Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Trojan/browser Hijacker


  • Please log in to reply
1 reply to this topic

#1 Krezol

Krezol

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:54 PM

Posted 19 December 2007 - 12:21 PM

here is the log. I am using a HP computer, so most of the files are indeed legit software installed by HP. If you find anything that should not be there, let me know how to get rid of it.
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:12:52 PM, on 12/19/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalWindows folder: C:\WINDOWSSystem folder: C:\WINDOWS\SYSTEM32Hosts file: C:\WINDOWS\System32\drivers\etc\hostsRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Citrix\ICA Client\ssonsvr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\netdde.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\arservice.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\clipsrv.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\tcpsvcs.exeC:\Program Files\Mediafour\MacDrive 7\MacDriveService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXEC:\WINDOWS\System32\snmp.exeC:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin\OWSTIMER.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\tlntsvr.exeC:\WINDOWS\System32\vssvc.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\System32\dmadmin.exeC:\WINDOWS\system32\mqsvc.exeC:\WINDOWS\system32\mqtgsvc.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\ARPWRMSG.EXEC:\Program Files\DISC\DISCover.exeC:\Program Files\DISC\DiscUpdateMgr.exeC:\Program Files\HP\HP Software Update\HPwuSchd2.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\eHome\ehmsas.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Winamp\winampa.exeC:\HP\KBD\KBD.EXEC:\Program Files\DISC\DiscGui.exeC:\Program Files\Mediafour\MacDrive 7\MacDrive.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Winamp Remote\bin\OrbTray.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Winamp Remote\bin\Orb.exeC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\DISC\DiscStreamHub.exeC:\Program Files\Citrix\Communication Agent\CAgent.exeC:\Program Files\GetRight\GetRight.exeC:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.exeC:\Program Files\Updates from HP\9972322\Program\Updates from HP.exeC:\Program Files\No-IP\DUC20.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\ALCXMNTR.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exec:\windows\system\hpsysdrv.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download DirectoryR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop[/url]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop"]http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (filesize 63136 bytes, MD5 42729C3DE75A7A51FC6F9EF6546C9199)O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (filesize 246848 bytes, MD5 35837A3DCC6A3D7A6C36A2D4622B1176)O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (filesize 1122128 bytes, MD5 B8958471DAA4481E93B03DF8F991DD6E)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (filesize 501136 bytes, MD5 D787E3123FAD2BD58AB45B9A5C360ACD)O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll (filesize 1909248 bytes, MD5 FE3C87F452CC4AEB8961AE658981AACE)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (filesize 2403392 bytes, MD5 6319F2D4708DBCAE37CFA03DA10782C0)O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll (filesize 323568 bytes, MD5 907325051CE9D96D6F0F2766050AD6B2)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (filesize 2403392 bytes, MD5 6319F2D4708DBCAE37CFA03DA10782C0)O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll (filesize 1909248 bytes, MD5 FE3C87F452CC4AEB8961AE658981AACE)O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (filesize 77312 bytes, MD5 B596347A26DC054EBB44EB3BC8E95B0A)O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exec:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exeO4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exeC:\Program Files\DISC\DISCover.exeO4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exeC:\Program Files\DISC\DiscUpdateMgr.exeO4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (filesize 1605740 bytes, MD5 6ECF7DF7D31CE2509FEB0411A3ACE8D8)O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exeC:\Program Files\HP\HP Software Update\HPwuSchd2.exeO4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dllO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (filesize 579072 bytes, MD5 8B0A837F1D0AF0621A29C9F3DBF45E9F)O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" (filesize 132496 bytes, MD5 D4F0F7437327DBAA264338BAAFB5E5AF)O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (filesize 286720 bytes, MD5 45E5DB49800F1BF5BD39BDB8CC501E66)O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" (filesize 36352 bytes, MD5 0F5E2A630713CC1C0254C3E6324DF64A)O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEC:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" (filesize 179288 bytes, MD5 E092C566BB96F5EBEFFF9A9A9689DC9E)O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto (filesize 139264 bytes, MD5 1DDA6758713E468D0234D6445789A832)O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (filesize 866584 bytes, MD5 77C03BF23AE56B0A31AE4D5BB4B3D0AC)O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exeC:\Program Files\Common Files\Nero\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (filesize 1836328 bytes, MD5 60E91D2BCC467842B478E8F3A5BF7C16)O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (filesize 1694208 bytes, MD5 74E6E96C6F0E2ECA4EDBB7F7A468F259)O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background (filesize 360448 bytes, MD5 9D5857C1F8DC21A403C2F66C0F9F5574)O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (filesize 2111176 bytes, MD5 31EA2FDDABA551B46B81D1A9234067AE)O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\PeerGuardian2\pg2.exeO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (filesize 202024 bytes, MD5 7BF2D3A10DA0149A5B95261BD000C68F)O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart (filesize 5308416 bytes, MD5 45D1648724123669962DBA211D2C64AA)O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-21-1562701252-1744408198-1668301908-1017\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Ctx_StreamingSvc')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - S-1-5-21-1562701252-1744408198-1668301908-1017 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Ctx_StreamingSvc') (filesize 27136 bytes, MD5 6380625DD0480ED60960A149A087C848)O4 - S-1-5-21-1562701252-1744408198-1668301908-1017 User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Ctx_StreamingSvc') (filesize 27136 bytes, MD5 6380625DD0480ED60960A149A087C848)O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') (filesize 27136 bytes, MD5 6380625DD0480ED60960A149A087C848)O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') (filesize 27136 bytes, MD5 6380625DD0480ED60960A149A087C848)O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') (filesize 27136 bytes, MD5 6380625DD0480ED60960A149A087C848)O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe (filesize 1172992 bytes, MD5 74D679B8F4331E453431EFB423AECECE)O4 - Global Startup: 20-20 Shortcut Bar.lnk = C:\2020V61\Mswin\60\SCBar.Exe (filesize 139264 bytes, MD5 7442D040DFA0440204699570CCE82C66)O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (filesize 110592 bytes, MD5 5CD0CD0EC4DC5DF459B3AC016764F5AA)O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (filesize 110592 bytes, MD5 5CD0CD0EC4DC5DF459B3AC016764F5AA)O4 - Global Startup: Communication Agent.lnk = ?O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe (filesize 4527168 bytes, MD5 5BA91AF3749836CFF4B13BD2CF6C8031)O4 - Global Startup: Gomez PEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe (filesize 61440 bytes, MD5 7D6520C7EB0C948869BF2A8B9BEEF2A9)O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (filesize 282624 bytes, MD5 5597D0075861CB0A6E6087752D205C0D)O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (filesize 51776 bytes, MD5 54F4EEB0930BDC9C065FD5350D521708)O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (filesize 36903 bytes, MD5 CBCDA25B76B570A8252644594EDF3BE9)O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm (filesize 994 bytes, MD5 FC9AE0AB7A94F83A42B29070A62AE29F)O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm (filesize 977 bytes, MD5 6D869192C14C21E3246105AC8B3BE8DC)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (filesize 501136 bytes, MD5 D787E3123FAD2BD58AB45B9A5C360ACD)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (filesize 501136 bytes, MD5 D787E3123FAD2BD58AB45B9A5C360ACD)O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (filesize 131072 bytes, MD5 71881F415C5157B637F245BA2D439E0F)O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll (filesize 131072 bytes, MD5 71881F415C5157B637F245BA2D439E0F)O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (filesize 53248 bytes, MD5 B75E2A565AE6B03DD3941A5DD4E2F31C)O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (filesize 53248 bytes, MD5 B75E2A565AE6B03DD3941A5DD4E2F31C)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL (filesize 40512 bytes, MD5 0FA0BDAA2FF4ED7E5A2FA2EC1B536712)O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (filesize 1122128 bytes, MD5 B8958471DAA4481E93B03DF8F991DD6E)O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (filesize 1122128 bytes, MD5 B8958471DAA4481E93B03DF8F991DD6E)O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (filesize 706 bytes, MD5 7CB21E1F67A80EAC34B2C10F88F1ED7E)O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (filesize 706 bytes, MD5 7CB21E1F67A80EAC34B2C10F88F1ED7E)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 557568 bytes, MD5 CEBED017C4965FC4407CCD986AE0A528)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (filesize 557568 bytes, MD5 CEBED017C4965FC4407CCD986AE0A528)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1694208 bytes, MD5 74E6E96C6F0E2ECA4EDBB7F7A468F259)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (filesize 1694208 bytes, MD5 74E6E96C6F0E2ECA4EDBB7F7A468F259)O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO12 - Plugin for .mdz: C:\Program Files\Internet Explorer\Plugins\npmod32.dll (filesize 225280 bytes, MD5 63F9D3AFFC346A1570D33D1D15731634)O15 - Trusted Zone: http://*.trymedia.com (HKLM)O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - [url="https://www.epost.ca/printing/smsx.cab"]https://www.epost.ca/printing/smsx.cab[/url]O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url="http://go.microsoft.com/fwlink/?linkid=39204"]http://go.microsoft.com/fwlink/?linkid=39204[/url]O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - [url="http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab"]http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab[/url]O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - [url="http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab"]http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab[/url]O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - [url="http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1195832844251"]http://catalog.update.microsoft.com/v7/sit...b?1195832844251[/url]O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [url="http://download.bitdefender.com/resources/scan8/oscan8.cab"]http://download.bitdefender.com/resources/scan8/oscan8.cab[/url]O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - [url="http://www.mks.com.pl/skaner/SkanerOnline.cab"]http://www.mks.com.pl/skaner/SkanerOnline.cab[/url]O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [url="http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab"]http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab[/url]O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195480845703"]http://www.update.microsoft.com/microsoftu...b?1195480845703[/url]O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url="http://acs.pandasoftware.com/activescan/as5free/asinst.cab"]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url]O17 - HKLM\System\CCS\Services\Tcpip\..\{36297EE1-F1E0-4379-A970-724701869838}: NameServer = 67.55.0.11,67.55.0.13O20 - AppInit_DLLs: c:\progra~1\citrix\system32\mfaphook.dllO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: Citrix Diagnostic Facility COM Server (CdfSvc) - Citrix Systems, Inc. - C:\Program Files\Common Files\Citrix\System32\CdfSvc.exeC:\Program Files\Common Files\Citrix\System32\CdfSvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeC:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeC:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exeC:\Program Files\Mediafour\MacDrive 7\MacDriveService.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXEC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXEO23 - Service: Citrix Streaming Service (RadeSvc) - Citrix Systems, Inc. - C:\Program Files\Citrix\Streaming Client\RadeSvc.exeC:\Program Files\Citrix\Streaming Client\RadeSvc.exe--End of file - 21857 bytes


BC AdBot (Login to Remove)

 


m

#2 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:06:54 AM

Posted 02 January 2008 - 10:16 AM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Please do not post your log in code tags, post it normal.
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users