:\WINNT\$NtUninstallKB957095$
2008-11-21 12:01:02 ----A---- C:\WINNT\system32\msxml3.dll
2008-11-21 12:00:33 ----A---- C:\WINNT\system32\WININET.DLL
2008-11-21 12:00:33 ----A---- C:\WINNT\system32\URLMON.DLL
2008-11-21 12:00:33 ----A---- C:\WINNT\system32\SHLWAPI.DLL
2008-11-21 12:00:32 ----A---- C:\WINNT\system32\SHDOCVW.DLL
2008-11-21 12:00:28 ----A---- C:\WINNT\system32\MSHTML.DLL
2008-11-21 12:00:26 ----A---- C:\WINNT\system32\BROWSEUI.DLL
2008-11-21 12:00:06 ----A---- C:\WINNT\system32\sp3res.dll
2008-11-21 11:59:54 ----A---- C:\WINNT\system32\NETAPI32.DLL

======List of files/folders modified in the last 1 months======

2008-12-10 12:10:02 ----A---- C:\WINNT\ntbtlog.txt
2008-12-09 16:34:24 ----A---- C:\WINNT\SchedLgU.Txt
2008-11-21 18:54:48 ----A---- C:\WINNT\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_2K;Cdr4_2K; C:\WINNT\system32\drivers\Cdr4_2K.sys [2003-11-06 58000]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2003-11-06 23420]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINNT\system32\drivers\mfehidk.sys [2008-06-27 207656]
R1 MPFP;MPFP; C:\WINNT\System32\Drivers\Mpfp.sys [2008-06-02 120136]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 Atmuni;ATM Call Manager; C:\WINNT\System32\DRIVERS\atmuni.sys [2003-06-19 331088]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINNT\system32\DRIVERS\mdc8021x.sys [2006-07-25 15890]
R2 Rawwan;RAW WAN Driver; C:\WINNT\System32\DRIVERS\rawwan.sys [2001-05-08 35024]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINNT\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-03-07 14408]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINNT\system32\drivers\mfeavfk.sys [2008-06-27 79240]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINNT\system32\drivers\mfebopk.sys [2008-06-27 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINNT\system32\drivers\mfesmfk.sys [2008-06-27 40488]
R3 openhci;Microsoft USB Open Host Controller Driver; C:\WINNT\System32\DRIVERS\openhci.sys [2003-06-19 24784]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SiS630;SiS630; C:\WINNT\System32\DRIVERS\sis630p.sys [2001-12-05 122531]
R3 SiS7018;Service for SiS7018 Driver (WDM); C:\WINNT\system32\drivers\sis7018.sys [2001-11-06 397280]
R3 USB-100;USB 10/100 Ethernet Adapter; C:\WINNT\system32\DRIVERS\USBKR100.SYS [2001-06-20 27519]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2003-06-19 40176]
S2 HidUsb;Microsoft HID Class Driver; C:\WINNT\system32\DRIVERS\hidusb.sys [1999-10-04 13904]
S3 AmeAtmPc;AmeAtmPc; C:\WINNT\System32\DRIVERS\AmeAtmPc.sys [2002-02-22 109799]
S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver; C:\WINNT\System32\Drivers\athwpn.sys []
S3 AtmLane;ATM LAN Emulation; C:\WINNT\System32\DRIVERS\atmlane.sys [2003-06-19 48496]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINNT\system32\DNINDIS5.SYS []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINNT\system32\44.tmp []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINNT\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINNT\System32\DRIVERS\RTL8029.SYS [1999-09-24 18704]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2003-06-19 21552]
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN); C:\WINNT\system32\DRIVERS\zd1211u.sys [2004-11-29 257536]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINNT\system32\DRIVERS\WPN111.sys []
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINNT\system32\ZDPNDIS5.SYS []
S4 IntelIde;IntelIde; C:\WINNT\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-23 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-10-10 792696]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINNT\System32\mspmspsv.exe [2002-05-16 57344]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2005-06-24 331776]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-09-16 605512]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 138168]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINNT\System32\svchost.exe [2001-05-08 7952]

-----------------EOF-----------------
GillH
Active Member
 
Posts: 11
Joined: December 2nd, 2008, 12:02 pm

Re: Help please - My Hijack this log & problem description

Unread postby GillH » December 11th, 2008, 11:18 am

I'm afraid I had to sent the two files as separate posts, and the "ghost in my machine" played up during the process, but here is the info.txt file -

info.txt logfile of random's system information tool 1.04 2008-12-11 15:19:03

======Uninstall list======

Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Acrobat and Reader 6.0.6 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000606}
Adobe Flash Player ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
ADSL Modem Driver Suite Product-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEBED42E-0BF4-11D5-928C-0060677630C4}\setup.exe"
Blue Chip Bridge-->C:\WINNT\uninst.exe -f"c:\Blue Chip Bridge\DeIsL1.isu" -c"c:\Blue Chip Bridge\_ISREG32.DLL"
BT Yahoo! Applications-->C:\PROGRA~1\YAHOO!\common\uninstall.exe
Citrix ICA Client-->C:\WINNT\ISUNINST.EXE -fC:\PROGRA~1\Citrix\ICACLI~1\Uninst.isu -cC:\PROGRA~1\Citrix\ICACLI~1\uninstpn.dll
Citrix Presentation Server Client-->MsiExec.exe /I{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
EPSON Printer Software-->C:\WINNT\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for MDAC 2.53 (KB911562)-->"C:\WINNT\$SQLUninstallMDAC25SP3-KB911562-x86-ENU$\spuninst\spuninst.exe"
Hotfix for MDAC 2.53 (KB927779)-->"C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\spuninst.exe"
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{47808F78-F178-49DC-B708-15FE538B16FF}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Lotus SmartSuite 97-->C:\WINNT\lunin10.exe /T SmartSuite /V 97.0 /I "c:\lotus\suit.inf" /C "c:\lotus\cinstall.ini" /O /L EN
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
McAfee SiteAdvisor-->C:\Program Files\SiteAdvisor\6261\uninstall.exe
MetaFrame Presentation Server Web Client for Win32-->C:\WINNT\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft Interactive Training-->C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
QuickTime-->C:\WINNT\unvise32qt.exe C:\WINNT\system32\QuickTime\Uninstall.log
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB923689)-->"C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
SiS Audio Driver-->C:\Progra~1\SiS7018\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7018
SiS630_730 V2.05-->RUNDLL32 setuplib.dll,UnInstall ,630&ISUNINST -f"C:\PROGRA~1\SIS630~1.05\DeIsL1.isu"&P.U 4 sis630.inf&-1
Snowie Version 3-->C:\WINNT\uninst.exe -f"C:\Program Files\Oasya\Snowie3\DeIsL1.isu" -c"C:\Program Files\Oasya\Snowie3\_ISREG32.DLL"
Sophos Anti-Rootkit 1.3.1-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update Rollup 1 for Windows 2000 SP4-->"C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
USB to fast ethernet adapter-->"C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\uninstall.exe" "C:\WINNT\Temp\pnpui_LN-013.log" "USB to fast ethernet adapter" "LN-013" "Sitecom_LN-013"
Windows 2000 Hotfix - KB842773-->C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows 2000 Hotfix - KB890046-->"C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB893756-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896358-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896422-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896423-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB896424-->"C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB897715-->"C:\WINNT\$NtUninstallKB897715-OE6SP1-20050503.210336$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899587-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB899589-->"C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB900725-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901017-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB901214-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB902400-->"C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB904706-->"C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905414-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905495-->"C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905749-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB905915-->"C:\WINNT\$NtUninstallKB905915-IE6SP1-20051122.175908$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908519-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908523-->"C:\WINNT\$NtUninstallKB908523$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB908531-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB911280-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB911567-->"C:\WINNT\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB912812-->"C:\WINNT\$NtUninstallKB912812-IE6SP1-20060322.182418$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB912919-->"C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB913580-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914388-->"C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB914389-->"C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB916281-->"C:\WINNT\$NtUninstallKB916281-IE6SP1-20060526.162249$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917008-->"C:\WINNT\$NtUninstallKB917008$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917159-->"C:\WINNT\$NtUninstallKB917159$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917422-->"C:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917537-->"C:\WINNT\$NtUninstallKB917537$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917736-->"C:\WINNT\$NtUninstallKB917736$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB917953-->"C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB918118-->"C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB918899-->"C:\WINNT\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920213-->"C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920670-->"C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920683-->"C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920685-->"C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB920958-->"C:\WINNT\$NtUninstallKB920958$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921398-->"C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921503-->"C:\WINNT\$NtUninstallKB921503$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB921883-->"C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB922582-->"C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB922616-->"C:\WINNT\$NtUninstallKB922616$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923191-->"C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923414-->"C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923694-->"C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923810-->"C:\WINNT\$NtUninstallKB923810$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB923980-->"C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924191-->"C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924270-->"C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB924667-->"C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925486-->"C:\WINNT\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB925902-->"C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926122-->"C:\WINNT\$NtUninstallKB926122$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB926436-->"C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB927891-->"C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB928843-->"C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB929969-->"C:\WINNT\$NtUninstallKB929969-IE6SP1-20061220.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB930178-->"C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB931768-->"C:\WINNT\$NtUninstallKB931768-IE6SP1-20070219.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB931784-->"C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB932168-->"C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB933566-->"C:\WINNT\$NtUninstallKB933566-IE6SP1-20070417.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB933729-->"C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB935839-->"C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB935840-->"C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB936021-->"C:\WINNT\$NtUninstallKB936021$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB937143-->"C:\WINNT\$NtUninstallKB937143-IE6SP1-20070717.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB937894-->"C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938127-->"C:\WINNT\$NtUninstallKB938127-IE6SP1-20070626.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938464-->"C:\WINNT\$NtUninstallKB938464-IE6SP1-20080429.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938827-->"C:\WINNT\$NtUninstallKB938827$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB938829-->"C:\WINNT\$NtUninstallKB938829$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB939653-->"C:\WINNT\$NtUninstallKB939653-IE6SP1-20070817.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941202-->"C:\WINNT\$NtUninstallKB941202-OE6SP1-20070820.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941568-->"C:\WINNT\$NtUninstallKB941568$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941644-->"C:\WINNT\$NtUninstallKB941644$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB941693-->"C:\WINNT\$NtUninstallKB941693$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB943055-->"C:\WINNT\$NtUninstallKB943055$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB943485-->"C:\WINNT\$NtUninstallKB943485$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB944338-->"C:\WINNT\$NtUninstallKB944338$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB945553-->"C:\WINNT\$NtUninstallKB945553$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB947864-->"C:\WINNT\$NtUninstallKB947864-IE6SP1-20080215.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB948590-->"C:\WINNT\$NtUninstallKB948590$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB948881-->"C:\WINNT\$NtUninstallKB948881-IE6SP1-20080313.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950749-->"C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB950974-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951066-->"C:\WINNT\$NtUninstallKB951066-OE6SP1-20080625.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951698-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB951748-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB952954-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB953838-->"C:\WINNT\$NtUninstallKB953838-IE6SP1-20080620.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB953839-->"C:\WINNT\$NtUninstallKB953839$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB954211-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB955069-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB956390-->"C:\WINNT\$NtUninstallKB956390-IE6SP1-20080820.120000$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB956391-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB957095-->"C:\WINNT\$NtUninstallKB957095$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB957097-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Windows 2000 Hotfix - KB958644-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Windows Blaster Worm Removal Tool (KB833330)-->C:\WINNT\$NtUninstallKB833330$\spuninst\spuninst.exe
Windows Installer 3.1 (KB893803)-->"C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINNT\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows Media Player system update (9 Series)-->C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Os2LibPath"=%SystemRoot%\system32\os2\dll;
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
GillH
Active Member
 
Posts: 11
Joined: December 2nd, 2008, 12:02 pm

Re: Help please - My Hijack this log & problem description

Unread postby Katana » December 11th, 2008, 2:04 pm

There is no obvious sign of infection, how old is the machine ?


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If required, please reboot
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt



Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Help please - My Hijack this log & problem description

Unread postby GillH » December 14th, 2008, 1:17 pm

The PC is pretty old - 6 years plus? We were thinking of updating it soon, so this problem may bring that decision forward!

Have just done the Malwarebytes scan, which didn't seem to find anything. Log posted below. Will now do the other scan but will reply in separate post, as the machine keeps crashing.

Malwarebytes' Anti-Malware 1.31
Database version: 1499
Windows 5.0.2195 Service Pack 4

14/12/2008 16:45:43
mbam-log-2008-12-14 (16-45-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 88475
Time elapsed: 41 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
GillH
Active Member
 
Posts: 11
Joined: December 2nd, 2008, 12:02 pm

Re: Help please - My Hijack this log & problem description

Unread postby GillH » December 14th, 2008, 4:12 pm

Following on from my email of earlier today, here is the report from the Kaspersky online scanner -

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 14, 2008
Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 14, 2008 14:02:05
Records in database: 1460709
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 49867
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:22:05


File name / Threat name / Threats count
C:\WINNT\system32\wins\WMI.vbe Infected: Trojan-Downloader.VBS.Small.bo 1

The selected area was scanned.
GillH
Active Member
 
Posts: 11
Joined: December 2nd, 2008, 12:02 pm

Re: Help please - My Hijack this log & problem description

Unread postby Katana » December 14th, 2008, 6:31 pm

Well, there is nothing there that should be causing problems.
Let's remove that one file that Kaspersky found and then have a last scan.



OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below. ( Make sure you include :Files )
Code: Select all
:Files
C:\WINNT\system32\wins\WMI.vbe
:Commands
[Purity]
[EmptyTemp]


  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • - Close ALL open windows (especially Internet Explorer!)-
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Help please - My Hijack this log & problem description

Unread postby GillH » December 15th, 2008, 11:10 am

Ok, here's everything from the results window after performing OTMoveIt -

========== FILES ==========
C:\WINNT\system32\wins\WMI.vbe moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINNT\temp\WFV2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINNT\temp\sqlite_yXdWUQY5z0w1pJm scheduled to be deleted on reboot.
File delete failed. C:\WINNT\temp\sqlite_cTJozz7A5zhFpPc scheduled to be deleted on reboot.
File delete failed. C:\WINNT\temp\mcmsc_hxh0U17BWgvudTE scheduled to be deleted on reboot.
File delete failed. C:\WINNT\temp\mcmsc_UIfxksdHf221mUz scheduled to be deleted on reboot.
File delete failed. C:\WINNT\temp\sqlite_KNRuEqguYXIv730 scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12152008_150446

Files moved on Reboot...
File C:\WINNT\temp\WFV2.tmp not found!
C:\WINNT\temp\sqlite_yXdWUQY5z0w1pJm moved successfully.
C:\WINNT\temp\sqlite_cTJozz7A5zhFpPc moved successfully.
File C:\WINNT\temp\mcmsc_hxh0U17BWgvudTE not found!
File C:\WINNT\temp\mcmsc_UIfxksdHf221mUz not found!
C:\WINNT\temp\sqlite_KNRuEqguYXIv730 moved successfully.
GillH
Active Member
 
Posts: 11
Joined: December 2nd, 2008, 12:02 pm

Re: Help please - My Hijack this log & problem description

Unread postby GillH » December 15th, 2008, 11:56 am

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-15 15:58:23
Windows 5.0.2195 Service Pack 4


---- System - GMER 1.0.14 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xBBCCAF20]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xBBC069B5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xBBC06A48]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xBBC06979]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xBBC06A5C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xBBC06A70]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xBBC06AD4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xBBC06AC0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xBBC069F3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xBBC06AFC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xBBC06A34]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xBBC06951]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xBBC06965]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xBBC069C9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xBBC06B39]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xBBC06AAC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xBBC06A98]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xBBC06B25]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xBBC06B11]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xBBC069A1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xBBC0698D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xBBC06A84]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xBBC06A20]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xBBC06AE8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xBBC06A07]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xBBC069DD]

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 80432F24 7 Bytes JMP BBC069E1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 804A7172 5 Bytes JMP BBC069B9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 804D00AC 5 Bytes JMP BBC069F7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 804D0D08 5 Bytes JMP BBC06A0B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 804D2AE6 5 Bytes JMP BBC069CD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 804DEB24 5 Bytes JMP BBC06955 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenThread 804DEDE4 5 Bytes JMP BBC06969 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 804DF958 5 Bytes JMP BBC06991 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 804E2264 5 Bytes JMP BBC0697D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 804E32CC 6 Bytes JMP BBC06A24 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 804E7DDA 5 Bytes JMP BBC069A5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80511E50 5 Bytes JMP BBC06A4C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80512214 5 Bytes JMP BBC06A60 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80512430 5 Bytes JMP BBC06A74 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 8051263E 5 Bytes JMP BBC06AD8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80512894 5 Bytes JMP BBC06AC4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 80512D3E 6 Bytes JMP BBC06B00 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 805133F2 5 Bytes JMP BBC06A38 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80513672 5 Bytes JMP BBC06B3D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 80513908 5 Bytes JMP BBC06A9C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 80513BFC 5 Bytes JMP BBC06B15 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80513F9A 5 Bytes JMP BBC06A88 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 80514268 5 Bytes JMP BBC06AEC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8051470A 5 Bytes JMP BBC06B29 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 805148DA 5 Bytes JMP BBC06AB0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.14 ----

.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegCreateKeyA 7C2E96C8 5 Bytes JMP 02E30056
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegCreateKeyW 7C2E9954 5 Bytes JMP 02E30FCD
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegCreateKeyExA 7C2ED804 5 Bytes JMP 02E3007D
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegOpenKeyA 7C2EDC59 5 Bytes JMP 02E30FEF
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 02E30020
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 02E3008E
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 02E3003B
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegOpenKeyW 7C2F4C09 5 Bytes JMP 02E30FDE
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 02E4000B
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 02E4001C
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 02E4007B
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 02E40097
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 02E40FB8
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 02E40044
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 02E40055
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 02E40F8C
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 02E40F13
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreateNamedPipeA 7C591C5F 1 Byte [ E9 ]
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreateNamedPipeA + 2 7C591C61 3 Bytes [ F3, 8A, 86 ]
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 02E40FD4
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 02E40F7B
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 02E400D1
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 02E40F24
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 02E400C0
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 02E40F5C
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 02E40F40
.text C:\WINNT\system32\services.exe[216] WS2_32.DLL!socket 7503353D 5 Bytes JMP 02E10FE5
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 01350FEF
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 01350FD3
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 01350075
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 01350091
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 01350FA7
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 01350027
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 01350053
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 01350064
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 01350F0A
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 0135000B
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 01350FB8
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 01350F75
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 01350F42
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 01350F26
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 013500BA
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 01350F64
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 01350F53
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 01340052
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 01340FBD
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 01340063
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 4 Bytes JMP 0134000B
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 0134002D
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 01340074
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 01340FDA
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 4 Bytes JMP 0134001C
.text C:\WINNT\system32\lsass.exe[228] WS2_32.DLL!socket 7503353D 5 Bytes JMP 01320FEF
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 00BD003A
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 00BD0FB1
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 00BD0057
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 5 Bytes JMP 00BD0FEF
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 00BD0FD3
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 00BD0072
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 00BD0FC2
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 5 Bytes JMP 00BD000B
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 00BE0FEF
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 00BE0FD3
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 00BE008E
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 00BE009F
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 00BE0027
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 00BE0038
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 00BE0057
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 00BE0072
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 00BE0110
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 00BE0FB8
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 00BE0016
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 00BE00B0
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 00BE0F52
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 00BE00FF
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!GetStartupInfoW 7C596B15 3 Bytes JMP 00BE00D2
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!GetStartupInfoW + 4 7C596B19 1 Byte [ 84 ]
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 00BE00C1
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 00BE00E3
.text C:\WINNT\system32\svchost.exe[396] WS2_32.dll!socket 7503353D 5 Bytes JMP 00BB0FEF
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 00F60F8C
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 00F60015
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 00F60F65
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 5 Bytes JMP 00F60FEF
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 00F60FC2
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 00F60F4A
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 00F60FA7
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 5 Bytes JMP 00F60FD3
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 00F70FEF
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 00F7000B
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 00F70F94
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 00F70094
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 00F70031
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 00F7004F
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 00F70FA5
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 00F70078
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 00F700E3
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 00F70FD3
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 00F70FC2
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 00F700A5
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 00F70F36
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 00F70F25
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 00F700D2
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 00F70F78
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 00F70F5D
.text C:\WINNT\System32\svchost.exe[460] WS2_32.dll!socket 7503353D 5 Bytes JMP 00F40000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[640] KERNEL32.DLL!LoadLibraryA 7C59026D 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[640] KERNEL32.DLL!LoadLibraryW 7C59031E 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 00DE0000
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 00DE001C
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 00DE0060
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 00DE0F60
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 00DE0FA1
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 00DE0F90
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 00DE003A
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 00DE0F71
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 00DE00A9
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 00DE0FE4
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 00DE0FC9
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 00DE0F4F
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 00DE0098
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 00DE0EEB
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 00DE0F18
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 00DE007C
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 00DE0EFC
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegCreateKeyA 7C2E96C8 5 Bytes JMP 00DD0037
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegCreateKeyW 7C2E9954 5 Bytes JMP 00DD0052
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegCreateKeyExA 7C2ED804 5 Bytes JMP 00DD0063
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegOpenKeyA 7C2EDC59 5 Bytes JMP 00DD0000
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 00DD0026
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 00DD0FA2
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 00DD0FD3
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegOpenKeyW 7C2F4C09 5 Bytes JMP 00DD0FE4
.text C:\WINNT\system32\MSTask.exe[968] WS2_32.DLL!socket 7503353D 5 Bytes JMP 00DB0FE5
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 010B0F9D
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 010B0026
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 010B0F8C
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 5 Bytes JMP 010B0FEF
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 010B0FC9
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 010B004D
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 010B0FB8
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 5 Bytes JMP 010B000B
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 010C0FE4
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 010C0FD3
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 010C0F7A
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 010C0F69
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 010C0017
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 010C0F8B
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 010C0043
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 010C0054
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 010C00AE
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 010C0FC2
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 010C0FA7
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 010C0F3F
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 010C0F01
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 010C0EE5
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 010C0084
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 010C0F2E
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 010C0F12
.text C:\WINNT\Explorer.EXE[1140] WS2_32.DLL!socket 7503353D 5 Bytes JMP 01090000
.text C:\WINNT\Explorer.EXE[1140] WININET.dll!InternetOpenA 630177D1 5 Bytes JMP 01730000
.text C:\WINNT\Explorer.EXE[1140] WININET.dll!InternetOpenUrlA 63017F9A 5 Bytes JMP 0173002A
.text C:\WINNT\Explorer.EXE[1140] WININET.dll!InternetOpenW 6301A109 5 Bytes JMP 01730FEF
.text C:\WINNT\Explorer.EXE[1140] WININET.dll!InternetOpenUrlW 6301A420 5 Bytes JMP 01730FD3
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 014C0026
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 014C0F9D
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 014C0037
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 4 Bytes JMP 014C0FEF
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 014C0FD3
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 014C0F76
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 014C0FC2
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 4 Bytes JMP 014C000B
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 014D0000
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 014D0FD9
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 014D006F
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 014D008B
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 014D0FA2
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 014D002E
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 014D003F
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 014D005E
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 014D00F3
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 014D0FBE
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 014D0011
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 014D00A7
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 014D00E2
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 014D0F35
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 014D0F51
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 014D0F62
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 014D00C6
.text C:\WINNT\system32\svchost.exe[1192] WS2_32.dll!socket 7503353D 5 Bytes JMP 014A0000
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 00230FE4
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 00230FD3
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 00230F4D
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 00230F31
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 00230FB1
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 00230031
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 00230F87
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 00230F5E
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 00230ECA
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 00230FC2
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 00230020
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 00230F20
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 00230077
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 00230093
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 00230EF7
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 0023005B
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 00230EE6
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegCreateKeyA 7C2E96C8 5 Bytes JMP 00240025
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegCreateKeyW 7C2E9954 5 Bytes JMP 00240F90
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegCreateKeyExA 7C2ED804 5 Bytes JMP 00240036
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegOpenKeyA 7C2EDC59 5 Bytes JMP 00240000
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 00240FBE
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 0024005B
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 00240FAD
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegOpenKeyW 7C2F4C09 5 Bytes JMP 00240FD9

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.14 ----
GillH
Active Member
 
Posts: 11
Joined: December 2nd, 2008, 12:02 pm

Re: Help please - My Hijack this log & problem description

Unread postby GillH » December 15th, 2008, 12:04 pm

Hi Katana,

Apologies for having to post these scans separately. I had quite a lot of problems performing the scans - PC kept freezing, then "lost" mouse, then the gremlins took over and kept closing programmes down. Got there eventually, though, and the results are posted above.

Many thanks.
GillH
Active Member
 
Posts: 11
Joined: December 2nd, 2008, 12:02 pm

Re: Help please - My Hijack this log & problem description

Unread postby Katana » December 15th, 2008, 5:23 pm

Well, I have good news and bad news
The good news is that you have a completey infection free machine
The bad news is that a clean machine means it is either an OS corruption or hardware problem.
I would recommend visiting a tech forum to see what they advise, but I suspect that with a W2K machine they would suggest a reformat as the first option.

Let me know if you want some tech forum links, and what you decide to do.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Help please - My Hijack this log & problem description

Unread postby GillH » December 15th, 2008, 6:22 pm

Katana,

Well, I think that the good news - that it is infection-free - is probably better than the bad news. As I said in an earlier post, we were going to be replacing the PC anyway as it had got very old and slow. I was concerned that if it had been corrupted, then we would copy across the infection with the data to any new PC. Thankfully, it looks as if that is not going to be an issue. It just means we need to accelerate our plans to replace it!

So I don't think I need the names of any tech forums - at least for the minute. Thank you very much for your help, which has been speedy, easy to follow, and much appreciated. It's been quite a learning process for me too. I've made a small donation by way of thanks.

Gill
GillH
Active Member
 
Posts: 11
Joined: December 2nd, 2008, 12:02 pm

Re: Help please - My Hijack this log & problem description

Unread postby Katana » December 16th, 2008, 4:57 am

It's probably the best idea to upgrade, W2K is an old OS now and the latest Vista is a lot more secure.
Your data is safe to transfer to the new machine.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean with you new machine.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partne ... bscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Help please - My Hijack this log & problem description

Unread postby GillH » December 16th, 2008, 10:24 am

Katana,

Thanks for all this info to help protect my new machine.

Yes, I'm OK for you to archive this thread now, thanks.

GillH
GillH
Active Member
 
Posts: 11
Joined: December 2nd, 2008, 12:02 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware