Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log Analysis Please Help


  • This topic is locked This topic is locked
2 replies to this topic

#1 SHANE69

SHANE69

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 14 July 2008 - 01:01 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:11 AM, on 14/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program

Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} -

c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program

Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} -

C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage

Manager\iaanotif.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program

Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program

Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows

Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-

Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05

\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261

\SiteAdv.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe

/runkey
O4 - HKLM\..\Run: [dmgnq.exe] C:\Windows\system32\dmgnq.exe
O4 - HKCU\..\Run: [dmkls.tmp] C:\Windows\system32\dmkls.tmp
O4 - HKCU\..\Run: [dmsxu.tmp] C:\Windows\system32\dmsxu.tmp
O4 - HKCU\..\Run: [dmipb.tmp] C:\Windows\system32\dmipb.tmp
O4 - HKCU\..\Run: [dmcop.tmp] C:\Windows\system32\dmcop.tmp
O4 - HKCU\..\Run: [dmldx.tmp] C:\Windows\system32\dmldx.tmp
O4 - HKCU\..\Run: [dmhhk.tmp] C:\Windows\system32\dmhhk.tmp
O4 - HKCU\..\Run: [dmmod.tmp] C:\Windows\system32\dmmod.tmp
O4 - HKCU\..\Run: [dmhdg.tmp] C:\Windows\system32\dmhdg.tmp
O4 - HKCU\..\Run: [dmzhf.tmp] C:\Windows\system32\dmzhf.tmp
O4 - HKCU\..\Run: [dmlne.tmp] C:\Windows\system32\dmlne.tmp
O4 - HKCU\..\Run: [dmlvt.tmp] C:\Windows\system32\dmlvt.tmp
O4 - HKCU\..\Run: [dmcwx.tmp] C:\Windows\system32\dmcwx.tmp
O4 - HKCU\..\Run: [dmmdu.tmp] C:\Windows\system32\dmmdu.tmp
O4 - HKCU\..\Run: [dmrzm.tmp] C:\Windows\system32\dmrzm.tmp
O4 - HKCU\..\Run: [dmlon.tmp] C:\Windows\system32\dmlon.tmp
O4 - HKCU\..\Run: [dmxpz.tmp] C:\Windows\system32\dmxpz.tmp
O4 - HKCU\..\Run: [dmbpx.tmp] C:\Windows\system32\dmbpx.tmp
O4 - HKCU\..\Run: [dmspd.tmp] C:\Windows\system32\dmspd.tmp
O4 - HKCU\..\Run: [dmmyn.tmp] C:\Windows\system32\dmmyn.tmp
O4 - HKCU\..\Run: [dmcky.tmp] C:\Windows\system32\dmcky.tmp
O4 - HKCU\..\Run: [dmtwm.tmp] C:\Windows\system32\dmtwm.tmp
O4 - HKCU\..\Run: [dmzjz.tmp] C:\Windows\system32\dmzjz.tmp
O4 - HKCU\..\Run: [dmtbu.tmp] C:\Windows\system32\dmtbu.tmp
O4 - HKCU\..\Run: [dmkne.tmp] C:\Windows\system32\dmkne.tmp
O4 - HKCU\..\Run: [dmjef.tmp] C:\Windows\system32\dmjef.tmp
O4 - HKCU\..\Run: [dmylo.tmp] C:\Windows\system32\dmylo.tmp
O4 - HKCU\..\Run: [dmama.tmp] C:\Windows\system32\dmama.tmp
O4 - HKCU\..\Run: [dmuot.tmp] C:\Windows\system32\dmuot.tmp
O4 - HKCU\..\Run: [dmvzw.tmp] C:\Windows\system32\dmvzw.tmp
O4 - HKCU\..\Run: [dmiwy.tmp] C:\Windows\system32\dmiwy.tmp
O4 - HKCU\..\Run: [dmrax.tmp] C:\Windows\system32\dmrax.tmp
O4 - HKCU\..\Run: [dmuqn.tmp] C:\Windows\system32\dmuqn.tmp
O4 - HKCU\..\Run: [dmnks.tmp] C:\Windows\system32\dmnks.tmp
O4 - HKCU\..\Run: [dmndn.tmp] C:\Windows\system32\dmndn.tmp
O4 - HKCU\..\Run: [dmzzu.tmp] C:\Windows\system32\dmzzu.tmp
O4 - HKCU\..\Run: [dmxqx.tmp] C:\Windows\system32\dmxqx.tmp
O4 - HKCU\..\Run: [dmeno.tmp] C:\Windows\system32\dmeno.tmp
O4 - HKCU\..\Run: [dmrxq.tmp] C:\Windows\system32\dmrxq.tmp
O4 - HKCU\..\Run: [dmfeo.tmp] C:\Windows\system32\dmfeo.tmp
O4 - HKCU\..\Run: [dmtod.tmp] C:\Windows\system32\dmtod.tmp
O4 - HKCU\..\Run: [dmyls.tmp] C:\Windows\system32\dmyls.tmp
O4 - HKCU\..\Run: [dmwyi.tmp] C:\Windows\system32\dmwyi.tmp
O4 - HKCU\..\Run: [dmnlm.tmp] C:\Windows\system32\dmnlm.tmp
O4 - HKCU\..\Run: [dmxwy.tmp] C:\Windows\system32\dmxwy.tmp
O4 - HKCU\..\Run: [dmozh.tmp] C:\Windows\system32\dmozh.tmp
O4 - HKCU\..\Run: [dmmix.tmp] C:\Windows\system32\dmmix.tmp
O4 - HKCU\..\Run: [dmtgy.tmp] C:\Windows\system32\dmtgy.tmp
O4 - HKCU\..\Run: [dmiji.tmp] C:\Windows\system32\dmiji.tmp
O4 - HKCU\..\Run: [dmjfz.tmp] C:\Windows\system32\dmjfz.tmp
O4 - HKCU\..\Run: [dmlvk.tmp] C:\Windows\system32\dmlvk.tmp
O4 - HKCU\..\Run: [dmxob.tmp] C:\Windows\system32\dmxob.tmp
O4 - HKCU\..\Run: [dmeck.tmp] C:\Windows\system32\dmeck.tmp
O4 - HKCU\..\Run: [dmnap.tmp] C:\Windows\system32\dmnap.tmp
O4 - HKCU\..\Run: [dmtxk.tmp] C:\Windows\system32\dmtxk.tmp
O4 - HKCU\..\Run: [dmpyy.tmp] C:\Windows\system32\dmpyy.tmp
O4 - HKCU\..\Run: [dmgqg.tmp] C:\Windows\system32\dmgqg.tmp
O4 - HKCU\..\Run: [dmmhz.tmp] C:\Windows\system32\dmmhz.tmp
O4 - HKCU\..\Run: [dmwzv.tmp] C:\Windows\system32\dmwzv.tmp
O4 - HKCU\..\Run: [dmfzf.tmp] C:\Windows\system32\dmfzf.tmp
O4 - HKCU\..\Run: [dmsvk.tmp] C:\Windows\system32\dmsvk.tmp
O4 - HKCU\..\Run: [dmppq.tmp] C:\Windows\system32\dmppq.tmp
O4 - HKCU\..\Run: [dmsux.tmp] C:\Windows\system32\dmsux.tmp
O4 - HKCU\..\Run: [dmwax.tmp] C:\Windows\system32\dmwax.tmp
O4 - HKCU\..\Run: [dmuwg.tmp] C:\Windows\system32\dmuwg.tmp
O4 - HKCU\..\Run: [dmaek.tmp] C:\Windows\system32\dmaek.tmp
O4 - HKCU\..\Run: [dmhxd.tmp] C:\Windows\system32\dmhxd.tmp
O4 - HKCU\..\Run: [dmghm.tmp] C:\Windows\system32\dmghm.tmp
O4 - HKCU\..\Run: [dmehn.tmp] C:\Windows\system32\dmehn.tmp
O4 - HKCU\..\Run: [dmsll.tmp] C:\Windows\system32\dmsll.tmp
O4 - HKCU\..\Run: [dmhew.tmp] C:\Windows\system32\dmhew.tmp
O4 - HKCU\..\Run: [dmbnj.tmp] C:\Windows\system32\dmbnj.tmp
O4 - HKCU\..\Run: [dmmdk.tmp] C:\Windows\system32\dmmdk.tmp
O4 - HKCU\..\Run: [dmxro.tmp] C:\Windows\system32\dmxro.tmp
O4 - HKCU\..\Run: [dmluj.tmp] C:\Windows\system32\dmluj.tmp
O4 - HKCU\..\Run: [dmhjr.tmp] C:\Windows\system32\dmhjr.tmp
O4 - HKCU\..\Run: [dmdlk.tmp] C:\Windows\system32\dmdlk.tmp
O4 - HKCU\..\Run: [dmdsr.tmp] C:\Windows\system32\dmdsr.tmp
O4 - HKCU\..\Run: [dmljp.tmp] C:\Windows\system32\dmljp.tmp
O4 - HKCU\..\Run: [dmyyv.tmp] C:\Windows\system32\dmyyv.tmp
O4 - HKCU\..\Run: [dmtap.tmp] C:\Windows\system32\dmtap.tmp
O4 - HKCU\..\Run: [dmldh.tmp] C:\Windows\system32\dmldh.tmp
O4 - HKCU\..\Run: [dmytd.tmp] C:\Windows\system32\dmytd.tmp
O4 - HKCU\..\Run: [dmzjl.tmp] C:\Windows\system32\dmzjl.tmp
O4 - HKCU\..\Run: [dmukb.tmp] C:\Windows\system32\dmukb.tmp
O4 - HKCU\..\Run: [dmufu.tmp] C:\Windows\system32\dmufu.tmp
O4 - HKCU\..\Run: [dmnde.tmp] C:\Windows\system32\dmnde.tmp
O4 - HKCU\..\Run: [dmmqv.tmp] C:\Windows\system32\dmmqv.tmp
O4 - HKCU\..\Run: [dmdpe.tmp] C:\Windows\system32\dmdpe.tmp
O4 - HKCU\..\Run: [dmbpw.tmp] C:\Windows\system32\dmbpw.tmp
O4 - HKCU\..\Run: [dmeba.tmp] C:\Windows\system32\dmeba.tmp
O4 - HKCU\..\Run: [dmqnp.tmp] C:\Windows\system32\dmqnp.tmp
O4 - HKCU\..\Run: [dmefm.tmp] C:\Windows\system32\dmefm.tmp
O4 - HKCU\..\Run: [dmqry.tmp] C:\Windows\system32\dmqry.tmp
O4 - HKCU\..\Run: [dmmaf.tmp] C:\Windows\system32\dmmaf.tmp
O4 - HKCU\..\Run: [dmjfj.tmp] C:\Windows\system32\dmjfj.tmp
O4 - HKCU\..\Run: [dmqpw.tmp] C:\Windows\system32\dmqpw.tmp
O4 - HKCU\..\Run: [dmniy.tmp] C:\Windows\system32\dmniy.tmp
O4 - HKCU\..\Run: [dmrvj.tmp] C:\Windows\system32\dmrvj.tmp
O4 - HKCU\..\Run: [dmjts.tmp] C:\Windows\system32\dmjts.tmp
O4 - HKCU\..\Run: [dmlqy.tmp] C:\Windows\system32\dmlqy.tmp
O4 - HKCU\..\Run: [dmpcd.tmp] C:\Windows\system32\dmpcd.tmp
O4 - HKCU\..\Run: [dmsuo.tmp] C:\Windows\system32\dmsuo.tmp
O4 - HKCU\..\Run: [dmgmy.tmp] C:\Windows\system32\dmgmy.tmp
O4 - HKCU\..\Run: [dmztc.tmp] C:\Windows\system32\dmztc.tmp
O4 - HKCU\..\Run: [dmrmh.tmp] C:\Windows\system32\dmrmh.tmp
O4 - HKCU\..\Run: [dmzfh.tmp] C:\Windows\system32\dmzfh.tmp
O4 - HKCU\..\Run: [dmygm.tmp] C:\Windows\system32\dmygm.tmp
O4 - HKCU\..\Run: [dmwhw.tmp] C:\Windows\system32\dmwhw.tmp
O4 - HKCU\..\Run: [dmzli.tmp] C:\Windows\system32\dmzli.tmp
O4 - HKCU\..\Run: [dmaef.tmp] C:\Windows\system32\dmaef.tmp
O4 - HKCU\..\Run: [dmudy.tmp] C:\Windows\system32\dmudy.tmp
O4 - HKCU\..\Run: [dmdfx.tmp] C:\Windows\system32\dmdfx.tmp
O4 - HKCU\..\Run: [dmuvz.tmp] C:\Windows\system32\dmuvz.tmp
O4 - HKCU\..\Run: [dmqge.tmp] C:\Windows\system32\dmqge.tmp
O4 - HKCU\..\Run: [dmyqy.tmp] C:\Windows\system32\dmyqy.tmp
O4 - HKCU\..\Run: [dmhrt.tmp] C:\Windows\system32\dmhrt.tmp
O4 - HKCU\..\Run: [dmgur.tmp] C:\Windows\system32\dmgur.tmp
O4 - HKCU\..\Run: [dmlyq.tmp] C:\Windows\system32\dmlyq.tmp
O4 - HKCU\..\Run: [dmipp.tmp] C:\Windows\system32\dmipp.tmp
O4 - HKCU\..\Run: [dmmcf.tmp] C:\Windows\system32\dmmcf.tmp
O4 - HKCU\..\Run: [dmegl.tmp] C:\Windows\system32\dmegl.tmp
O4 - HKCU\..\Run: [dmbkw.tmp] C:\Windows\system32\dmbkw.tmp
O4 - HKCU\..\Run: [dmjii.tmp] C:\Windows\system32\dmjii.tmp
O4 - HKCU\..\Run: [dmxmv.tmp] C:\Windows\system32\dmxmv.tmp
O4 - HKCU\..\Run: [dmupd.tmp] C:\Windows\system32\dmupd.tmp
O4 - HKCU\..\Run: [dmfyw.tmp] C:\Windows\system32\dmfyw.tmp
O4 - HKCU\..\Run: [dmwrg.tmp] C:\Windows\system32\dmwrg.tmp
O4 - HKCU\..\Run: [dmsat.tmp] C:\Windows\system32\dmsat.tmp
O4 - HKCU\..\Run: [dmywu.tmp] C:\Windows\system32\dmywu.tmp
O4 - HKCU\..\Run: [dmgkq.tmp] C:\Windows\system32\dmgkq.tmp
O4 - HKCU\..\Run: [dmudm.tmp] C:\Windows\system32\dmudm.tmp
O4 - HKCU\..\Run: [dmagg.tmp] C:\Windows\system32\dmagg.tmp
O4 - HKCU\..\Run: [dmrze.tmp] C:\Windows\system32\dmrze.tmp
O4 - HKCU\..\Run: [dmucf.tmp] C:\Windows\system32\dmucf.tmp
O4 - HKCU\..\Run: [dmxwf.tmp] C:\Windows\system32\dmxwf.tmp
O4 - HKCU\..\Run: [dmclb.tmp] C:\Windows\system32\dmclb.tmp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote Table Of Contents.onetoc2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F}

- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-

5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5)

- http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{169B1521-D624-43C1-BC3D-

840A07B4D37F}: NameServer = 85.255.115.61,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{77E68A76-E457-44ED-A82B-

996CAFDD28D2}: NameServer = 85.255.115.61,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\..\{E882C94E-FCDE-4BA2-AC7F-

957A0B692E6B}: NameServer = 85.255.115.61,85.255.112.115
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.61

85.255.112.115
O17 - HKLM\System\CS1\Services\Tcpip\..\{169B1521-D624-43C1-BC3D-

840A07B4D37F}: NameServer = 85.255.115.61,85.255.112.115
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.61

85.255.112.115
O17 - HKLM\System\CS2\Services\Tcpip\..\{169B1521-D624-43C1-BC3D-

840A07B4D37F}: NameServer = 85.255.115.61,85.255.112.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.61

85.255.112.115
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona,

Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program

Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32

\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1

\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program

files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1

\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. -

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1

\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. -

C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program

Files\SiteAdvisor\6261\SAService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32

\DRIVERS\xaudio.exe

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:42 AM

Posted 04 August 2008 - 11:07 AM

Hi SHANE69

I apologize for the delay in response to your thread.
If you have since resolved the original problem you were having, I would appreciate you letting us know..
If not please post back a new Hjt log so I can have a look at the current condition of your machine.

Note: When opening up 'Notepad' please make sure that 'word wrap' is not ticked.(it's under the 'Format' button)
It makes the log hard to read.

Thanks

BBPP6nz.png


#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:42 AM

Posted 10 August 2008 - 11:02 AM

Due to the lack of feedback, this Topic will now be closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users