staticnoise

Members
  • Content Count

    14
  • Joined

  • Last visited

Community Reputation

0 Neutral

About staticnoise

  • Rank
    Member
  1. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:21:52 PM, on 3/24/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SSA\smc.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Connected\AgentSrv.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Witness Systems\QM Agent\CaptureService.exe C:\Program Files\LANDesk\Shared Files\residentagent.exe C:\Program Files\Witness Systems\QM Agent\wcapw32.exe c:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\LANDesk\LDClient\LocalSch.EXE C:\WINDOWS\system32\CBA\pds.exe C:\Program Files\LANDesk\LDClient\tmcsvc.exe C:\PROGRA~1\LANDesk\LDClient\issuser.exe c:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\slClient.exe C:\Program Files\LANDesk\LDClient\softmon.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe c:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\LANDesk\LDClient\collector.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\LANDesk\LDClient\rcgui.exe C:\WINDOWS\system32\slagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\svchost.exe C:\WINDOWS\SYSTEM32\DWRCST.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Connected\CBSysTray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Java\j2re1.4.2_02\bin\javaw.exe C:\CRM\Prod\lib\IeEmbed.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo! R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.corp.yahoo.com:1080 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [bgInfo] bginfo.exe c:\windows\BGInfoYahoo.bgi /timer:0 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user') O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1C1DE932-8D89-4C07-BF9C-D8627EDB4849} (Siebel High Interactivity Framework) - http://prissm.corp.yahoo.com/emedia_enu/18...x_HI_Client.cab O16 - DPF: {1C3D6191-46F2-433A-9F76-F779A01135C6} (Siebel High Interactivity Framework) - http://prissm.corp.yahoo.com/emedia_enu/18...x_HI_Client.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5e2a3510-4371-11d6-b64c-00c04faedb18} (Oracle JInitiator 1.1.8.18) - https://erpprod.fin.yahoo.com:8000/jinitiator/oajinit.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093539677562 O16 - DPF: {9084FFEE-ACA8-405C-AA94-CE3E57651343} (Siebel Calendar) - http://prissm.corp.yahoo.com/emedia_enu/18...Ax_Calendar.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Capture Service (CaptureService) - Witness Systems, Inc. - C:\Program Files\Witness Systems\QM Agent\CaptureService.exe O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - c:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\system32\slClient.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - c:\Program Files\Symantec AntiVirus\Rtvscan.exe O24 - Desktop Component 1: (no name) - P:\CS Desktop Ref Tool\Desktop Ref Tool.html -- End of file - 12822 bytes
  2. Thank you in advance for checking this over. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:02:25 AM, on 2/1/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SSA\smc.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Connected\AgentSrv.EXE C:\Program Files\Aruba Wireless Networks\ArubaService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\LANDesk\Shared Files\residentagent.exe C:\WINDOWS\system32\nfsclnt.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\QosServM.exe C:\Program Files\LANDesk\LDClient\LocalSch.EXE C:\WINDOWS\system32\CBA\pds.exe C:\Program Files\LANDesk\LDCLient\tmcsvc.exe C:\Program Files\iPass\iPassConnect\iPCAgent.exe C:\PROGRA~1\LANDesk\LDCLient\issuser.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\LANDesk\LDCLient\xddclient.exe C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\LANDesk\LDCLient\softmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\PROGRA~1\LANDesk\LDClient\collector.exe C:\Program Files\Intel\AMT\UNS.exe C:\WINDOWS\system32\PSXRUN.EXE C:\WINDOWS\system32\psxss.exe C:\WINDOWS\system32\ams_ii\hndlrsvc.exe C:\WINDOWS\system32\MsgSys.EXE C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\SFU\usr\sbin\zzInterix C:\SFU\usr\sbin\init C:\SFU\usr\sbin\inetd C:\Program Files\LANDesk\LDCLient\LDIScn32.EXE C:\Program Files\LANDesk\LDCLient\vulScan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe C:\Program Files\UltraMon\UltraMon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\mrofinu572.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\Connected\CBSysTray.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe C:\Program Files\Pidgin\pidgin.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ticketing.corp.yahoo.com/callcenter...PL=1&SWETS= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.yahoo.com:1080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe" O4 - HKLM\..\Run: [pwreset] C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe O4 - HKLM\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [e4436bc5] rundll32.exe "C:\WINDOWS\system32\ttftttdo.dll",b O4 - HKLM\..\Run: [bMe7705859] Rundll32.exe "C:\WINDOWS\system32\wjrfcjix.dll",s O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe O4 - Global Startup: VPN Client.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186628029890 O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - https://ticketing.corp.yahoo.com/callcenter...x_HI_Client.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE O23 - Service: Aruba VPN Service - Unknown owner - C:\Program Files\Aruba Wireless Networks\ArubaService.exe O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\\QosServM.exe O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDCLient\xddclient.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe -- End of file - 13113 bytes
  3. Thank you for that. I was not aware/nor should there have been another user logged on. Thank you
  4. I was just wanting someone to look at the log to see if anything stuck out as bad. I have defraged, and cleared all my files, and even removed programs I am not using. The uttorent in startup is understood. I normally cancel it at startup, but I understand it can be a resource hog. My computer is not slow all the time, its just at certain points throughout the day, it will raise the cpu usage up over a 100 when very few programs, and sometimes with only email open. I can understand that it being an issue with an internet broweser, as things can happen. If you could please let me know if you see anything that doesnt look right in the log, I would appreciate it. Thank you,
  5. My system is just very slow, and for no reason the system cpu usage jumps to 100% for no reason.
  6. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:18:48 PM, on 1/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20696) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\PeerGuardian2\pg2.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: VPN Client.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{5FD20057-53D1-4C45-8117-AD42FD5E2118}: NameServer = 192.168.0.23,66.93.87.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{F1597262-8617-4245-A94B-0C0D6F711F63}: NameServer = 66.93.87.2,192.168.0.23 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- End of file - 6347 bytes
  7. PC is doing a lot better. Thank you so much for your help. Jay
  8. thank you so much for your help. My machine is running a lot better now. Thank you! File: archlib.dll Status: OK MD5: b2cfe0aa4d83f78887d348fc39b57434 Packers detected: - Bit9 reports: No threat detected (more info) Scanner results Scan taken on 13 Dec 2007 15:40:19 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing
  9. Thanks again ComboFix 07-12-12.3 - jhollett 2007-12-12 16:07:23.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1208 [GMT -8:00] Running from: C:\Documents and Settings\jhollett\Desktop\ComboFix(2).exe Command switches used :: C:\Documents and Settings\jhollett\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\Help.ico C:\WINDOWS\system32\Uninstall.ico C:\WINDOWS\system32\xxywwxy.dll.vir . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\daSgo01 C:\WINDOWS\system32\Help.ico C:\WINDOWS\system32\Uninstall.ico C:\WINDOWS\system32\xxywwxy.dll.vir . ((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))) . 2007-12-12 08:37 . 2007-12-12 16:08 <DIR> d-------- C:\Program Files\PeerGuardian2 2007-12-12 06:55 . 2007-12-12 06:55 90,112 --a------ C:\WINDOWS\system32\WOEM_3_2awoem.tmp 2007-12-11 13:25 . 2007-12-11 13:25 <DIR> d-------- C:\VundoFix Backups 2007-12-10 16:04 . 2007-12-10 16:04 <DIR> d-------- C:\Deckard 2007-12-10 15:00 . 2007-11-28 13:06 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-12-10 12:40 . 2007-12-10 12:40 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Tenebril 2007-12-10 12:39 . 2007-12-10 12:39 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-10 12:38 . 2007-12-10 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril 2007-12-10 12:37 . 2007-12-10 12:37 <DIR> d-------- C:\WINDOWS\system32\tenarchlib 2007-12-10 12:37 . 2005-10-12 23:10 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll 2007-12-10 12:17 . 2007-12-10 12:17 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-10 12:17 . 2007-12-10 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-06 09:21 . 2007-12-06 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-06 09:10 . 2007-12-06 09:10 <DIR> d-------- C:\Program Files\Sygate 2007-12-06 09:10 . 2006-07-12 11:19 81,080 --a------ C:\WINDOWS\system32\SSSensor.dll 2007-12-06 09:10 . 2006-07-12 10:59 61,520 --a------ C:\WINDOWS\system32\drivers\Teefer.sys 2007-12-06 09:10 . 2006-07-12 11:02 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg6n.sys 2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg5n.sys 2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg4n.sys 2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg3n.sys 2007-12-05 15:21 . 2007-12-05 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2007-12-05 15:20 . 2007-12-06 09:03 <DIR> d-------- C:\Program Files\Panda Security 2007-12-05 15:20 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll 2007-12-05 11:59 . 2007-12-05 12:01 <DIR> d-------- C:\Program Files\SlimServer 2007-12-05 10:01 . 2007-12-05 10:01 <DIR> d-------- C:\Program Files\AnalogX 2007-12-05 07:56 . 2007-12-05 07:56 <DIR> d-------- C:\Program Files\YIT 2007-12-04 13:59 . 2007-12-04 13:59 32,768 --a------ C:\WINDOWS\system\smvss.exe 2007-12-04 08:38 . 2007-12-04 08:38 <DIR> d-------- C:\Dell 2007-12-03 16:33 . 2007-12-03 16:33 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Songbird1 2007-12-03 16:33 . 2007-12-03 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC 2007-12-03 16:19 . 2007-12-11 13:31 <DIR> d-------- C:\Program Files\Synergy 2007-12-03 15:57 . 2007-12-12 09:46 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\uTorrent 2007-11-30 15:52 . 2007-11-30 15:52 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Thunderbird 2007-11-30 13:55 . 2007-12-05 12:37 <DIR> d-------- C:\Program Files\FileZilla Client 2007-11-28 13:06 . 2007-12-10 16:05 <DIR> d-------- C:\Documents and Settings\jhollett\.housecall6.6 2007-11-27 14:55 . 2007-11-27 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application DataTechSmith 2007-11-27 14:53 . 2007-11-27 14:53 <DIR> d-------- C:\Program Files\TechSmith 2007-11-27 14:53 . 2007-12-11 13:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-27 08:10 . 2007-11-27 08:10 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2007-11-26 12:37 . 2007-11-26 12:37 0 --a------ C:\WINDOWS\system32\(null)id.tmp 2007-11-17 00:48 . 2007-11-17 00:48 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Apple Computer 2007-11-15 08:03 . 2007-08-20 02:04 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-15 08:03 . 2007-04-17 01:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-15 08:03 . 2007-03-07 21:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-11-15 08:03 . 2007-08-20 02:04 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-15 08:03 . 2007-08-20 02:04 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-15 08:03 . 2007-08-20 02:04 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-15 08:03 . 2007-08-20 02:04 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-15 08:03 . 2007-08-20 02:04 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-15 08:03 . 2007-08-17 02:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-14 14:56 . 2007-11-14 14:56 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2007-11-13 13:20 . 2007-12-06 15:43 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\FileZilla . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-13 00:04 --------- d-----w C:\Documents and Settings\jhollett\Application Data\.purple 2007-12-12 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\vulScan 2007-12-12 20:02 --------- d-----w C:\Program Files\Connected 2007-12-12 14:55 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-12-05 23:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-05 20:42 --------- d-----w C:\Program Files\WinSCP3 2007-12-05 20:41 --------- d-----w C:\Program Files\UltraMon 2007-12-05 20:41 --------- d-----w C:\Program Files\Pidgin 2007-12-05 20:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-05 20:36 --------- d-----w C:\Program Files\Aruba Wireless Networks 2007-12-04 00:37 --------- d-----w C:\Program Files\Yahoo! Inc 2007-11-20 22:41 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-13 16:17 --------- d-----w C:\Program Files\Yahoo! 2007-11-13 16:02 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Yahoo! 2007-11-13 16:01 --------- d-----w C:\Program Files\FileZilla 2007-11-13 00:43 --------- d-----w C:\Program Files\CMAK 2007-11-12 21:53 --------- d-----w C:\Documents and Settings\jhollett\Application Data\DameWare Development 2007-11-10 08:35 --------- d-----w C:\Documents and Settings\staticnoise\Application Data\uTorrent 2007-11-10 08:27 --------- d-----w C:\Program Files\uTorrent 2007-11-10 08:25 --------- d-----w C:\Documents and Settings\staticnoise\Application Data\Realtime Soft 2007-11-10 07:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Realtime Soft 2007-11-09 19:09 --------- d-----w C:\Program Files\Google 2007-11-09 19:05 --------- d-----w C:\Program Files\Common Files\Data Dynamics 2007-11-09 19:04 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-11-09 19:04 --------- d-----w C:\Program Files\LANDesk 2007-11-09 17:18 --------- d-----w C:\Program Files\DameWare Development 2007-11-08 19:36 --------- d-----w C:\Program Files\Common Files\Realtime Soft 2007-11-08 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Realtime Soft 2007-11-08 17:14 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Realtime Soft 2007-11-08 00:07 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Winamp 2007-11-07 16:43 --------- d-----w C:\Program Files\Winamp 2007-11-06 23:27 48,456 ----a-w C:\WINDOWS\system32\UninstallElectricSheep.exe 2007-11-06 22:31 --------- d-----w C:\Program Files\Common Files\GTK 2007-11-06 18:59 --------- d-----w C:\Program Files\Java 2007-11-06 17:47 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Avaya 2007-11-05 20:05 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Instantbird 2007-11-05 19:32 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Winamp 2007-11-05 18:22 --------- d-----w C:\Program Files\Avaya 2007-11-05 18:22 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Avaya 2007-11-05 17:41 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Thunderbird 2007-11-05 16:11 97,936 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2007-11-05 16:11 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-11-05 16:11 31,888 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2007-11-05 16:11 28,304 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2007-11-05 16:11 24,208 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-11-05 16:11 20 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat 2007-11-05 16:11 189,584 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-11-05 16:11 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-11-05 16:11 12,944 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2007-11-05 16:11 1,133 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf . ((((((((((((((((((((((((((((( [email protected]_16.44.17.18 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-11 22:25:15 71,370 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-12-12 15:04:04 71,370 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-12-11 22:25:15 439,832 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-12-12 15:04:04 439,832 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 20:50] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 20:50] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 20:50] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 16:47] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 10:24] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 10:22] "atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-05-01 15:52] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 04:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 09:33] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-26 19:51] "IntelAPMClient"="C:\Program Files\LANDesk\LDCLient\amclient.exe" [2006-12-04 06:38] "SDClientMonitor"="C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe" [2006-11-01 07:06] "pwreset"="C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe" [2005-10-25 11:17] "UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27] "devenv"="C:\WINDOWS\system\smvss.exe" [2007-12-04 13:59] "SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [2006-07-12 11:21] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0] "Script"=\\ds\NETLOGON\gpo-scripts\GPOAddAdmin.bat [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk backup=C:\WINDOWS\pss\SnagIt 7.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] C:\Program Files\Analog Devices\SoundMAX\smax4.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2007-01-05 15:36 872448 --a------ C:\Program Files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] 2007-05-23 10:00 192512 --a------ C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet R2 Aruba VPN Service;Aruba VPN Service;C:\Program Files\Aruba Wireless Networks\ArubaService.exe R2 atchksrv;Intel® Active Management Technology System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe R2 CBA8;LANDesk® Management Agent;"C:\Program Files\LANDesk\Shared Files\residentagent.exe" R2 Client for NFS;Client for NFS;C:\WINDOWS\system32\nfsclnt.exe R2 iPCAgent;iPCAgent;C:\Program Files\iPass\iPassConnect\iPCAgent.exe R2 LDXDD;LANDesk® Extended device discovery service;"C:\Program Files\LANDesk\LDCLient\xddclient.exe" R2 LMS;Intel® Active Management Technology Local Management Service;C:\Program Files\Intel\AMT\LMS.exe R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;C:\WINDOWS\system32\DRIVERS\mdc80211.sys R2 Softmon;LANDesk® Software Monitoring Service;"C:\Program Files\LANDesk\LDCLient\softmon.exe" R2 UltraMonUtility;UltraMon Utility Driver;\??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys R2 UNS;Intel® Active Management Technology User Notification Service;C:\Program Files\Intel\AMT\UNS.exe R2 zzInterix;Interix Subsystem Startup;C:\WINDOWS\system32\PSXRUN.EXE R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS R3 ldblank;Screen Blanking driver for Remote Control;C:\WINDOWS\system32\DRIVERS\ldblank.sys R3 ldmirror;ldmirror;C:\WINDOWS\system32\DRIVERS\ldmirror.sys R3 mirrorflt;Mirror Filter Driver for Uninstall;C:\WINDOWS\system32\DRIVERS\mirrorflt.sys R3 NfsRdr;NfsRdr;\??\C:\WINDOWS\system32\drivers\nfsrdr.sys R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys R3 Portmap;Portmap;\??\C:\WINDOWS\system32\drivers\portmap.sys R3 PsxDrv;PsxDrv;\??\C:\WINDOWS\system32\drivers\PSXDRV.SYS R3 rismc32;RICOH Smart Card Reader;C:\WINDOWS\system32\DRIVERS\rismc32.sys R3 RpcXdr;RpcXdr;\??\C:\WINDOWS\system32\drivers\rpcxdr.sys R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys R3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a);C:\WINDOWS\system32\drivers\WOEM_3_2a.sys S3 magaService;Lan Discover Agent;C:\Program Files\Sygate\SSA\maga\maga.exe S3 OracleClientCache80;OracleClientCache80;C:\orant\BIN\ONRSD80.EXE S4 CronService;Windows Cron Service;C:\SFU\common\cron.exe S4 Mapsvc;User Name Mapping;C:\SFU\Mapper\mapsvc.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##is-landesk#ldmain] \Shell\AutoRun\command - setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Snv-na-fs1#Anne] \Shell\AutoRun\command - Z:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{601d89d1-92ce-11dc-ad74-001a6bb9b52b}] \Shell\AutoRun\command - E:\Autorun.exe /run \Shell\Shell00\Command - E:\Autorun.exe /run \Shell\Shell01\Command - E:\Autorun.exe /action \Shell\Shell02\Command - E:\Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{671c6ac2-452e-11dc-b2ed-806d6172696f}] \Shell\AutoRun\command - D:\Programs\nu2menu\nu2menu.exe *Newly Created Service* - IPFILTERDRIVER *Newly Created Service* - PGFILTER . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-12 16:08:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-12 16:09:08 C:\ComboFix2.txt ... 2007-12-11 16:45 . 2007-11-26 20:01:52 --- E O F --- ---------------------------------------------------------- ---------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:17, on 2007-12-12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SSA\smc.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Connected\AgentSrv.EXE C:\Program Files\Aruba Wireless Networks\ArubaService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\LANDesk\Shared Files\residentagent.exe C:\WINDOWS\system32\nfsclnt.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\QosServM.exe C:\Program Files\LANDesk\LDClient\LocalSch.EXE C:\WINDOWS\system32\CBA\pds.exe C:\Program Files\LANDesk\LDCLient\tmcsvc.exe C:\Program Files\iPass\iPassConnect\iPCAgent.exe C:\PROGRA~1\LANDesk\LDCLient\issuser.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\LANDesk\LDCLient\xddclient.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\LANDesk\LDClient\collector.exe C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\LANDesk\LDCLient\softmon.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\AMT\UNS.exe C:\WINDOWS\system32\PSXRUN.EXE C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\ams_ii\hndlrsvc.exe C:\WINDOWS\system32\psxss.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\MsgSys.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\SFU\usr\sbin\zzInterix C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\SFU\usr\sbin\init C:\PROGRA~1\SYMANT~1\VPTray.exe C:\SFU\usr\sbin\inetd C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe C:\Program Files\UltraMon\UltraMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Connected\CBSysTray.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\LANDesk\LDCLient\LDIScn32.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\LANDesk\Shared Files\proxyhost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ticketing.corp.yahoo.com/callcenter...WETS=1196976644 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.yahoo.com:1080 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Avaya Web Dialer - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Agent\WebDialer.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe" O4 - HKLM\..\Run: [pwreset] C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe O4 - HKLM\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186628029890 O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - https://ticketing.corp.yahoo.com/callcenter...x_HI_Client.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com O17 - HKLM\System\CCS\Services\Tcpip\..\{28E58799-FDB7-49B5-A190-4A34FF457CA8}: NameServer = 192.168.0.23 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE O23 - Service: Aruba VPN Service - Unknown owner - C:\Program Files\Aruba Wireless Networks\ArubaService.exe O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\\QosServM.exe O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDCLient\xddclient.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe -- End of file - 11799 bytes
  10. ComboFix 07-12-12.3 - jhollett 2007-12-11 16:38:05.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1252 [GMT -8:00] Running from: C:\Documents and Settings\jhollett\Desktop\ComboFix(2).exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Temp\bkR11 C:\WINDOWS\system32\gfdfqtqn.dll C:\WINDOWS\system32\jjlrvrdg.dll C:\WINDOWS\system32\klnmp.ini C:\WINDOWS\system32\klnmp.ini2 C:\WINDOWS\system32\lbyqclkm.ini C:\WINDOWS\system32\mklcqybl.dll C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pmnlk.dll C:\WINDOWS\system32\qvdfjjcy.dll . ((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 ))))))))))))))))))))))))))))))) . 2007-12-11 13:25 . 2007-12-11 13:25 <DIR> d-------- C:\VundoFix Backups 2007-12-10 16:04 . 2007-12-10 16:04 <DIR> d-------- C:\Deckard 2007-12-10 15:00 . 2007-11-28 13:06 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-12-10 12:40 . 2007-12-10 12:40 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Tenebril 2007-12-10 12:39 . 2007-12-10 12:39 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-10 12:38 . 2007-12-10 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril 2007-12-10 12:37 . 2007-12-10 12:37 <DIR> d-------- C:\WINDOWS\system32\tenarchlib 2007-12-10 12:37 . 2005-10-12 23:10 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll 2007-12-10 12:17 . 2007-12-10 12:17 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-10 12:17 . 2007-12-10 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-07 16:28 . 2007-12-07 16:28 39,936 --a------ C:\WINDOWS\system32\xxywwxy.dll.vir 2007-12-06 09:21 . 2007-12-06 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-06 09:10 . 2007-12-06 09:10 <DIR> d-------- C:\Program Files\Sygate 2007-12-06 09:10 . 2006-07-12 11:19 81,080 --a------ C:\WINDOWS\system32\SSSensor.dll 2007-12-06 09:10 . 2006-07-12 10:59 61,520 --a------ C:\WINDOWS\system32\drivers\Teefer.sys 2007-12-06 09:10 . 2006-07-12 11:02 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg6n.sys 2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg5n.sys 2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg4n.sys 2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg3n.sys 2007-12-05 15:21 . 2007-12-05 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel 2007-12-05 15:20 . 2007-12-06 09:03 <DIR> d-------- C:\Program Files\Panda Security 2007-12-05 15:20 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll 2007-12-05 12:20 . 2007-12-05 12:20 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-05 12:20 . 2007-12-05 12:20 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-05 12:11 . 2007-12-07 16:28 <DIR> d-------- C:\WINDOWS\system32\daSgo01 2007-12-05 11:59 . 2007-12-05 12:01 <DIR> d-------- C:\Program Files\SlimServer 2007-12-05 10:01 . 2007-12-05 10:01 <DIR> d-------- C:\Program Files\AnalogX 2007-12-05 07:56 . 2007-12-05 07:56 <DIR> d-------- C:\Program Files\YIT 2007-12-04 13:59 . 2007-12-04 13:59 32,768 --a------ C:\WINDOWS\system\smvss.exe 2007-12-04 08:38 . 2007-12-04 08:38 <DIR> d-------- C:\Dell 2007-12-03 16:33 . 2007-12-03 16:33 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Songbird1 2007-12-03 16:33 . 2007-12-03 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC 2007-12-03 16:19 . 2007-12-11 13:31 <DIR> d-------- C:\Program Files\Synergy 2007-12-03 15:57 . 2007-12-03 15:59 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\uTorrent 2007-11-30 15:52 . 2007-11-30 15:52 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Thunderbird 2007-11-30 13:55 . 2007-12-05 12:37 <DIR> d-------- C:\Program Files\FileZilla Client 2007-11-28 13:06 . 2007-12-10 16:05 <DIR> d-------- C:\Documents and Settings\jhollett\.housecall6.6 2007-11-27 14:55 . 2007-11-27 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application DataTechSmith 2007-11-27 14:53 . 2007-11-27 14:53 <DIR> d-------- C:\Program Files\TechSmith 2007-11-27 14:53 . 2007-12-11 13:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-27 08:10 . 2007-11-27 08:10 230 --a------ C:\WINDOWS\system32\spupdsvc.inf 2007-11-26 12:37 . 2007-11-26 12:37 0 --a------ C:\WINDOWS\system32\(null)id.tmp 2007-11-17 00:48 . 2007-11-17 00:48 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Apple Computer 2007-11-15 08:03 . 2007-08-20 02:04 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-15 08:03 . 2007-04-17 01:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-15 08:03 . 2007-03-07 21:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-11-15 08:03 . 2007-08-20 02:04 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-15 08:03 . 2007-08-20 02:04 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-15 08:03 . 2007-08-20 02:04 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-15 08:03 . 2007-08-20 02:04 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-15 08:03 . 2007-08-20 02:04 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-15 08:03 . 2007-08-17 02:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-14 14:56 . 2007-11-14 14:56 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2007-11-13 13:20 . 2007-12-06 15:43 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\FileZilla 2007-11-12 16:43 . 2007-11-12 16:43 <DIR> d-------- C:\WINDOWS\cluster 2007-11-12 16:43 . 2007-11-12 16:43 <DIR> d-------- C:\Program Files\CMAK . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-12 00:41 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-12-12 00:31 --------- d-----w C:\Documents and Settings\jhollett\Application Data\.purple 2007-12-11 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\vulScan 2007-12-11 20:03 --------- d-----w C:\Program Files\Connected 2007-12-05 23:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-05 20:42 --------- d-----w C:\Program Files\WinSCP3 2007-12-05 20:41 --------- d-----w C:\Program Files\UltraMon 2007-12-05 20:41 --------- d-----w C:\Program Files\Pidgin 2007-12-05 20:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-05 20:36 --------- d-----w C:\Program Files\Aruba Wireless Networks 2007-12-04 00:37 --------- d-----w C:\Program Files\Yahoo! Inc 2007-11-20 22:41 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-13 16:17 --------- d-----w C:\Program Files\Yahoo! 2007-11-13 16:02 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Yahoo! 2007-11-13 16:01 --------- d-----w C:\Program Files\FileZilla 2007-11-12 21:53 --------- d-----w C:\Documents and Settings\jhollett\Application Data\DameWare Development 2007-11-10 08:35 --------- d-----w C:\Documents and Settings\staticnoise\Application Data\uTorrent 2007-11-10 08:27 --------- d-----w C:\Program Files\uTorrent 2007-11-10 08:25 --------- d-----w C:\Documents and Settings\staticnoise\Application Data\Realtime Soft 2007-11-10 07:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Realtime Soft 2007-11-09 19:09 --------- d-----w C:\Program Files\Google 2007-11-09 19:05 --------- d-----w C:\Program Files\Common Files\Data Dynamics 2007-11-09 19:04 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-11-09 19:04 --------- d-----w C:\Program Files\LANDesk 2007-11-09 17:18 --------- d-----w C:\Program Files\DameWare Development 2007-11-08 19:36 --------- d-----w C:\Program Files\Common Files\Realtime Soft 2007-11-08 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Realtime Soft 2007-11-08 17:14 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Realtime Soft 2007-11-08 00:07 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Winamp 2007-11-07 16:43 --------- d-----w C:\Program Files\Winamp 2007-11-06 22:31 --------- d-----w C:\Program Files\Common Files\GTK 2007-11-06 18:59 --------- d-----w C:\Program Files\Java 2007-11-06 17:47 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Avaya 2007-11-05 20:05 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Instantbird 2007-11-05 19:32 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Winamp 2007-11-05 18:22 --------- d-----w C:\Program Files\Avaya 2007-11-05 18:22 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Avaya 2007-11-05 17:41 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Thunderbird 2007-11-05 16:11 97,936 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2007-11-05 16:11 31,888 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2007-11-05 16:11 28,304 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2007-11-05 16:11 24,208 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-11-05 16:11 20 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat 2007-11-05 16:11 189,584 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-11-05 16:11 12,944 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2007-11-05 16:11 1,133 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 20:50] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 20:50] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 20:50] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 16:47] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 10:24] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 10:22] "atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-05-01 15:52] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 04:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 09:33] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-26 19:51] "IntelAPMClient"="C:\Program Files\LANDesk\LDCLient\amclient.exe" [2006-12-04 06:38] "SDClientMonitor"="C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe" [2006-11-01 07:06] "pwreset"="C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe" [2005-10-25 11:17] "UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27] "devenv"="C:\WINDOWS\system\smvss.exe" [2007-12-04 13:59] "SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [2006-07-12 11:21] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywwxy] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0] "Script"=\\ds\NETLOGON\gpo-scripts\GPOAddAdmin.bat [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk backup=C:\WINDOWS\pss\SnagIt 7.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE /s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGA6P_0001_N122M2210] C:\DOCUME~1\jhollett\LOCALS~1\Temp\winvsnet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] C:\Program Files\Analog Devices\SoundMAX\smax4.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2007-01-05 15:36 872448 --a------ C:\Program Files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] 2007-05-23 10:00 192512 --a------ C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##is-landesk#ldmain] \Shell\AutoRun\command - setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Snv-na-fs1#Anne] \Shell\AutoRun\command - Z:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{601d89d1-92ce-11dc-ad74-001a6bb9b52b}] \Shell\AutoRun\command - E:\Autorun.exe /run \Shell\Shell00\Command - E:\Autorun.exe /run \Shell\Shell01\Command - E:\Autorun.exe /action \Shell\Shell02\Command - E:\Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{671c6ac2-452e-11dc-b2ed-806d6172696f}] \Shell\AutoRun\command - D:\Programs\nu2menu\nu2menu.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-11 16:43:33 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-11 16:45:19 - machine was rebooted . 2007-11-26 20:01:52 --- E O F ---
  11. Thank youn again for your help. I have listed both the startup.txt and the new hijacklog below. Thank you ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Reader_sl" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APVXDWIN] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="APVXDWIN" "hkey"="HKLM" "command"="\"C:\\Program Files\\Panda Security\\Panda Antivirus 2008\\APVXDWIN.EXE\" /s" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpWirelessAssistant] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="HPWAMain" "hkey"="HKLM" "command"="%ProgramFiles%\\Hewlett-Packard\\HP Wireless Assistant\\HPWAMain.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NI.UGA6P_0001_N122M2210] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="winvsnet" "hkey"="HKLM" "command"="\"C:\\DOCUME~1\\jhollett\\LOCALS~1\\Temp\\winvsnet.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="QlbCtrl" "hkey"="HKLM" "command"="%ProgramFiles%\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMAX] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="smax4" "hkey"="HKLM" "command"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\smax4.exe\" /tray" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMAXPnP] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="smax4pnp" "hkey"="HKLM" "command"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="TeaTimer" "hkey"="HKCU" "command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WatchDog] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DVDCheck" "hkey"="HKLM" "command"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="YAHOOM~1" "hkey"="HKCU" "command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet" "inimapping"="0" Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SnagIt 7.lnk" "backup"="C:\\WINDOWS\\pss\\SnagIt 7.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\TECHSM~1\\SNAGIT~1\\SnagIt32.exe " "item"="SnagIt 7" ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:04:57 PM, on 12/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SSA\smc.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Connected\AgentSrv.EXE C:\Program Files\Aruba Wireless Networks\ArubaService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\LANDesk\Shared Files\residentagent.exe C:\WINDOWS\system32\nfsclnt.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\LANDesk\LDClient\LocalSch.EXE C:\WINDOWS\system32\CBA\pds.exe C:\Program Files\LANDesk\LDCLient\tmcsvc.exe C:\Program Files\iPass\iPassConnect\iPCAgent.exe C:\PROGRA~1\LANDesk\LDCLient\issuser.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\LANDesk\LDCLient\xddclient.exe C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\LANDesk\LDCLient\softmon.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Intel\AMT\UNS.exe C:\WINDOWS\system32\PSXRUN.EXE C:\WINDOWS\system32\psxss.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\ams_ii\hndlrsvc.exe C:\WINDOWS\system32\MsgSys.EXE C:\PROGRA~1\LANDesk\LDClient\collector.exe C:\SFU\usr\sbin\zzInterix C:\SFU\usr\sbin\init C:\SFU\usr\sbin\inetd C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\AMT\atchk.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe C:\Program Files\UltraMon\UltraMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\Connected\CBSysTray.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe C:\Program Files\Cisco Systems\VPN Client\vpngui.exe C:\PROGRA~1\MOZILL~2\FIREFOX.EXE C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Pidgin\pidgin.exe C:\DOCUME~1\jhollett\LOCALS~1\Temp\60exhmunml35dl.exe C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ticketing.corp.yahoo.com/callcenter...WETS=1196976644 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.yahoo.com:1080 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe" O4 - HKLM\..\Run: [pwreset] C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe O4 - HKLM\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186628029890 O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - https://ticketing.corp.yahoo.com/callcenter...x_HI_Client.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com O17 - HKLM\System\CCS\Services\Tcpip\..\{28E58799-FDB7-49B5-A190-4A34FF457CA8}: NameServer = 192.168.0.23 O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: Domain = corp.yahoo.com O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: NameServer = 216.145.50.3,216.145.50.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.yahoo.com,ds.corp.yahoo.com,yahoo.com O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE O23 - Service: Aruba VPN Service - Unknown owner - C:\Program Files\Aruba Wireless Networks\ArubaService.exe O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\\QosServM.exe O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDCLient\xddclient.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe -- End of file - 12004 bytes
  12. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:56:44 PM, on 12/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SSA\smc.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Connected\AgentSrv.EXE C:\Program Files\Aruba Wireless Networks\ArubaService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\LANDesk\Shared Files\residentagent.exe C:\WINDOWS\system32\nfsclnt.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\system32\QosServM.exe C:\Program Files\LANDesk\LDClient\LocalSch.EXE C:\WINDOWS\system32\CBA\pds.exe C:\Program Files\LANDesk\LDCLient\tmcsvc.exe C:\Program Files\iPass\iPassConnect\iPCAgent.exe C:\PROGRA~1\LANDesk\LDCLient\issuser.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\LANDesk\LDCLient\xddclient.exe C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\LANDesk\LDCLient\softmon.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Intel\AMT\UNS.exe C:\WINDOWS\system32\PSXRUN.EXE C:\WINDOWS\system32\psxss.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\ams_ii\hndlrsvc.exe C:\PROGRA~1\LANDesk\LDClient\collector.exe C:\WINDOWS\system32\MsgSys.EXE C:\SFU\usr\sbin\init C:\SFU\usr\sbin\zzInterix C:\SFU\usr\sbin\inetd C:\WINDOWS\explorer.exe C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Cisco Systems\VPN Client\vpngui.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ticketing.corp.yahoo.com/callcenter...WETS=1196976644 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.yahoo.com:1080 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe" O4 - HKLM\..\Run: [pwreset] C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe O4 - HKLM\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186628029890 O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - https://ticketing.corp.yahoo.com/callcenter...x_HI_Client.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com O17 - HKLM\System\CCS\Services\Tcpip\..\{28E58799-FDB7-49B5-A190-4A34FF457CA8}: NameServer = 192.168.0.23 O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: Domain = corp.yahoo.com O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: NameServer = 216.145.50.3,216.145.50.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.yahoo.com,ds.corp.yahoo.com,yahoo.com O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE O23 - Service: Aruba VPN Service - Unknown owner - C:\Program Files\Aruba Wireless Networks\ArubaService.exe O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\\QosServM.exe O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDCLient\xddclient.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe -- End of file - 10948 bytes
  13. Thank you for responding so fast. I have attached both the adaware log (adaware_log.txt) and the hijackthis log (hijackthis.log). Thank you again for your help. adaware_log.txt hijackthis.log
  14. Logfile of HijackThis v1.99.1 Scan saved at 12:31:16 PM, on 12/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sygate\SSA\smc.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Connected\AgentSrv.EXE C:\Program Files\Aruba Wireless Networks\ArubaService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\LANDesk\Shared Files\residentagent.exe C:\WINDOWS\system32\nfsclnt.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\LANDesk\LDClient\LocalSch.EXE C:\WINDOWS\system32\CBA\pds.exe C:\Program Files\LANDesk\LDCLient\tmcsvc.exe C:\Program Files\iPass\iPassConnect\iPCAgent.exe C:\PROGRA~1\LANDesk\LDCLient\issuser.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\LANDesk\LDCLient\xddclient.exe C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\LANDesk\LDCLient\softmon.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Intel\AMT\UNS.exe C:\WINDOWS\system32\PSXRUN.EXE C:\WINDOWS\system32\psxss.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\PROGRA~1\LANDesk\LDClient\collector.exe C:\WINDOWS\system32\ams_ii\hndlrsvc.exe C:\WINDOWS\system32\MsgSys.EXE C:\SFU\usr\sbin\zzInterix C:\SFU\usr\sbin\init C:\SFU\usr\sbin\inetd C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\AMT\atchk.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe C:\Program Files\UltraMon\UltraMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Connected\CBSysTray.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Cisco Systems\VPN Client\vpngui.exe C:\Program Files\Pidgin\pidgin.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\explorer.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Documents and Settings\jhollett\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ticketing.corp.yahoo.com/callcenter...WETS=1196976644 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.yahoo.com:1080 O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {B285004D-6D02-4212-91FC-B8F47B68C254} - C:\WINDOWS\system32\xxywwxy.dll O2 - BHO: (no name) - {D86C6259-49E7-4D41-B51E-0DBE86F72F36} - C:\WINDOWS\system32\pmnlk.dll O2 - BHO: Avaya Web Dialer - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Agent\WebDialer.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe" O4 - HKLM\..\Run: [pwreset] C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe O4 - HKLM\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui O4 - HKLM\..\Run: [spyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder O4 - HKLM\..\Run: [e4436bc5] rundll32.exe "C:\WINDOWS\system32\mklcqybl.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186628029890 O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - https://ticketing.corp.yahoo.com/callcenter...x_HI_Client.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com O17 - HKLM\System\CCS\Services\Tcpip\..\{28E58799-FDB7-49B5-A190-4A34FF457CA8}: NameServer = 192.168.0.23 O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: Domain = corp.yahoo.com O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: NameServer = 216.145.50.3,216.145.50.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.yahoo.com,ds.corp.yahoo.com,yahoo.com O20 - AppInit_DLLs: secuload.dll O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: xxywwxy - C:\WINDOWS\SYSTEM32\xxywwxy.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE O23 - Service: Aruba VPN Service - Unknown owner - C:\Program Files\Aruba Wireless Networks\ArubaService.exe O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\\QosServM.exe O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDCLient\xddclient.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe