Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Req Help Infection (unknown)


  • Please log in to reply
1 reply to this topic

#1 sherjar

sherjar

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 05 March 2008 - 08:13 PM

hello..

I hope you can help, I am at a loss. A few days ago my computer started
shutting down and restarting, I have ZoneAlarm Antivirus, Adaware, Spybot,
SpywareBlaster and nothing is showing. I tried to run BitDefender and TrendMicro
online scanners but because of the shutting down, it never finishes the scan.
I did see a couple of things in ZoneAlarm that looked suspicious and I googled
them and it pointed to a few different trojans/viruses/VB script..so I got ComboFix
and HiJackThis and here are the logs..I hope you can help. I hope it was ok to
post both logs in one post:

ComboFix Log:

ComboFix 08-03-05.1 - HP_Owner 2008-03-05 19:18:20.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.153 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.

2008-03-05 17:55 . 2008-03-05 17:55 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-03-01 16:09 . 2008-03-01 16:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-01 16:09 . 2008-03-01 16:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-01 16:08 . 2008-03-01 16:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-29 19:48 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-29 19:47 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-29 19:47 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-29 19:47 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-29 19:47 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-29 19:02 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-02-29 13:55 . 2008-02-29 13:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-02-29 11:56 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\aoargxaoaxkv.sys
2008-02-28 20:27 . 2008-02-28 20:27 <DIR> d--hs---- C:\found.000
2008-02-28 20:18 . 2008-03-04 19:31 <DIR> d-------- C:\Program Files\SDFix
2008-02-28 19:29 . 2008-02-28 19:27 691,545 --a------ C:\WINDOWS\unins001.exe
2008-02-28 19:29 . 2008-02-28 19:29 2,553 --a------ C:\WINDOWS\unins001.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-05 00:52 --------- d-----w C:\Program Files\LimeWire
2008-03-05 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-05 00:36 3,808,768 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-03-04 21:22 3,808,256 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-03-04 21:22 1,205,760 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-01 10:26 --------- d-----w C:\Program Files\ListMaker
2008-03-01 02:23 40,448 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-01 02:23 3,787,776 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-01 01:45 3,786,752 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-03-01 01:45 102,400 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-03-01 00:00 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-03-01 00:00 --------- d-----w C:\Program Files\iTunes
2008-02-29 23:43 81,920 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-29 23:43 3,771,904 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-29 18:57 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-29 17:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-29 14:04 44,544 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-29 14:04 3,766,272 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-29 12:34 68,096 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-29 12:34 3,766,272 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-29 00:53 9,728 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-29 00:53 3,752,448 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-01-21 03:27 --------- d-----w C:\Program Files\MySpace
2008-01-12 02:17 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-12 02:17 --------- d-----w C:\Program Files\AIM6
2008-01-12 02:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-16 16:03 4,293,704 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
C:\WINDOWS\system32\user32.dll ... is infected !! (additional data below)
577,024 2005-03-02 18:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
577,024 2004-08-04 04:00:00 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
263,547 2004-08-04 04:00:00 C:\WINDOWS\I386\USER32.DL_
577,024 2005-03-02 18:09:30 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll
577,024 2007-10-26 21:35:01 C:\WINDOWS\system32\user32.dll
577,024 2007-10-26 21:35:01 C:\WINDOWS\system32\dllcache\user32.dll


------- Sigcheck -------

05a0a25a61aae48c570f74289c88b665 C:\WINDOWS\system32\user32.dll
----a-w 577,024 2005-03-02 18:19:56 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
-c----w 577,024 2004-08-04 04:00:00 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
----a-w 577,024 2005-03-02 18:09:30 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll
----a-w 577,024 2007-10-26 21:35:01 C:\WINDOWS\system32\user32.dll
----a-w 577,024 2007-10-26 21:35:01 C:\WINDOWS\system32\dllcache\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 00:04 1415824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 19:29 249856]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38 968696]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-03-30 02:25:38 27136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=C:\WINDOWS\pss\HP Organize.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mom's bleep^Start Menu^Programs^Startup^Adobe Gamma.lnk.disabled]
path=C:\Documents and Settings\Mom's bleep\Start Menu\Programs\Startup\Adobe Gamma.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Gamma.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 09:12 49152 C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-02 01:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-11-03 17:22 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-14 09:00 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Internet Explorer]
C:\WINDOWS\system32\_svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-14 05:23 663552 C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2004-11-22 18:18 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 14:02:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-01 05:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-01 14:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-02 15:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-02 16:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-02 17:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-02 18:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-02 19:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-02 20:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-02 21:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-03 22:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-03 23:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-01 06:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-06 00:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-04 01:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-02 02:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-02 03:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-05 04:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-01 07:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-01 08:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-01 09:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-01 10:00:02 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-01 11:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-01 12:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\0s7r704C.exe
"2008-03-01 13:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\0s7r704C.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 19:23:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************
.
Completion time: 2008-03-05 19:25:29
ComboFix-quarantined-files.txt 2008-03-06 00:25:17
ComboFix2.txt 2008-03-06 00:14:26
ComboFix3.txt 2008-03-05 23:59:21
ComboFix4.txt 2008-03-05 23:43:58


================ HiJackThis Log======================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04, on 2008-03-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pavilion.buttonredirect.hp.com/2.0/...tp://www.hp.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204332471968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1204331295359
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.divshare.com/scripts/uploader/ImageUploader4.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5002 bytes



Thank you for any help you can give
sher

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,614 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:10 PM

Posted 24 March 2008 - 02:03 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users