Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Log File


  • Please log in to reply
3 replies to this topic

#1 F0X

F0X

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 07 August 2007 - 07:46 PM

:thumbsup:


heloo everyone. my first post. need some help. hopefully i can get this to work.

Attached Files



BC AdBot (Login to Remove)

 


m

#2 F0X

F0X
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 07 August 2007 - 07:49 PM

ok i dont think that worked. so what should i delete? the problem i have is when i i search on the internet it takes me to another site like ebay and lycos.com. i know there is a lot of junk here. thanks





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:39 PM, on 8/7/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\protections\Spyware Doctor\svcntaux.exe
C:\protections\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\protections\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\protections\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SDTray] "C:\protections\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184190983160
O22 - SharedTaskScheduler: farrandly - {8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c} - C:\WINDOWS\system32\tczij.dll (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\protections\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\protections\Spyware Doctor\swdsvc.exe

#3 F0X

F0X
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:31 PM

Posted 07 August 2007 - 08:41 PM

i noticed some of you asked for combo fix so i downloaded it and here it is. i can also post the hijack this log under it like the other people do.




ComboFix 07-08-07.6 - "Paul" 08/07/2007 21:27:24.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.3.1252.1.1033.18.601 [GMT -4:00]

/wow section not completed

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



Infected copy of C:\WINDOWS\system32\winlogon.exe was found & disinfected
C:\DOCUME~1\Paul\APPLIC~1\install.dat
C:\DOCUME~1\Paul\LOCALS~1\APPLIC~1.\microsoft\internet explorer\prndrv.dll
C:\WINDOWS\d3ui32.dll
C:\WINDOWS\DOWNLO~1.\cache
C:\WINDOWS\DOWNLO~1.\cache\bcache2.bmc
C:\WINDOWS\start.exe
C:\WINDOWS\system32\9_exception.nls
C:\WINDOWS\system32\drivers\hd_dirs.cfg
C:\WINDOWS\system32\drivers\hd_rkeys.cfg
C:\WINDOWS\system32\drivers\hd_rvals.cfg
C:\WINDOWS\system32\drivers\hflt_ipf.sys
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\kdoxv.exe
C:\WINDOWS\system32\wsys.dll
C:\WINDOWS\winhp32.exe
Restored copy from - C:\WINDOWS\system32\dllcache\WINLOGON.EXE

ws2_32.dll: deleted 29184 bytes in 1 streams.


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_EXAMPLE
-------\LEGACY_EXAMPLE1
-------\LEGACY_HFLT_IPF
-------\LEGACY_NDNET1
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\EXAMPLE1
-------\Runtime


((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


2007-08-07 21:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 18:58 462,848 --a------ C:\WINDOWS\SYSTEM32\msaatext.dll
2007-08-07 18:58 360,448 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\oleacc.dll
2007-08-07 18:58 360,448 --a------ C:\WINDOWS\SYSTEM32\oleacc.dll
2007-08-07 18:58 356,352 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\oleaccrc.dll
2007-08-07 18:58 356,352 --a------ C:\WINDOWS\SYSTEM32\oleaccrc.dll
2007-08-07 17:14 <DIR> d-------- C:\Program Files\REAL
2007-07-12 06:12 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-07-11 20:28 <DIR> d-------- C:\DOCUME~1\Paul\APPLIC~1\Uniblue
2007-07-11 19:52 <DIR> d-------- C:\Program Files\Uniblue
2007-07-11 19:50 4,179,768 --a------ C:\Program Files\registryboosteraff.exe
2007-07-11 18:34 58,016 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mvstdi5x.sys
2007-07-11 18:34 108,256 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\naiavf5x.sys
2007-07-11 18:34 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2007-07-11 18:31 <DIR> d-------- C:\Program Files\Network Associates
2007-07-11 18:31 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2007-07-11 18:04 <DIR> d-------- C:\9ccfe74a1571a58abcbda5834af2c8c6


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

22-01-22 17:53 --------- d-a------ C:\Program Files\Web Publish
22-01-22 17:35 16 --a------ C:\WINDOWS\dosstart.bat
22-01-22 16:07 --------- d-a------ C:\Program Files\Common Files\InstallShield
22-01-22 15:57 155680 -rah----- C:\WINDOWS\HWINFO.DAT
07-08-07 17:33 --------- d-a------ C:\DOCUME~1\Paul\APPLIC~1\AdobeUM
07-08-07 17:22 --------- d-------- C:\Program Files\Firstrun
07-08-07 17:14 --------- d-------- C:\Program Files\library
07-07-11 19:29 --------- d-a------ C:\Program Files\QuickTime
07-06-26 05:25 --------- d-------- C:\Program Files\The Weather Channel FW
07-06-26 05:24 --------- d-------- C:\Program Files\cache_db
07-06-26 05:21 --------- d-------- C:\DOCUME~1\Paul\APPLIC~1\Real
07-06-26 05:20 667648 --a------ C:\Program Files\rjbres.dll
07-06-26 05:20 57762 --a------ C:\Program Files\howto.chm
07-06-26 05:20 57344 --a------ C:\Program Files\tpasdk.dll
07-06-26 05:20 568 --a------ C:\Program Files\fpsectbl
07-06-26 05:20 49152 --a------ C:\Program Files\mmcdda32.dll
07-06-26 05:20 49152 --a------ C:\Program Files\ierjplug.dll
07-06-26 05:20 339968 --a------ C:\Program Files\dtdr3260.dll
07-06-26 05:20 335872 --a------ C:\Program Files\rjdlg.dll
07-06-26 05:20 32768 --a------ C:\Program Files\tnetdtct.dll
07-06-26 05:20 32768 --a------ C:\Program Files\rpwa3260.dll
07-06-26 05:20 32768 --a------ C:\Program Files\rjprog.dll
07-06-26 05:20 28672 --a------ C:\Program Files\wmdmhelper.dll
07-06-26 05:20 2851 --a------ C:\Program Files\cdroms.cfg
07-06-26 05:20 20480 --a------ C:\Program Files\fixrjb.exe
07-06-26 05:20 201949 --a------ C:\Program Files\realplay.chm
07-06-26 05:20 16296 --a------ C:\Program Files\realtfon.fon
07-06-26 05:20 139264 --a------ C:\Program Files\DUNZIP32.dll
07-06-26 05:20 11444 --a------ C:\Program Files\frw.bmp
07-06-26 05:20 102400 --a------ C:\Program Files\tsasdk.dll
07-06-26 05:20 --------- d-------- C:\Program Files\rpplugins
07-06-26 05:20 --------- d-------- C:\Program Files\producer
07-06-26 05:20 --------- d-------- C:\Program Files\plugins
07-06-26 05:20 --------- d-------- C:\Program Files\Netscape6
07-06-26 05:20 --------- d-------- C:\Program Files\Devices
07-06-26 05:20 --------- d-------- C:\Program Files\Common Files\xing shared
07-06-26 05:20 --------- d-------- C:\Program Files\CDBurning
07-06-26 05:19 719360 --a------ C:\Program Files\dbghelp.dll
07-06-26 05:19 61440 --a------ C:\Program Files\rjwmapln.dll
07-06-26 05:19 55533 --a------ C:\Program Files\RealNetworks License.html
07-06-26 05:19 55533 --a------ C:\Program Files\playrlic.html
07-06-26 05:19 54864 --a------ C:\Program Files\rpshellsearch.dll
07-06-26 05:19 53342 --a------ C:\Program Files\RealNetworks License.txt
07-06-26 05:19 53342 --a------ C:\Program Files\playrlic.txt
07-06-26 05:19 53098 --a------ C:\Program Files\presets.rnx
07-06-26 05:19 480 --a------ C:\Program Files\keys.dat
07-06-26 05:19 45056 --a------ C:\Program Files\rpau3260.dll
07-06-26 05:19 --------- d-a------ C:\Program Files\Common Files\Real
07-06-26 05:19 --------- d-------- C:\Program Files\Setup
07-06-26 05:18 61495 --a------ C:\Program Files\ssimages.vs
07-06-26 05:18 522796 --a------ C:\Program Files\normal.vs
07-06-26 05:18 --------- d-------- C:\Program Files\DataCache
07-06-26 05:15 86016 --a------ C:\Program Files\rpplugprot.dll
07-06-26 05:15 57344 --a------ C:\Program Files\rdsf3260.dll
07-06-26 05:15 54848 --a------ C:\Program Files\rpshell.dll
07-06-26 05:15 50 --a------ C:\Program Files\strs23.dat
07-06-26 05:15 331776 --a------ C:\Program Files\CDDBRealControl.dll
07-06-26 05:15 13 --a------ C:\Program Files\strs26.dat
07-06-26 05:15 1030 --a------ C:\Program Files\autoplaylist.dat
07-06-26 05:14 682 --a------ C:\Program Files\realplay.exe.manifest
07-06-26 05:14 27024 --a------ C:\Program Files\Readme.html
07-06-26 05:14 23558 --a------ C:\Program Files\freeoffers.ico
07-06-26 05:14 214560 --a------ C:\Program Files\realplay.exe
07-06-26 05:14 207 --a------ C:\Program Files\subscription.rnx
07-06-26 05:14 20480 --a------ C:\Program Files\rphelperapp.exe
07-06-26 05:14 20480 --a------ C:\Program Files\realjbox.exe
07-06-26 05:10 153328 --a------ C:\Program Files\RealPlayer10-5GOLD.exe
07-06-22 19:12 11264 --a------ C:\WINDOWS\system32\iesplg.dll
07-06-17 18:18 474 --a------ C:\Program Files\Shortcut to subscription.rnx.lnk
07-06-17 18:18 466 --a------ C:\Program Files\Shortcut to rpplugprot.dll.lnk
07-06-17 18:18 438 --a------ C:\Program Files\Shortcut to strs26.lnk
07-06-17 18:18 438 --a------ C:\Program Files\Shortcut to strs23.lnk
07-06-17 12:15 3022 --a------ C:\WINDOWS\rqjn.exe
07-06-14 19:25 3424 --a------ C:\WINDOWS\mozver.dat
07-05-29 21:19 0 -rahs---- C:\MSDOS.SYS
07-05-24 08:18 64512 --a------ C:\WINDOWS\system32\gcwegksx.exe
07-05-24 08:16 68368 --a------ C:\WINDOWS\system32\ws2_32.dll
07-02-09 22:40 56592 --a------ C:\DOCUME~1\Paul\APPLIC~1\GDIPFONTCACHEV1.DAT
07-02-09 21:59 305 ---h----- C:\Program Files\desktop.ini
07-02-09 21:52 21952 ---h----- C:\Program Files\folder.htt
02-07-24 08:00 32528 --a------ C:\WINDOWS\inf\wbfirdma.sys
2005-05-06 18:06:58 56 --sha-r C:\WINDOWS\SYSTEM\67255A881F.sys
2005-05-21 02:35:12 848 --sha-w C:\WINDOWS\SYSTEM\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [02-07-24 08:00 C:\WINDOWS\SYSTEM32\systray.exe]
"Synchronization Manager"="mobsync.exe" [02-07-24 08:00 C:\WINDOWS\SYSTEM32\mobsync.exe]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [99-06-02 12:31 ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07-06-26 05:14 ]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [04-08-18 08:00 ]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [04-08-06 03:50 ]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [03-10-07 09:48 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [04-11-22 08:18 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\nvcpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"VoyetraTray"=C:\PROGRAM FILES\VOYETRA\AUDIOSTATION 32\VTRAY.EXE /s
"LexmarkPrinTray"=PrinTray.exe
"NAV DefAlert"=C:\PROGRA~1\NORTON~1\DEFALERT.EXE
"StillImageMonitor"=C:\WINDOWS\system32\STIMON.EXE
"TCASUTIEXE"=TCAUDIAG.EXE -off
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SchedulingAgent"=mstask.exe

R0 ultra66;ultra66;C:\WINDOWS\system32\DRIVERS\ultra66.sys
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R3 admjoy;Aureal Game Port Enumerator;C:\WINDOWS\system32\DRIVERS\admjoy.sys
R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
R3 EntDrv50;EntDrv50;\??\C:\WINDOWS\system32\drivers\EntDrv50.sys
R3 mf;mf;C:\WINDOWS\system32\DRIVERS\mf.sys
R3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);C:\WINDOWS\system32\drivers\adm8830.sys
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 21:41:29
Windows 5.0.2195 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 21:42:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-07 21:42

--- E O F ---












Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:29 PM, on 8/7/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\protections\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184190983160
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

--
End of file - 3454 bytes

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 PM

Posted 19 August 2007 - 03:27 PM

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log

Please also post the problems you are having.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users