1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Antivirus 2009 malware

Discussion in 'Virus & Other Malware Removal' started by Jerseyboy, Oct 13, 2008.

Thread Status:
Not open for further replies.
  1. Jerseyboy

    Jerseyboy Thread Starter

    Joined:
    Feb 2, 2004
    Messages:
    191
    First Name:
    Mike
    Hello, could someone quickly take a look at this log and let me know your thoughts?

    Thanks, Mike

    Sorry, due to wirewall, this is the only way I can post this log.

    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
    C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Network Associates\Common Framework\McTray.exe
    C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.marion.k12.fl.us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=distproxy01:80;https=distproxy01:80
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
    O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
    O4 - HKLM\..\Run: [EPA_EZ_GPO_Tool] C:\WINDOWS\system32\EZ_GPO_Tool.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Global Startup: Diagnostics.lnk = C:\Program Files\vSoft\Diag\diag.hta
    O4 - Global Startup: vSoft - Powered By Raptor Technologies Inc..lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.marion.k12.fl.us
    O15 - Trusted Zone: *.checkredi.com (HKLM)
    O15 - Trusted Zone: mymariondestiny.marion.k12.fl.us (HKLM)
    O15 - Trusted Zone: mymarionsms.marion.k12.fl.us (HKLM)
    O15 - Trusted Zone: wwwapps.raptorware.com (HKLM)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = marionschools.edu
    O17 - HKLM\Software\..\Telephony: DomainName = marionschools.edu
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DDCAFCAF-C67A-4CEF-A477-714471EE5322}: Domain = marionschools.edu
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = marionschools.edu
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = marionschools.edu
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Energy Star(TM) EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINDOWS\system32\PMService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 5880 bytes
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Antivirus 2009 malware
  1. DebbyR
    Replies:
    2
    Views:
    696
  2. spoonthumb
    Replies:
    9
    Views:
    744
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/758750

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice