Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
TG
new user


Reg'd: Wed
Posts: 7
Re: Malware Problem? iexplore.exe keeps loading
      Mon Mar 17 2008 07:58 PM
Reply to this post Reply   Reply to this post Quote  

ComboFix 08-03-13.2 - rn 2008-03-17 19:07:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.668 [GMT 0:00]
Running from: C:\Documents and Settings\rn\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\rn\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\antiviirus.exe
C:\Program Files\tmp1068045.exe
C:\Program Files\tmp1074985.exe
C:\Program Files\tmp112251.exe
C:\Program Files\tmp117398.exe
C:\Program Files\tmp242678.exe
C:\Program Files\tmp248066.exe
C:\Program Files\tmp3233799.exe
C:\Program Files\tmp3239327.exe
C:\Program Files\tmp56090.exe
C:\Program Files\tmp62950.exe
C:\Program Files\tmp73275.exe
C:\Program Files\tmp78793.exe
C:\Program Files\tmp86454.exe
C:\Program Files\tmp92012.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\tmp1068045.exe
C:\Program Files\tmp1074985.exe
C:\Program Files\tmp112251.exe
C:\Program Files\tmp117398.exe
C:\Program Files\tmp242678.exe
C:\Program Files\tmp248066.exe
C:\Program Files\tmp3233799.exe
C:\Program Files\tmp3239327.exe
C:\Program Files\tmp56090.exe
C:\Program Files\tmp62950.exe
C:\Program Files\tmp73275.exe
C:\Program Files\tmp78793.exe
C:\Program Files\tmp86454.exe
C:\Program Files\tmp92012.exe

----- BITS: Possible infected sites -----

hxxp://assist.talktalk.net
.
((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

2008-03-13 20:04 . 2008-03-13 20:05 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-13 20:04 . 2008-03-13 20:42 <DIR> d-------- C:\SDFix
2008-03-11 19:06 . 2008-03-11 19:06 <DIR> d-------- C:\Documents and Settings\sh\Application Data\Grisoft
2008-03-11 12:39 . 2008-03-11 19:36 <DIR> d-------- C:\Program Files\a-squared Free
2008-03-11 12:38 . 2008-03-11 12:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-11 12:38 . 2008-03-11 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-10 20:33 . 2008-03-10 20:33 <DIR> d-------- C:\Documents and Settings\rn\Application Data\Grisoft
2008-03-10 20:32 . 2008-03-10 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-10 20:32 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-09 22:04 . 2008-03-09 22:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-09 22:04 . 2008-03-09 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-02 14:52 . 2008-03-02 14:53 <DIR> d-------- C:\Documents and Settings\rn\Application Data\uTorrent
2008-02-29 18:56 . 2008-02-29 18:56 <DIR> d-------- C:\Program Files\uTorrent
2008-02-29 18:56 . 2008-03-02 15:04 <DIR> d-------- C:\Documents and Settings\sh\Application Data\uTorrent
2008-02-17 02:10 . 2008-02-17 02:10 1,877,057 --a------ C:\TEMP\MyFontsOrder1011967.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 07:20 --------- d-----w C:\Documents and Settings\rn\Application Data\AdobeUM
2008-03-16 22:35 8,224 ----a-w C:\Documents and Settings\rn\Application Data\GDIPFONTCACHEV1.DAT
2008-03-15 18:51 --------- d-----w C:\Documents and Settings\rn\Application Data\FileZilla
2008-03-14 18:57 --------- d-----w C:\Documents and Settings\sh\Application Data\Skype
2008-03-09 22:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-16 17:43 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-02-16 17:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-16 17:38 --------- d-----w C:\Program Files\Bonjour
2008-02-16 17:12 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-03 16:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-29 18:17 19,300 ----a-w C:\9780955569821.zip
2008-01-28 20:35 --------- d-----w C:\Program Files\Microsoft Works
2008-01-28 20:32 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-20 18:48 --------- d-----w C:\Program Files\TalkTalk
2008-01-20 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-03-25 18:19 83,392 ----a-w C:\Documents and Settings\sh\Application Data\GDIPFONTCACHEV1.DAT
2007-01-15 15:34 678,682 ----a-w C:\Documents and Settings\rn\Application Data\unins000.exe
2007-01-15 15:34 19,127 ----a-w C:\Documents and Settings\rn\Application Data\unins000.dat
2005-05-25 06:42 266 ---h--w C:\Program Files\desktop.ini
2005-05-25 06:42 11,079 ---h--w C:\Program Files\folder.htt
2003-01-13 10:20 278,528 ------w C:\Program Files\internet explorer\plugins\PanoViewer.dll
1999-04-30 15:00 98,304 ------w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2005-07-14 12:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 15:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 22:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2005-02-28 13:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-13_22.09.11.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-17 19:16:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_56c.dat
- 2008-03-13 20:24:26 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_ac.dat
+ 2008-03-14 07:03:47 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POINTER"="point32.exe" []
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-04 18:26 188416]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-29 15:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 15:50 921600 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-10-29 15:50 86016]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 15:24 1732608]
"SoundMan"="SOUNDMAN.EXE" [2003-02-10 14:59 47104 C:\WINDOWS\SOUNDMAN.EXE]
"LWBKEYBOARD"="C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe" [2005-01-28 10:23 387584]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-19 17:14 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 14:45 278528]
"eFax 4.2"="C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-06-20 00:30 107008]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 13:27 222208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 09:33 202016]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 07:56 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-05-25 18:58:05 110592]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Belkin 802.11g Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe [2008-01-10 21:57:49 327765]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-06-20 22:05:21 962667]
eFax 4.2.lnk - C:\Program Files\eFax Messenger 4.2\J2GTray.exe [2006-07-17 21:53:03 612352]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 00:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView5\NkvMon.exe [2005-05-25 06:31:44 233472]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-07-15 18:52:25 806912]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ipswitch\\WS_FTP Home\\wsftpgui.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Macromedia\\FreeHand 10\\FreeHand 10.exe"=
"C:\\Downloads\\eMule0.47c\\eMule0.47c\\emule.exe"=
"C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"C:\\Program Files\\TalkTalk\\bin\\sprtsvc.exe"=
"C:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"C:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"C:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);"C:\Program Files\TalkTalk\bin\sprtsvc.exe" /service /p TalkTalk []
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);"C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe" /p TalkTalk []
S3 Aldtc50piss;Aldtc50piss;C:\WINDOWS\system32\drivers\nwlnkspx.sys [2001-08-23 12:00]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2003-04-01 09:23]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2003-07-24 12:10]
S3 Drmels5s;Drmels5s;C:\WINDOWS\system32\ntoskrnl.exe [2007-02-28 09:10]
S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2004-11-18 11:49]
S3 ham50;Intel V92 HaM Data Fax Voice;C:\WINDOWS\system32\DRIVERS\IntelH51.sys [2001-10-12 09:48]
S3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2003-05-22 15:44]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist;C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe [2007-08-02 14:42]

.
Contents of the 'Scheduled Tasks' folder
"2006-01-14 08:31:23 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1128667665.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-03-17 19:19:07 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 19:40:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2008-03-17 19:47:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-17 19:47:26
ComboFix2.txt 2008-03-13 22:10:07
.
2008-03-14 09:01:02 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58:04, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\rn\My Documents\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Labtec\Media Keyboard\V5.0\KbdAp32A.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540001} - http://www.ie-cards.com/flashplayer.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ip6flrrv - Intel Corporation - (no file)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

--
End of file - 12789 bytes

Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* Malware Problem? iexplore.exe keeps loading TG Wed Mar 12 2008 08:43 PM
. * * Re: Malware Problem? iexplore.exe keeps loading Pancake   Wed Mar 12 2008 11:49 PM
. * * Re: Malware Problem? iexplore.exe keeps loading TG   Thu Mar 13 2008 09:06 PM
. * * Re: Malware Problem? iexplore.exe keeps loading Pancake   Thu Mar 13 2008 09:45 PM
. * * Re: Malware Problem? iexplore.exe keeps loading TG   Thu Mar 13 2008 10:22 PM
. * * Re: Malware Problem? iexplore.exe keeps loading Pancake   Thu Mar 13 2008 11:42 PM
. * * Re: Malware Problem? iexplore.exe keeps loading TG   Mon Mar 17 2008 07:58 PM
. * * Re: Malware Problem? iexplore.exe keeps loading Pancake   Mon Mar 17 2008 09:17 PM
. * * Re: Malware Problem? iexplore.exe keeps loading TG   Mon Mar 31 2008 08:50 PM
. * * Re: Malware Problem? iexplore.exe keeps loading Pancake   Mon Mar 31 2008 11:35 PM
. * * Re: Malware Problem? iexplore.exe keeps loading TG   Tue Apr 01 2008 08:27 AM
. * * Re: Malware Problem? iexplore.exe keeps loading Pancake   Tue Apr 01 2008 10:52 PM
. * * Re: Malware Problem? iexplore.exe keeps loading TG   Wed Apr 09 2008 08:24 AM
. * * Re: Malware Problem? iexplore.exe keeps loading Pancake   Wed Apr 09 2008 08:34 AM

Extra information
1 registered and 24 anonymous users are browsing this forum.

Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 0

Contact Us | Privacy statement Main website
Hitwise Top 10 Award Winner - Jan-Mar 2005

About us | Contact us | Link to us | Terms & Conditions | Privacy Policy
© Copyright IPC Media Limited, All rights reserved