Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
PaulT
new user


Reg'd: Wed
Posts: 4
Re: Highjackthis log
      Fri May 30 2008 07:57 PM
Reply to this post Reply   Reply to this post Quote  

Funnily enough when I ran Superantispyware today it didn't report the Vundo trojan, just a few cookies.
Anyway I have done as you said and here is the combofix file followed by the hijackthis log:

ComboFix 08-05-29.1 - Paul Thorpe 30/05/2008 19:31:31.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.95 [GMT 1:00]
Running from: C:\Documents and Settings\Paul Thorpe\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\~.exe
C:\WINNT\system32\araxasrp.ini
C:\WINNT\system32\mcrh.tmp
C:\WINNT\system32\packet.dll
C:\WINNT\system32\wGjijRqr.ini
C:\WINNT\system32\wGjijRqr.ini2
C:\WINNT\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-29 21:00 . 08-03-25 02:37 69,632 --a------ C:\WINNT\system32\javacpl.cpl
2008-05-29 20:56 . 08-05-29 20:56 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-28 21:44 . 08-05-28 21:44 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-26 19:58 . 08-05-26 19:58 <DIR> d-------- C:\VundoFix Backups
2008-05-26 19:45 . 08-05-26 19:45 214,528 --a------ C:\Program Files\VundoFix.exe
2008-05-26 19:01 . 08-05-28 07:38 1,109,410 ---h----- C:\WINNT\ShellIconCache
2008-05-06 06:41 . 08-05-22 21:07 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-05-06 06:41 . 08-05-06 06:41 1,409 --a------ C:\WINNT\QTFont.for
2008-05-05 18:09 . 08-05-26 19:05 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-05 18:09 . 08-05-05 18:09 <DIR> d-------- C:\Documents and Settings\Paul Thorpe\Application Data\SUPERAntiSpyware.com
2008-05-05 18:09 . 08-05-05 18:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-05 18:08 . 08-05-05 18:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-05 01:06 . 08-05-05 10:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-09 20:31 . 02-02-08 00:00 53,248 --a------ C:\WINNT\system32\essiscsi.dll
2008-04-09 20:31 . 03-06-19 19:05 12,592 --a------ C:\WINNT\system32\drivers\usbscan.sys
2008-04-09 20:31 . 03-06-19 19:05 12,592 --a--c--- C:\WINNT\system32\dllcache\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 18:39 17,780,256 --sha-w C:\WINNT\system32\drivers\fidbox.dat
2008-05-30 18:38 560,416 --sha-w C:\WINNT\system32\drivers\fidbox2.dat
2008-05-30 18:34 53,564 --sha-w C:\WINNT\system32\drivers\fidbox2.idx
2008-05-30 18:34 239,132 --sha-w C:\WINNT\system32\drivers\fidbox.idx
2008-05-30 18:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-30 18:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 20:08 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-29 20:00 --------- d-----w C:\Program Files\Java
2008-05-29 19:28 --------- d-----w C:\Documents and Settings\Paul Thorpe\Application Data\MailWasherPro
2008-05-28 20:32 --------- d-----w C:\Documents and Settings\Paul Thorpe\Application Data\AdobeUM
2008-05-26 13:23 3,571,712 ----a-w C:\WINNT\Internet Logs\xDBE.tmp
2008-05-26 13:23 278,016 ----a-w C:\WINNT\Internet Logs\xDBD.tmp
2008-05-20 17:52 9,170,694 ----a-w C:\WINNT\Internet Logs\tvDebug.zip
2008-05-20 05:38 2,701,312 ----a-w C:\WINNT\Internet Logs\xDBC.tmp
2008-05-05 09:09 --------- d-----w C:\Documents and Settings\Paul Thorpe\Application Data\Lavasoft
2008-05-04 22:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-30 19:06 3,507,712 ----a-w C:\WINNT\Internet Logs\xDBB.tmp
2008-03-27 07:13 151,583 ----a-w C:\WINNT\system32\msjint40.dll
2008-03-27 07:06 355,104 ----a-w C:\WINNT\system32\msxbde40.dll
2008-03-27 07:05 838,432 ----a-w C:\WINNT\system32\mswdat10.dll
2008-03-27 07:05 621,344 ----a-w C:\WINNT\system32\mswstr10.dll
2008-03-27 07:05 264,992 ----a-w C:\WINNT\system32\mstext40.dll
2008-03-27 07:04 559,904 ----a-w C:\WINNT\system32\msrepl40.dll
2008-03-27 07:04 432,928 ----a-w C:\WINNT\system32\msrd2x40.dll
2008-03-27 07:04 322,336 ----a-w C:\WINNT\system32\msrd3x40.dll
2008-03-27 07:03 355,104 ----a-w C:\WINNT\system32\mspbde40.dll
2008-03-27 07:03 248,608 ----a-w C:\WINNT\system32\msjtes40.dll
2008-03-27 07:03 219,936 ----a-w C:\WINNT\system32\msltus40.dll
2008-03-27 07:02 60,192 ----a-w C:\WINNT\system32\msjter40.dll
2008-03-27 07:02 355,112 ----a-w C:\WINNT\system32\msjetoledb40.dll
2008-03-27 07:01 1,516,568 ----a-w C:\WINNT\system32\msjet40.dll
2008-03-27 07:00 518,944 ----a-w C:\WINNT\system32\msexch40.dll
2008-03-27 07:00 326,432 ----a-w C:\WINNT\system32\msexcl40.dll
2008-03-19 09:26 1,644,080 ----a-w C:\WINNT\system32\WIN32K.SYS
2008-03-14 20:38 3,335,168 ----a-w C:\WINNT\Internet Logs\xDBA.tmp
2008-03-13 23:11 75,248 ----a-w C:\WINNT\zllsputility.exe
2008-03-13 23:11 1,086,952 ----a-w C:\WINNT\system32\zpeng24.dll
2008-02-19 17:08 236,304 ----a-w C:\WINNT\system32\GDI32.DLL
2008-02-15 13:24 96,528 ----a-w C:\WINNT\system32\dnsrslvr.dll
2008-02-15 10:17 575,488 ----a-w C:\WINNT\system32\WININET.DLL
2008-02-07 07:33 2,140,160 ----a-w C:\WINNT\Internet Logs\xDB9.tmp
2008-02-04 19:26 151,040 --sh--w C:\WINNT\system32\VistaUltm.dll
2007-07-12 19:01 92,064 ----a-w C:\Documents and Settings\Paul Thorpe\mqdmmdm.sys
2007-07-12 19:01 9,232 ----a-w C:\Documents and Settings\Paul Thorpe\mqdmmdfl.sys
2007-07-12 19:01 79,328 ----a-w C:\Documents and Settings\Paul Thorpe\mqdmserd.sys
2007-07-12 19:01 66,656 ----a-w C:\Documents and Settings\Paul Thorpe\mqdmbus.sys
2007-07-12 19:01 6,208 ----a-w C:\Documents and Settings\Paul Thorpe\mqdmcmnt.sys
2007-07-12 19:01 5,936 ----a-w C:\Documents and Settings\Paul Thorpe\mqdmwhnt.sys
2007-07-12 19:01 4,048 ----a-w C:\Documents and Settings\Paul Thorpe\mqdmcr.sys
2007-07-12 19:01 25,600 ----a-w C:\Documents and Settings\Paul Thorpe\usbsermptxp.sys
2007-07-12 19:01 22,768 ----a-w C:\Documents and Settings\Paul Thorpe\usbsermpt.sys
2006-08-21 19:19 122,968 ----a-w C:\Documents and Settings\Paul Thorpe\Application Data\GDIPFONTCACHEV1.DAT
2006-05-12 08:59 4,122,112 ----a-w C:\Program Files\mplayerc.exe
2003-03-26 21:46 271 ---h--w C:\Program Files\desktop.ini
2003-03-26 21:46 21,952 ---h--w C:\Program Files\folder.htt
2002-07-31 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
2006-05-03 10:06 163,328 --sh--r C:\WINNT\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINNT\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINNT\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\WINNT\system32\VistaUltm.dll
.

------- Sigcheck -------


01-02-20 14:09 8192 d36a33c21eeed5a6c1daecb7c80a1909 C:\WINNT\system32\CTFMON.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1C7D7C4D-945C-4BB7-B1B9-B25F0A967710}"= "C:\Program Files\SurfApps.com\PopThis! Pro\PopThisPro.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{1c7d7c4d-945c-4bb7-b1b9-b25f0a967710}]
[HKEY_CLASSES_ROOT\PopThis.BARPopThis.1]
[HKEY_CLASSES_ROOT\TypeLib\{1A860BE9-9664-400F-AADA-ACFD1C61346A}]
[HKEY_CLASSES_ROOT\PopThis.BARPopThis]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1C7D7C4D-945C-4BB7-B1B9-B25F0A967710}"= C:\Program Files\SurfApps.com\PopThis! Pro\PopThisPro.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{1c7d7c4d-945c-4bb7-b1b9-b25f0a967710}]
[HKEY_CLASSES_ROOT\PopThis.BARPopThis.1]
[HKEY_CLASSES_ROOT\TypeLib\{1A860BE9-9664-400F-AADA-ACFD1C61346A}]
[HKEY_CLASSES_ROOT\PopThis.BARPopThis]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [01-02-20 14:09 8192 C:\WINNT\system32\CTFMON.EXE]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [06-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [02-06-26 18:36 90112]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [02-04-20 11:25 69632]
"AtiPTA"="atiptaxx.exe" [02-06-12 04:09 286720 C:\WINNT\system32\atiptaxx.exe]
"HydarVisionDesktopManager"="desk95.exe" [01-08-20 22:30 663552 C:\WINNT\system32\Desk95.exe]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [06-01-12 15:40 155648]
"Synchronization Manager"="mobsync.exe" [03-06-19 20:05 111376 C:\WINNT\system32\mobsync.exe]
"iTunesHelper"="C:\Documents\Kathryn's files\iTunes\iTunesHelper.exe" [07-07-09 22:32 270648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 282624]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [06-10-12 16:57 102400]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [08-03-14 00:11 919016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [08-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02-07-31 13:00 20752 C:\WINNT\system32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 20:05 186640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-03-29 19:38:22 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [08-05-26 19:05 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"VIDC.I420"= i420vfw.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\dvacm.acm
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"vidc.yv12"= yv12vfw.dll

R0 sonyhcb;Sony Digital Imaging Base;C:\WINNT\system32\DRIVERS\sonyhcb.sys [01-11-05 09:23 ]
R2 BT848;Conexant's BtPCI WDM Video Capture;C:\WINNT\system32\drivers\BT848.sys [05-06-23 12:24 ]
R2 BTXBAR;AVerDVD EZMaker WDM Crossbar;C:\WINNT\system32\drivers\BTXBAR.sys [02-05-14 06:21 ]
R3 openhci;Microsoft USB Open Host Controller Driver;C:\WINNT\system32\DRIVERS\openhci.sys [03-06-19 19:05 ]
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys [03-06-19 20:05 ]
S3 EUSBMASS;eUSB Mass Storage Driver;C:\WINNT\system32\DRIVERS\EUSBMASS.SYS [01-10-17 02:18 ]
S3 MR97310_VGA_DUAL_CAMERA;Dual-Mode Digital Camera;C:\WINNT\system32\DRIVERS\mr97310v.sys []
S3 pmxscan;Visioneer USB Kernel;C:\WINNT\system32\DRIVERS\usbscan.sys [03-06-19 19:05 ]
S3 scsiscan;SCSI Scanner Driver;C:\WINNT\system32\DRIVERS\scsiscan.sys [99-09-25 11:36 ]
S3 sonyhcs;Sony Digital Imaging Video;C:\WINNT\system32\DRIVERS\sonyhcs.sys [01-11-05 09:23 ]
S3 USBATA;USB Mass Storage Class Driver;C:\WINNT\system32\DRIVERS\USBATA.SYS [01-11-12 22:15 ]

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0002BB0C-D318-FD27-0505-050505040105}]
C:\WINNT\system32\wmedia.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 19:39:02
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-30 19:45:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-30 18:44:48

Pre-Run: 49,254,363,136 bytes free
Post-Run: 49,173,835,776 bytes free

189 --- E O F --- 2008-04-09 05:52:47

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:50, on 30/05/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\drivers\CDAC11BA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\desk95.exe
C:\Documents\Kathryn's files\iTunes\iTunesHelper.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: PopThis BHO - {0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} - C:\Program Files\SurfApps.com\PopThis! Pro\PopThisPro.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PopThis! Pop-Up Blocker - {1C7D7C4D-945C-4BB7-B1B9-B25F0A967710} - C:\Program Files\SurfApps.com\PopThis! Pro\PopThisPro.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Documents\Kathryn's files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\SurfApps.com\PopThis! Pro\PopThisPro.dll (file missing)
O9 - Extra 'Tools' menuitem: PopThis! Options... - {91663649-416A-42A5-8E54-B63C1ECA0548} - C:\Program Files\SurfApps.com\PopThis! Pro\PopThisPro.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.funky.co.uk
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - https://mows.aiag.org/CFIDE/classes/CFJava.cab
O16 - DPF: {083F2348-989A-4650-A541-6BB9CEE58E5E} (IEUpdateOSR2 Control with Key) - http://client.virgin.net/assets/update.cab
O16 - DPF: {15AC034D-14DF-4AF8-9D02-29E1F56A8235} (Virgin Digital MusicNet Class) - http://www.virgindigital.co.uk/activeX/VirginWMA.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129757249390
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917} - http://www.janita20.cc/uk/webinstall.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://www.ntrsupport.com/inquiero/mod/setup/ntractivex118_24.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINNT\System32\drivers\CDAC11BA.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 9669 bytes

Just one thing before I go .... as Combofix was rebooting the computer I got an error box stating that I didn't have enough Registry memory. Is this something I need to fix?


Thanks
Paul

Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* Highjackthis log PaulT Wed May 28 2008 10:26 PM
. * * Re: Highjackthis log bricatModerator   Thu May 29 2008 06:52 PM
. * * Re: Highjackthis log PaulT   Thu May 29 2008 11:48 PM
. * * Re: Highjackthis log bricatModerator   Fri May 30 2008 08:45 AM
. * * Re: Highjackthis log PaulT   Fri May 30 2008 07:57 PM
. * * Re: Highjackthis log bricatModerator   Sat May 31 2008 01:39 PM
. * * Re: Highjackthis log PaulT   Sat May 31 2008 09:26 PM
. * * Re: Highjackthis log bricatModerator   Sun Jun 01 2008 09:00 AM
. * * Re: Highjackthis log bricatModerator   Sun Jun 01 2008 12:11 AM

Extra information
0 registered and 9 anonymous users are browsing this forum.

Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 0

Contact Us | Privacy statement Main website
Hitwise Top 10 Award Winner - Jan-Mar 2005

About us | Contact us | Link to us | Terms & Conditions | Privacy Policy
© Copyright IPC Media Limited, All rights reserved