| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 78332 | 2007-04-11 17:56:00 | Brontok.C | Neha (12125) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 540246 | 2007-05-22 12:21:00 | Logfile of HijackThis v1.99.1 Scan saved at 4:41:27 PM, on 5/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe c:\program files\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\ramesh\Desktop\hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eastern-engineering.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.eastern-engineering.com/ F2 - REG:system.ini: Shell=Explorer.exe " O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{AB9A900D-8E73-4F8D-BA07-5EDFAF8F54BC}: NameServer = 85.255.114.16,85.255.112.130 O17 - HKLM\System\CS1\Services\Tcpip\..\{AB9A900D-8E73-4F8D-BA07-5EDFAF8F54BC}: NameServer = 85.255.114.16,85.255.112.130 O17 - HKLM\System\CS2\Services\Tcpip\..\{AB9A900D-8E73-4F8D-BA07-5EDFAF8F54BC}: NameServer = 85.255.114.16,85.255.112.130 O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe |
mkms (12127) | ||
| 540247 | 2007-05-22 22:54:00 | You should have done a new post. There's nothing nasty in your log mkms, but u can run HJT again (put it in its own folder) then run it again tick these entries then tick fix checked. O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? Are you in NZ mkms?? If you're not, I would tick these entries as well. O17 - HKLM\System\CCS\Services\Tcpip\..\{AB9A900D-8E73-4F8D-BA07-5EDFAF8F54BC}: NameServer = 85.255.114.16,85.255.112.130 O17 - HKLM\System\CS1\Services\Tcpip\..\{AB9A900D-8E73-4F8D-BA07-5EDFAF8F54BC}: NameServer = 85.255.114.16,85.255.112.130 O17 - HKLM\System\CS2\Services\Tcpip\..\{AB9A900D-8E73-4F8D-BA07-5EDFAF8F54BC}: NameServer = 85.255.114.16,85.255.112.130 I would also install some kind of firewall. |
Speedy Gonzales (78) | ||
| 1 2 | |||||