Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

X-raypc Log Help? (don't Know About Infections)


  • This topic is locked This topic is locked
3 replies to this topic

#1 nyyanks

nyyanks

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 03 March 2007 - 10:48 PM

Can someone help me and tell me what I need to remove?
Just need some advice

Logfile of X-RayPc Build 39029 (Installed 1172959145)
Scan saved at 3/3/2007 10:24:46 PM

Registry Settings:
IE Start Page (User) : http://www.yahoo.com/
IE Start Page (Global) : http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE Blank Page : C:\WINDOWS\System32\blank.htm
IE Default Page : http://www.hp.com/notebooks/pavilion/e-center
IE Search Page (User) : http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE Search Page (Global) : http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE Default Search : http://www.hp.com/notebooks/pavilion/e-center
HOSTS Directory : %SystemRoot%\System32\drivers\etc

C:\WINDOWS\system32\services.exe (108032 c6ce6eec82f187615d1002bb3bb50ed4)
C:\WINDOWS\system32\lsass.exe (13312 84885f9b82f4d55c6146ebf6065d75d2)
C:\WINDOWS\system32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
C:\WINDOWS\system32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
C:\Program Files\Windows Defender\MsMpEng.exe (13592 f45dd1e1365d857dd08bc23563370d0e)
C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
C:\WINDOWS\system32\spoolsv.exe (57856 da81ec57acd4cdc3d4c51cf3d409af9f)
C:\WINDOWS\System32\HPConfig.exe (159744 3f04de20d8f571c4452a5eb97bcaed21)
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (554600 e54fc0a7aaa256e2f4265d903b432b6c)
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (178264 28c04874d604493b61a48247ccb73cea)
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (681560 ddf6267a281d4e409fdcc7e958a43b8a)
c:\program files\common files\mcafee\mna\mcnasvc.exe (2213416 c13cff6d4c85b07e2b6abe00688661c5)
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (362064 e4aa4c3e50b4b98ed500dc390cbdbcb7)
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (485464 e11e6c66fe8c6f700be499c1b2667541)
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (349784 85f4f3e20d5f1674ad3111532a3dc658)
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (239200 5a1944095a2ad15902aa1f6ab3d74277)
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (144960 54ea9bc26db308bb026117d8425c534e)
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (625232 a02b837b4b3edbbd295065a41d93214f)
C:\WINDOWS\Explorer.EXE (1032192 a0732187050030ae399b241436565e64)
C:\PROGRA~1\McAfee\MSC\mctskshd.exe (189528 d083d36032dbff74b62d75854f7c8d9e)
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (321112 6ffee67152e452cc2c31f3b554ab87ce)
c:\PROGRA~1\mcafee.com\agent\mcagent.exe (566872 053f44f6e7c12352a1157d04ad56b074)
C:\Program Files\McAfee\MPF\MPFSrv.exe (833064 14b2dc930de91f9a497d854dd4daacfc)
C:\PROGRA~1\McAfee\MPS\mps.exe (894504 e7d1fca72eaae891b77dd7603531937d)
C:\WINDOWS\system32\RadioSvr.exe (122880 9561a9e3b559a40f75067e8a00135037)
C:\Program Files\Spyware Doctor\sdhelp.exe (895088 d8ca03be0f6dc8c8d71009795028006a)
C:\Program Files\eHome\Wireless G EH103\SiSWLSvc.exe (53248 f84a0e5462811ea91452b80f3a9d4026)
C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
C:\Program Files\McAfee\MPS\mpsevh.exe (304680 9ea1347d35f1cc8efda21fd93f2ed176)
C:\WINDOWS\System32\UAService7.exe (126976 0edfe36e05a62888eff6d97ae494b2a5)
C:\WINDOWS\system32\wwSecure.exe (486400 fbae8c008749f6d5dc15d513f60ba75f)
C:\WINDOWS\essspk.exe (49152 5d97d4aacd14deced2aac106d618c9e3)
C:\WINDOWS\system32\S3tray2.exe (69632 64c4ddf45d94b102def26bac4ac774e2)
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe (49152 5e97c1434f90515a5b58fd4e2e50849d)
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (94208 197625972dfe3b884bfd9cc9808f29cd)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (352256 ff0d16eb064709887912cd35b2dd1bb9)
C:\PROGRA~1\HPONE-~1\OneTouch.EXE (77824 937680857da433f3756559558916c56b)
C:\windows\system\hpsysdrv.exe (52736 06a1ecb63df139ec639e084d4ab3c9d7)
C:\Program Files\Windows Defender\MSASCui.exe (866584 77c03bf23ae56b0a31ae4d5bb4b3d0ac)
C:\Program Files\Webroot\Washer\wwDisp.exe (1109504 a4858b9a2b0d8bccd8073091cfe2d3a0)
C:\Program Files\Spyware Doctor\swdoctor.exe (2115728 1207f9803342bc2d4cafa9334561db85)
C:\WINDOWS\System32\alg.exe (44544 f1958fbf86d5c004cf19a5951a9514b7)
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe (622592 f9f1ad2ca91738d17dc1626f3d0677f7)
C:\Program Files\eHome\Wireless G EH103\wirelesscm.exe (10260480 6994570b3f1dd0295c604b2d6e9fb43f)
C:\Program Files\SpywareGuard\sgmain.exe (360448 61c028aba5e49573a6332f4a7c744e87)
C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe (1630208 0c4c8a0d7386b589405e731ecacf42e7)
C:\Program Files\SpywareGuard\sgbhp.exe (233472 a80d0704537c0ef97db2bef24b99af1a)
C:\Program Files\Mozilla Firefox\firefox.exe (7633008 e616465ee8c3adf883a71aee2f1d31f7)
C:\Documents and Settings\Con Ron\Desktop\IE7-WindowsXP-x86-enu.exe (15505200 000e130a93f5d9edf1420600b3f7caa3)
c:\0e9ca4f96588fd5e5076c9a3420f1c\update\iesetup.exe (1162864 725e11395335acea12875d11af71139f)
C:\WINDOWS\system32\mmc.exe (815104 808a9c735682fa8f23747f7e3e765c3b)
C:\WINDOWS\system32\DfrgNtfs.exe (104960 ad13e23a2ccdf46c0eb354e5867eae72)
C:\WINDOWS\system32\wuauclt.exe (124184 ebf1ab7e4fc05cabf2f4680d2a45f827)
C:\WINDOWS\system32\wuauclt.exe (124184 ebf1ab7e4fc05cabf2f4680d2a45f827)
c:\0e9ca4f96588fd5e5076c9a3420f1c\update\nlsdl.exe (498016 66fe9e3af3a7396f42a250f0a6c8faeb)
c:\5a7bbb28835c3ec5a557f0\update\update.exe (716000 0b630c8656b1ea82c82b929d51fa351b)
C:\Documents and Settings\Con Ron\Desktop\X-raypc\x-raypc.exe (348928 df5ba440e4384adcd1a0bf653da84387)

Service: ALG C:\WINDOWS\System32\alg.exe (44544 f1958fbf86d5c004cf19a5951a9514b7)
Service: AudioSrv C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: BITS C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: Browser C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: CryptSvc C:\WINDOWS\system32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: DcomLaunch C:\WINDOWS\system32\svchost -k DcomLaunch
Service: Dhcp C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: Dnscache C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: ERSvc C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: Eventlog C:\WINDOWS\system32\services.exe (108032 c6ce6eec82f187615d1002bb3bb50ed4)
Service: EventSystem C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: FastUserSwitchingCompatibility C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: helpsvc C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: HPConfig C:\WINDOWS\System32\HPConfig.exe (159744 3f04de20d8f571c4452a5eb97bcaed21)
Service: HTTPFilter C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: Irmon C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: lanmanserver C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: lanmanworkstation C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: LmHosts C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: McAfee HackerWatch Service C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (554600 e54fc0a7aaa256e2f4265d903b432b6c)
Service: McLogManagerService C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (178264 28c04874d604493b61a48247ccb73cea)
Service: mcmispupdmgr C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (681560 ddf6267a281d4e409fdcc7e958a43b8a)
Service: McNASvc c:\program files\common files\mcafee\mna\mcnasvc.exe (2213416 c13cff6d4c85b07e2b6abe00688661c5)
Service: McODS C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (362064 e4aa4c3e50b4b98ed500dc390cbdbcb7)
Service: mcpromgr C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (485464 e11e6c66fe8c6f700be499c1b2667541)
Service: McProxy c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (349784 85f4f3e20d5f1674ad3111532a3dc658)
Service: McRedirector c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (239200 5a1944095a2ad15902aa1f6ab3d74277)
Service: McShield C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (144960 54ea9bc26db308bb026117d8425c534e)
Service: McSysmon C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (625232 a02b837b4b3edbbd295065a41d93214f)
Service: mctskshd.exe C:\PROGRA~1\McAfee\MSC\mctskshd.exe (189528 d083d36032dbff74b62d75854f7c8d9e)
Service: mcusrmgr C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (321112 6ffee67152e452cc2c31f3b554ab87ce)
Service: MpfService C:\Program Files\McAfee\MPF\MPFSrv.exe (833064 14b2dc930de91f9a497d854dd4daacfc)
Service: MPS9 C:\PROGRA~1\McAfee\MPS\mps.exe (894504 e7d1fca72eaae891b77dd7603531937d)
Service: Netman C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: Nla C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: PlugPlay C:\WINDOWS\system32\services.exe (108032 c6ce6eec82f187615d1002bb3bb50ed4)
Service: PolicyAgent C:\WINDOWS\System32\lsass.exe (13312 84885f9b82f4d55c6146ebf6065d75d2)
Service: ProtectedStorage C:\WINDOWS\system32\lsass.exe (13312 84885f9b82f4d55c6146ebf6065d75d2)
Service: RadioSvr C:\WINDOWS\system32\RadioSvr.exe (122880 9561a9e3b559a40f75067e8a00135037)
Service: RasMan C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: RpcSs C:\WINDOWS\system32\svchost -k rpcss
Service: SamSs C:\WINDOWS\system32\lsass.exe (13312 84885f9b82f4d55c6146ebf6065d75d2)
Service: Schedule C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: SDhelper C:\Program Files\Spyware Doctor\sdhelp.exe (895088 d8ca03be0f6dc8c8d71009795028006a)
Service: seclogon C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: SENS C:\WINDOWS\system32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: SharedAccess C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: ShellHWDetection C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: SiSWLSvc C:\Program Files\eHome\Wireless G EH103\SiSWLSvc.exe (53248 f84a0e5462811ea91452b80f3a9d4026)
Service: Spooler C:\WINDOWS\system32\spoolsv.exe (57856 da81ec57acd4cdc3d4c51cf3d409af9f)
Service: srservice C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: SSDPSRV C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: stisvc C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: TapiSrv C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: TermService C:\WINDOWS\System32\svchost -k DComLaunch
Service: Themes C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: TrkWks C:\WINDOWS\system32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: UserAccess7 C:\WINDOWS\System32\UAService7.exe (126976 0edfe36e05a62888eff6d97ae494b2a5)
Service: W32Time C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: WebClient C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: WinDefend C:\Program Files\Windows Defender\MsMpEng.exe (13592 f45dd1e1365d857dd08bc23563370d0e)
Service: winmgmt C:\WINDOWS\system32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: wscsvc C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: wuauserv C:\WINDOWS\system32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)
Service: wwSecSvc C:\WINDOWS\system32\wwSecure.exe (486400 fbae8c008749f6d5dc15d513f60ba75f)
Service: WZCSVC C:\WINDOWS\System32\svchost.exe (14336 8f078ae4ed187aaabc0a305146de6716)

O2 - BHO: (Yahoo! Toolbar Helper) - {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (399424 8cf01bffb40c1cd6951e5c0a4f0b90a0)
O2 - BHO: (AcroIEHlprObj Class) - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (37808 8394abfc1be196a62c9f532511936df7)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4a368e80-174f-4872-96b5-0b27ddd11db2} - C:\Program Files\SpywareGuard\dlprotect.dll (192512 964621e8b2415feaa99026ed4f29d198)
O2 - BHO: (no name) - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (853672 250d787a5712d7768ddc133b3e477759)
O2 - BHO: (PCTools Site Guard) - {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (825528 52fb9fa5db98d3bea1119c5f535a583a)
O2 - BHO: (&Google Web Accelerator Helper) - {69a87b7d-de56-4136-9655-716ba50c19c7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (237568 a93146660057a466e6aa4c9db87d9934)
O2 - BHO: (scriptproxy) - {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptcl.dll (67136 ad5b26c086b0a6dbd221135ba201cc0f)
O2 - BHO: (PCTools Browser Monitor) - {b56a7d7d-6927-48c8-a975-17df180c71ac} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (850104 788bd4fbdc3d24b3d18b582d32ef00ea)
O2 - BHO: (MoneySide.BrowserHelperObject) - {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (143420 25303746c4b0562d0c152dd414759c62)

O3 - Toolbar: Google Web Accelerator {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (237568 a93146660057a466e6aa4c9db87d9934)
O3 - Toolbar: &Yahoo! Toolbar {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (399424 8cf01bffb40c1cd6951e5c0a4f0b90a0)

O4 - HKLM\..\Run: [EssSpkPhone] C:\WINDOWS\essspk.exe (49152 5d97d4aacd14deced2aac106d618c9e3)
O4 - HKLM\..\Run: [S3TRAY2] C:\WINDOWS\system32\S3tray2.exe (69632 64c4ddf45d94b102def26bac4ac774e2)
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe (49152 5e97c1434f90515a5b58fd4e2e50849d)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (94208 197625972dfe3b884bfd9cc9808f29cd)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (352256 ff0d16eb064709887912cd35b2dd1bb9)
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE (77824 937680857da433f3756559558916c56b)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (52736 06a1ecb63df139ec639e084d4ab3c9d7)
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe (73728 85c2fd83bd4fada3b4e36de5444975d8)
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (866584 77c03bf23ae56b0a31ae4d5bb4b3d0ac)
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (1109504 a4858b9a2b0d8bccd8073091cfe2d3a0)
O4 - HKCU\..\Run: [Spyware Doctor] C:\Program Files\Spyware Doctor\swdoctor.exe (2115728 1207f9803342bc2d4cafa9334561db85)
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe (51200 8b7c1aadb89a3d931a4a801f7d6abf77)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [PostBootReminder] C:\WINDOWS\system32\SHELL32.dll (8453632 abfcbda41d2bd08baa1b0b2db558df03)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [CDBurn] C:\WINDOWS\system32\SHELL32.dll (8453632 abfcbda41d2bd08baa1b0b2db558df03)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [WebCheck] C:\WINDOWS\System32\webcheck.dll (276480 6501db5182d5a8c0f1f1707286161d66)
O4 - HKLM\..\ShellServiceObjectDelayLoad: [SysTray] C:\WINDOWS\System32\stobject.dll (121856 297101a925ecffdcdf7f6341ffbb6c1a)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (225280 0cbe3e4166a08fc379eabf532b4efe18)

O16 - DPF: (Microsoft XML Parser for Java)- file://C:\WINDOWS\Java\classes\xmldso.cab - C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd (1162 0f7667aa2dfebb40816a75bfa972166d)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)- http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab - C:\WINDOWS\Downloaded Program Files\yinst.inf (853 5e8446c990dc7e7d6fa4de6e9cbb2de0)
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class)- http://update.microsoft.com/microsoftupdat...b?1172547050742 - C:\WINDOWS\Downloaded Program Files\muweb.inf (293 49661eea139a8e565c102894374f4fa7)
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object)- http://download.macromedia.com/pub/shockwa...ash/swflash.cab - C:\WINDOWS\Downloaded Program Files\swflash.inf (5032 b0573f6f5a02e745d4e4183a1ab5757b)

020 - HKLM\..\Notify: [crypt32chain] C:\WINDOWS\system32\crypt32.dll (597504 efc958396a7a7ef7e6d4a52b97512e18)
020 - HKLM\..\Notify: [cryptnet] C:\WINDOWS\system32\cryptnet.dll (63488 cad4aa32e7eca00c23cc39c0eb833f9d)
020 - HKLM\..\Notify: [cscdll] C:\WINDOWS\system32\cscdll.dll (101888 587729679b4fe04ce06a5c61d6c56dcd)
020 - HKLM\..\Notify: [ScCertProp] C:\WINDOWS\system32\wlnotify.dll (92672 a599e5e366c1408e48aa5d37882d4e3e)
020 - HKLM\..\Notify: [Schedule] C:\WINDOWS\system32\wlnotify.dll (92672 a599e5e366c1408e48aa5d37882d4e3e)
020 - HKLM\..\Notify: [sclgntfy] C:\WINDOWS\system32\sclgntfy.dll (20992 d636fa41e50671160d838ea2dace3330)
020 - HKLM\..\Notify: [SensLogn] C:\WINDOWS\system32\WlNotify.dll (92672 a599e5e366c1408e48aa5d37882d4e3e)
020 - HKLM\..\Notify: [termsrv] C:\WINDOWS\system32\wlnotify.dll (92672 a599e5e366c1408e48aa5d37882d4e3e)
020 - HKLM\..\Notify: [wlballoon] C:\WINDOWS\system32\wlnotify.dll (92672 a599e5e366c1408e48aa5d37882d4e3e)
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
Albert Einstein
US (German-born) physicist (1879 - 1955)

I support this theory and all others from Einstein (even his theory on a static universe)
Not really!

BC AdBot (Login to Remove)

 


#2 nyyanks

nyyanks
  • Topic Starter

  • Members
  • 131 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 03 March 2007 - 10:55 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:50:48 PM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\eHome\Wireless G EH103\SiSWLSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\essspk.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\eHome\Wireless G EH103\wirelesscm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Con Ron\Desktop\IE7-WindowsXP-x86-enu.exe
c:\0e9ca4f96588fd5e5076c9a3420f1c\update\iesetup.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Con Ron\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: &Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Con Ron"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/e-center
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172547050742
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\eHome\Wireless G EH103\SiSWLSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

Thanks
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
Albert Einstein
US (German-born) physicist (1879 - 1955)

I support this theory and all others from Einstein (even his theory on a static universe)
Not really!

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:28 PM

Posted 14 March 2007 - 11:57 AM

Hi,

Can someone help me and tell me what I need to remove?

I can't see anything that you have to remove.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:28 PM

Posted 25 March 2007 - 01:38 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users