0

Can you help with a task bar turned gray, loss of sound-for some time now.I thought it must be hardware but now it seems to be a sneaky little bugger?
I picked up the phone the other night-residential- an indian voice telling me I've been infected with a virus.
I ran mcafee, and lava soft (mcafee found nothing- lavasoft quarantined 3 objects.

This is Hi-jack this log. Taken today 7th/12th/10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:08:27, on 7/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxdecoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\CommonFiles\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\CommonFiles\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ABBYY FineReader 7.0 ProfessionalEdition\AbbyyNewsReader.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CMS Peripherals\BounceBackExpress\BBLauncher.exe
C:\Program Files\Windows DesktopSearch\WindowsSearch.exe
C:\Program Files\SensorsViewPro41\svservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\InternetExplorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\InternetExplorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\InternetExplorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\InternetExplorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet ConnectionWizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\CommonFiles\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\CommonFiles\McAfee\SystemCore\ScriptSn.20101103232826.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\ProgramFiles\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Owner\ApplicationData\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [QuickTime Task] "C:\ProgramFiles\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\ProgramFiles\ABBYY FineReader 7.0 ProfessionalEdition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\ProgramFiles\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lxdemon.exe] "C:\Program Files\Lexmark 4800 Series\lxdemon.exe"
O4 - HKLM\..\Run: [lxdeamon] "C:\Program Files\Lexmark4800 Series\lxdeamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher]"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\CommonFiles\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Common Files\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download All By FlashGet3- C:\Documents and Settings\Owner\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download By FlashGet3 -C:\Documents and Settings\Owner\ApplicationData\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel- res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... -res://C:\Program Files\Google\GoogleToolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\ProgramFiles\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & DestroyConfiguration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}-C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\NetworkDiagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -{e2e2dd38-d088-4134-82b7-f2ba38496583} -C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}(Windows Genuine Advantage Validation Tool)-http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -http://cdn.drivecleaner.com/installd...eanerstart.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}(Windows Live Safety Center Base Module) -http://cdn.scan.onecare.live.com/res...download/scanner/wlscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}(MUWebControl Class) -http://update.microsoft.com/microsof...e/v6/V5Controls/en/x86/client/muweb_site.cab?1240406116578
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539}(Crucial cpcScan) -http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -http://download.mcafee.com/molbin/sh...cgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}(get_atlcom Class) -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe LM Service - Adobe Systems -C:\Program Files\Common Files\Adobe SystemsShared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner -C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaSrv - Unknown owner -C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate)- Google Inc. - C:\ProgramFiles\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google- C:\Program Files\Google\Common\GoogleUpdater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -Macrovision Corporation - C:\Program Files\CommonFiles\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. -C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter(JavaQuickStarterService) - Unknown owner - C:\ProgramFiles\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft -C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxde_device - - C:\WINDOWS\system32\lxdecoms.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc.- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service(McMPFSvc) - McAfee, Inc. - C:\Program Files\CommonFiles\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc.- C:\Program Files\CommonFiles\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) -McAfee, Inc. - C:\Program Files\CommonFiles\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee,Inc. - C:\Program Files\CommonFiles\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. -C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee,Inc. - C:\Program Files\CommonFiles\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\ProgramFiles\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) -McAfee, Inc. - C:\Program Files\CommonFiles\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust ProtectionService (mfevtp) - McAfee, Inc. - C:\ProgramFiles\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) -McAfee, Inc. - C:\Program Files\CommonFiles\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: SensorsVService - Unknown owner -C:\Program Files\SensorsViewPro41\svservice.exe

--
End of file - 11803 bytes

Edited by jholland1964: n/a

2
Contributors
1
Reply
2
Views
6 Years
Discussion Span
Last Post by jholland1964
0

First of all I have edited your post in order to make the log more readable. Please be certain that logs are single spaced and word wrap is NOT on in notepad.
You have used the old version of HiJackThis. Please uninstall this and install the newest version found here;

http://free.antivirus.com/hijackthis/

There may be other fixes with it needed later but for right now you DO need to run this new version and put a check mark in the box next to this entry:

O15 - Trusted Zone: http://software.kuaiche.com

When you have placed that check mark click the Fix Checked button. Then Exit HJT.
That is an EXTREMELY BAD website. So please DON'T click that link in there. It is a browser exploiter. A browser exploit is a short piece of code that exploits a software bug in a web browser such that it makes it do something unexpected, including crash, read/write local files, propagate a virus, install spyware etc.

After you have done that then you also need to disable TeaTimer in SpyBot. TeaTimer can interfere with any fixes done by other security programs so it should be turned off. Please do it this way:
* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

After that please run the tools found in our Read Me first sticky

http://www.daniweb.com/forums/thread134865.html

and post back here with all the requested logs.

Edited by jholland1964: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.