Sign in to follow this  
staticnoise

Please Help - Hijack Log

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 12:31:16 PM, on 12/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sygate\SSA\smc.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Connected\AgentSrv.EXE

C:\Program Files\Aruba Wireless Networks\ArubaService.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\Program Files\LANDesk\Shared Files\residentagent.exe

C:\WINDOWS\system32\nfsclnt.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\LANDesk\LDClient\LocalSch.EXE

C:\WINDOWS\system32\CBA\pds.exe

C:\Program Files\LANDesk\LDCLient\tmcsvc.exe

C:\Program Files\iPass\iPassConnect\iPCAgent.exe

C:\PROGRA~1\LANDesk\LDCLient\issuser.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\LANDesk\LDCLient\xddclient.exe

C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\LANDesk\LDCLient\softmon.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Intel\AMT\UNS.exe

C:\WINDOWS\system32\PSXRUN.EXE

C:\WINDOWS\system32\psxss.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\PROGRA~1\LANDesk\LDClient\collector.exe

C:\WINDOWS\system32\ams_ii\hndlrsvc.exe

C:\WINDOWS\system32\MsgSys.EXE

C:\SFU\usr\sbin\zzInterix

C:\SFU\usr\sbin\init

C:\SFU\usr\sbin\inetd

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\AMT\atchk.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

C:\Program Files\Connected\CBSysTray.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

C:\Program Files\Pidgin\pidgin.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Documents and Settings\jhollett\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ticketing.corp.yahoo.com/callcenter...WETS=1196976644

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.yahoo.com:1080

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {B285004D-6D02-4212-91FC-B8F47B68C254} - C:\WINDOWS\system32\xxywwxy.dll

O2 - BHO: (no name) - {D86C6259-49E7-4D41-B51E-0DBE86F72F36} - C:\WINDOWS\system32\pmnlk.dll

O2 - BHO: Avaya Web Dialer - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Agent\WebDialer.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart

O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe"

O4 - HKLM\..\Run: [pwreset] C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe

O4 - HKLM\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto

O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui

O4 - HKLM\..\Run: [spyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder

O4 - HKLM\..\Run: [e4436bc5] rundll32.exe "C:\WINDOWS\system32\mklcqybl.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe

O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe

O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186628029890

O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - https://ticketing.corp.yahoo.com/callcenter...x_HI_Client.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com

O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{28E58799-FDB7-49B5-A190-4A34FF457CA8}: NameServer = 192.168.0.23

O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: Domain = corp.yahoo.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: NameServer = 216.145.50.3,216.145.50.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.yahoo.com,ds.corp.yahoo.com,yahoo.com

O20 - AppInit_DLLs: secuload.dll

O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: xxywwxy - C:\WINDOWS\SYSTEM32\xxywwxy.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE

O23 - Service: Aruba VPN Service - Unknown owner - C:\Program Files\Aruba Wireless Networks\ArubaService.exe

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\\QosServM.exe

O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe

O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE

O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe

O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe

O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe

O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe

O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDCLient\xddclient.exe

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

Share this post


Link to post
Share on other sites

Hello.staticnoise & Welcome

 

Please run an update with Ad-Aware! then run a Full System scan. And upload it's log-file. I also need you to remove/uninstall the Ver of Hijack-This you have now and install this one here. After doing so run a scan post the Hijack-This log-file.

 

Download HJTInstall.exe to your Desktop.

 

    Doubleclick HJTInstall.exe to install it.
    By default it will install to C:\Program Files\Trend Micro\HijackThis .
    Click on Install.
    It will create a HijackThis icon on the desktop.
    Once installed, it will launch HijackThis.
    Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    Save the log to a convenient location as you'll need to post it soon.
    Don't use the Analyse This button, its findings are dangerous if misinterpreted.
    Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

 

Gogo :(

Share this post


Link to post
Share on other sites

Hey.staticnoise

 

Please post the Hijack-This log-file so I may have a look at it. I have a hard time seeing them as Attachments.

 

Gogo :(

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:56:44 PM, on 12/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sygate\SSA\smc.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Connected\AgentSrv.EXE

C:\Program Files\Aruba Wireless Networks\ArubaService.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\Program Files\LANDesk\Shared Files\residentagent.exe

C:\WINDOWS\system32\nfsclnt.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\QosServM.exe

C:\Program Files\LANDesk\LDClient\LocalSch.EXE

C:\WINDOWS\system32\CBA\pds.exe

C:\Program Files\LANDesk\LDCLient\tmcsvc.exe

C:\Program Files\iPass\iPassConnect\iPCAgent.exe

C:\PROGRA~1\LANDesk\LDCLient\issuser.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\LANDesk\LDCLient\xddclient.exe

C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\LANDesk\LDCLient\softmon.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Intel\AMT\UNS.exe

C:\WINDOWS\system32\PSXRUN.EXE

C:\WINDOWS\system32\psxss.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\ams_ii\hndlrsvc.exe

C:\PROGRA~1\LANDesk\LDClient\collector.exe

C:\WINDOWS\system32\MsgSys.EXE

C:\SFU\usr\sbin\init

C:\SFU\usr\sbin\zzInterix

C:\SFU\usr\sbin\inetd

C:\WINDOWS\explorer.exe

C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ticketing.corp.yahoo.com/callcenter...WETS=1196976644

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.yahoo.com:1080

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart

O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe"

O4 - HKLM\..\Run: [pwreset] C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe

O4 - HKLM\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto

O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186628029890

O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - https://ticketing.corp.yahoo.com/callcenter...x_HI_Client.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com

O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{28E58799-FDB7-49B5-A190-4A34FF457CA8}: NameServer = 192.168.0.23

O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: Domain = corp.yahoo.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: NameServer = 216.145.50.3,216.145.50.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.yahoo.com,ds.corp.yahoo.com,yahoo.com

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE

O23 - Service: Aruba VPN Service - Unknown owner - C:\Program Files\Aruba Wireless Networks\ArubaService.exe

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\\QosServM.exe

O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe

O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE

O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe

O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe

O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe

O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe

O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDCLient\xddclient.exe

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

 

--

End of file - 10948 bytes

Share this post


Link to post
Share on other sites

Hi.staticnoise

 

It looks like you disabled some items from running using Msconfig.?

 

Open notepad and copy and paste next bold in it:

 

regedit /e peek1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg"

regedit /e peek2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder"

type peek1.txt >> startup.txt

type peek2.txt >> startup.txt

del peek*.txt

start notepad startup.txt

 

Save this as look.bat , choose to save as *all files and place it on your desktop.

This is how the batch must look after you created it: bat.JPG

Doubleclick on look.bat and post the contents of it in your next reply together with a new hijackthislog.

 

 

Gogo :(

Share this post


Link to post
Share on other sites

Thank youn again for your help. I have listed both the startup.txt and the new hijacklog below.

 

Thank you

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Reader_sl"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APVXDWIN]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="APVXDWIN"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Panda Security\\Panda Antivirus 2008\\APVXDWIN.EXE\" /s"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpWirelessAssistant]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="HPWAMain"

"hkey"="HKLM"

"command"="%ProgramFiles%\\Hewlett-Packard\\HP Wireless Assistant\\HPWAMain.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NI.UGA6P_0001_N122M2210]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="winvsnet"

"hkey"="HKLM"

"command"="\"C:\\DOCUME~1\\jhollett\\LOCALS~1\\Temp\\winvsnet.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QlbCtrl]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="QlbCtrl"

"hkey"="HKLM"

"command"="%ProgramFiles%\\Hewlett-Packard\\HP Quick Launch Buttons\\QlbCtrl.exe /Start"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMAX]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="smax4"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\smax4.exe\" /tray"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMAXPnP]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="smax4pnp"

"hkey"="HKLM"

"command"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="TeaTimer"

"hkey"="HKCU"

"command"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WatchDog]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DVDCheck"

"hkey"="HKLM"

"command"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="YAHOOM~1"

"hkey"="HKCU"

"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

"inimapping"="0"

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SnagIt 7.lnk"

"backup"="C:\\WINDOWS\\pss\\SnagIt 7.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\PROGRA~1\\TECHSM~1\\SNAGIT~1\\SnagIt32.exe "

"item"="SnagIt 7"

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:04:57 PM, on 12/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sygate\SSA\smc.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Connected\AgentSrv.EXE

C:\Program Files\Aruba Wireless Networks\ArubaService.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\Program Files\LANDesk\Shared Files\residentagent.exe

C:\WINDOWS\system32\nfsclnt.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\LANDesk\LDClient\LocalSch.EXE

C:\WINDOWS\system32\CBA\pds.exe

C:\Program Files\LANDesk\LDCLient\tmcsvc.exe

C:\Program Files\iPass\iPassConnect\iPCAgent.exe

C:\PROGRA~1\LANDesk\LDCLient\issuser.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\LANDesk\LDCLient\xddclient.exe

C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\LANDesk\LDCLient\softmon.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Intel\AMT\UNS.exe

C:\WINDOWS\system32\PSXRUN.EXE

C:\WINDOWS\system32\psxss.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\ams_ii\hndlrsvc.exe

C:\WINDOWS\system32\MsgSys.EXE

C:\PROGRA~1\LANDesk\LDClient\collector.exe

C:\SFU\usr\sbin\zzInterix

C:\SFU\usr\sbin\init

C:\SFU\usr\sbin\inetd

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\AMT\atchk.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files\Connected\CBSysTray.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe

C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

C:\PROGRA~1\MOZILL~2\FIREFOX.EXE

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Pidgin\pidgin.exe

C:\DOCUME~1\jhollett\LOCALS~1\Temp\60exhmunml35dl.exe

C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ticketing.corp.yahoo.com/callcenter...WETS=1196976644

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.yahoo.com:1080

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart

O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe"

O4 - HKLM\..\Run: [pwreset] C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe

O4 - HKLM\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto

O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186628029890

O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - https://ticketing.corp.yahoo.com/callcenter...x_HI_Client.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com

O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{28E58799-FDB7-49B5-A190-4A34FF457CA8}: NameServer = 192.168.0.23

O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: Domain = corp.yahoo.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{8FA4D648-55B8-415F-8C64-9CF2A8B66805}: NameServer = 216.145.50.3,216.145.50.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = corp.yahoo.com,ds.corp.yahoo.com,yahoo.com

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE

O23 - Service: Aruba VPN Service - Unknown owner - C:\Program Files\Aruba Wireless Networks\ArubaService.exe

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\\QosServM.exe

O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe

O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE

O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe

O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe

O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe

O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe

O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDCLient\xddclient.exe

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

 

--

End of file - 12004 bytes

Share this post


Link to post
Share on other sites

Hi.staticnoise

 

Please clean out your temp files.

 

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

 

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

 

If you use Firefox browser

 

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

 

If you use Opera browser

 

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

 

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

===========================

 

Download ComboFix from Here or Here to your Desktop.

 

[*]Double click combofix.exe and follow the prompts.

[*]When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply

 

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

 

Gogo :(

Share this post


Link to post
Share on other sites

ComboFix 07-12-12.3 - jhollett 2007-12-11 16:38:05.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1252 [GMT -8:00]

Running from: C:\Documents and Settings\jhollett\Desktop\ComboFix(2).exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Temp\bkR11

C:\WINDOWS\system32\gfdfqtqn.dll

C:\WINDOWS\system32\jjlrvrdg.dll

C:\WINDOWS\system32\klnmp.ini

C:\WINDOWS\system32\klnmp.ini2

C:\WINDOWS\system32\lbyqclkm.ini

C:\WINDOWS\system32\mklcqybl.dll

C:\WINDOWS\system32\pac.txt

C:\WINDOWS\system32\pmnlk.dll

C:\WINDOWS\system32\qvdfjjcy.dll

 

.

((((((((((((((((((((((((( Files Created from 2007-11-12 to 2007-12-12 )))))))))))))))))))))))))))))))

.

 

2007-12-11 13:25 . 2007-12-11 13:25 <DIR> d-------- C:\VundoFix Backups

2007-12-10 16:04 . 2007-12-10 16:04 <DIR> d-------- C:\Deckard

2007-12-10 15:00 . 2007-11-28 13:06 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-12-10 12:40 . 2007-12-10 12:40 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Tenebril

2007-12-10 12:39 . 2007-12-10 12:39 <DIR> d-------- C:\Program Files\Trend Micro

2007-12-10 12:38 . 2007-12-10 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril

2007-12-10 12:37 . 2007-12-10 12:37 <DIR> d-------- C:\WINDOWS\system32\tenarchlib

2007-12-10 12:37 . 2005-10-12 23:10 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll

2007-12-10 12:17 . 2007-12-10 12:17 <DIR> d-------- C:\Program Files\Lavasoft

2007-12-10 12:17 . 2007-12-10 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-07 16:28 . 2007-12-07 16:28 39,936 --a------ C:\WINDOWS\system32\xxywwxy.dll.vir

2007-12-06 09:21 . 2007-12-06 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-06 09:10 . 2007-12-06 09:10 <DIR> d-------- C:\Program Files\Sygate

2007-12-06 09:10 . 2006-07-12 11:19 81,080 --a------ C:\WINDOWS\system32\SSSensor.dll

2007-12-06 09:10 . 2006-07-12 10:59 61,520 --a------ C:\WINDOWS\system32\drivers\Teefer.sys

2007-12-06 09:10 . 2006-07-12 11:02 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys

2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg6n.sys

2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg5n.sys

2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg4n.sys

2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg3n.sys

2007-12-05 15:21 . 2007-12-05 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2007-12-05 15:20 . 2007-12-06 09:03 <DIR> d-------- C:\Program Files\Panda Security

2007-12-05 15:20 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll

2007-12-05 12:20 . 2007-12-05 12:20 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2007-12-05 12:20 . 2007-12-05 12:20 1,406 --a------ C:\WINDOWS\system32\Help.ico

2007-12-05 12:11 . 2007-12-07 16:28 <DIR> d-------- C:\WINDOWS\system32\daSgo01

2007-12-05 11:59 . 2007-12-05 12:01 <DIR> d-------- C:\Program Files\SlimServer

2007-12-05 10:01 . 2007-12-05 10:01 <DIR> d-------- C:\Program Files\AnalogX

2007-12-05 07:56 . 2007-12-05 07:56 <DIR> d-------- C:\Program Files\YIT

2007-12-04 13:59 . 2007-12-04 13:59 32,768 --a------ C:\WINDOWS\system\smvss.exe

2007-12-04 08:38 . 2007-12-04 08:38 <DIR> d-------- C:\Dell

2007-12-03 16:33 . 2007-12-03 16:33 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Songbird1

2007-12-03 16:33 . 2007-12-03 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC

2007-12-03 16:19 . 2007-12-11 13:31 <DIR> d-------- C:\Program Files\Synergy

2007-12-03 15:57 . 2007-12-03 15:59 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\uTorrent

2007-11-30 15:52 . 2007-11-30 15:52 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Thunderbird

2007-11-30 13:55 . 2007-12-05 12:37 <DIR> d-------- C:\Program Files\FileZilla Client

2007-11-28 13:06 . 2007-12-10 16:05 <DIR> d-------- C:\Documents and Settings\jhollett\.housecall6.6

2007-11-27 14:55 . 2007-11-27 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application DataTechSmith

2007-11-27 14:53 . 2007-11-27 14:53 <DIR> d-------- C:\Program Files\TechSmith

2007-11-27 14:53 . 2007-12-11 13:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-11-27 08:10 . 2007-11-27 08:10 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2007-11-26 12:37 . 2007-11-26 12:37 0 --a------ C:\WINDOWS\system32\(null)id.tmp

2007-11-17 00:48 . 2007-11-17 00:48 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Apple Computer

2007-11-15 08:03 . 2007-08-20 02:04 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-11-15 08:03 . 2007-04-17 01:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-11-15 08:03 . 2007-03-07 21:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2007-11-15 08:03 . 2007-08-20 02:04 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-11-15 08:03 . 2007-08-20 02:04 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-11-15 08:03 . 2007-08-20 02:04 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-11-15 08:03 . 2007-08-20 02:04 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2007-11-15 08:03 . 2007-08-20 02:04 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-11-15 08:03 . 2007-08-17 02:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-11-14 14:56 . 2007-11-14 14:56 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2007-11-13 13:20 . 2007-12-06 15:43 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\FileZilla

2007-11-12 16:43 . 2007-11-12 16:43 <DIR> d-------- C:\WINDOWS\cluster

2007-11-12 16:43 . 2007-11-12 16:43 <DIR> d-------- C:\Program Files\CMAK

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-12 00:41 --------- d-----w C:\Program Files\Symantec AntiVirus

2007-12-12 00:31 --------- d-----w C:\Documents and Settings\jhollett\Application Data\.purple

2007-12-11 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\vulScan

2007-12-11 20:03 --------- d-----w C:\Program Files\Connected

2007-12-05 23:20 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-05 20:42 --------- d-----w C:\Program Files\WinSCP3

2007-12-05 20:41 --------- d-----w C:\Program Files\UltraMon

2007-12-05 20:41 --------- d-----w C:\Program Files\Pidgin

2007-12-05 20:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-12-05 20:36 --------- d-----w C:\Program Files\Aruba Wireless Networks

2007-12-04 00:37 --------- d-----w C:\Program Files\Yahoo! Inc

2007-11-20 22:41 --------- d-----w C:\Program Files\Common Files\Adobe

2007-11-13 16:17 --------- d-----w C:\Program Files\Yahoo!

2007-11-13 16:02 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Yahoo!

2007-11-13 16:01 --------- d-----w C:\Program Files\FileZilla

2007-11-12 21:53 --------- d-----w C:\Documents and Settings\jhollett\Application Data\DameWare Development

2007-11-10 08:35 --------- d-----w C:\Documents and Settings\staticnoise\Application Data\uTorrent

2007-11-10 08:27 --------- d-----w C:\Program Files\uTorrent

2007-11-10 08:25 --------- d-----w C:\Documents and Settings\staticnoise\Application Data\Realtime Soft

2007-11-10 07:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Realtime Soft

2007-11-09 19:09 --------- d-----w C:\Program Files\Google

2007-11-09 19:05 --------- d-----w C:\Program Files\Common Files\Data Dynamics

2007-11-09 19:04 --------- d-----w C:\Program Files\Microsoft SQL Server

2007-11-09 19:04 --------- d-----w C:\Program Files\LANDesk

2007-11-09 17:18 --------- d-----w C:\Program Files\DameWare Development

2007-11-08 19:36 --------- d-----w C:\Program Files\Common Files\Realtime Soft

2007-11-08 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Realtime Soft

2007-11-08 17:14 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Realtime Soft

2007-11-08 00:07 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Winamp

2007-11-07 16:43 --------- d-----w C:\Program Files\Winamp

2007-11-06 22:31 --------- d-----w C:\Program Files\Common Files\GTK

2007-11-06 18:59 --------- d-----w C:\Program Files\Java

2007-11-06 17:47 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Avaya

2007-11-05 20:05 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Instantbird

2007-11-05 19:32 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Winamp

2007-11-05 18:22 --------- d-----w C:\Program Files\Avaya

2007-11-05 18:22 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Avaya

2007-11-05 17:41 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Thunderbird

2007-11-05 16:11 97,936 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

2007-11-05 16:11 31,888 ----a-w C:\WINDOWS\system32\drivers\symids.sys

2007-11-05 16:11 28,304 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

2007-11-05 16:11 24,208 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

2007-11-05 16:11 20 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat

2007-11-05 16:11 189,584 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

2007-11-05 16:11 12,944 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

2007-11-05 16:11 1,133 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 20:50]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 20:50]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 20:50]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 16:47]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 10:24]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 10:22]

"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-05-01 15:52]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:00]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 04:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 09:33]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-26 19:51]

"IntelAPMClient"="C:\Program Files\LANDesk\LDCLient\amclient.exe" [2006-12-04 06:38]

"SDClientMonitor"="C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe" [2006-11-01 07:06]

"pwreset"="C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe" [2005-10-25 11:17]

"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27]

"devenv"="C:\WINDOWS\system\smvss.exe" [2007-12-04 13:59]

"SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [2006-07-12 11:21]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywwxy]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=\\ds\NETLOGON\gpo-scripts\GPOAddAdmin.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk

backup=C:\WINDOWS\pss\SnagIt 7.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]

C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE /s

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGA6P_0001_N122M2210]

C:\DOCUME~1\jhollett\LOCALS~1\Temp\winvsnet.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

C:\Program Files\Analog Devices\SoundMAX\smax4.exe /tray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2007-01-05 15:36 872448 --a------ C:\Program Files\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]

2007-05-23 10:00 192512 --a------ C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##is-landesk#ldmain]

\Shell\AutoRun\command - setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Snv-na-fs1#Anne]

\Shell\AutoRun\command - Z:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{601d89d1-92ce-11dc-ad74-001a6bb9b52b}]

\Shell\AutoRun\command - E:\Autorun.exe /run

\Shell\Shell00\Command - E:\Autorun.exe /run

\Shell\Shell01\Command - E:\Autorun.exe /action

\Shell\Shell02\Command - E:\Autorun.exe /uninstall

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{671c6ac2-452e-11dc-b2ed-806d6172696f}]

\Shell\AutoRun\command - D:\Programs\nu2menu\nu2menu.exe

 

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-11 16:43:33

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-11 16:45:19 - machine was rebooted

.

2007-11-26 20:01:52 --- E O F ---

Share this post


Link to post
Share on other sites

Hi.staticnoise

 

Next

 

1. Close any open browsers.

 

2. Open notepad and copy/paste the text in the quote box below into it (but don't include the word: quote). Make sure to use NotePad and nothing else.

 

File::

C:\WINDOWS\system32\xxywwxy.dll.vir

C:\WINDOWS\system32\Uninstall.ico

C:\WINDOWS\system32\Help.ico

 

Folder::

C:\WINDOWS\system32\daSgo01

 

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywwxy]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UGA6P_0001_N122M2210]

 

Save this as CFScript.txt, in the same location as ComboFix.exe

 

CFScript.gif

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

 

When finished, it will produce a log for you at "C:\ComboFix.txt"

 

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

 

Then come back here with both the HijackThis log and ComboFix.txt

 

 

Gogo :)

Share this post


Link to post
Share on other sites

Thanks again

 

 

ComboFix 07-12-12.3 - jhollett 2007-12-12 16:07:23.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1208 [GMT -8:00]

Running from: C:\Documents and Settings\jhollett\Desktop\ComboFix(2).exe

Command switches used :: C:\Documents and Settings\jhollett\Desktop\CFScript.txt

* Created a new restore point

 

FILE

C:\WINDOWS\system32\Help.ico

C:\WINDOWS\system32\Uninstall.ico

C:\WINDOWS\system32\xxywwxy.dll.vir

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\daSgo01

C:\WINDOWS\system32\Help.ico

C:\WINDOWS\system32\Uninstall.ico

C:\WINDOWS\system32\xxywwxy.dll.vir

 

.

((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))

.

 

2007-12-12 08:37 . 2007-12-12 16:08 <DIR> d-------- C:\Program Files\PeerGuardian2

2007-12-12 06:55 . 2007-12-12 06:55 90,112 --a------ C:\WINDOWS\system32\WOEM_3_2awoem.tmp

2007-12-11 13:25 . 2007-12-11 13:25 <DIR> d-------- C:\VundoFix Backups

2007-12-10 16:04 . 2007-12-10 16:04 <DIR> d-------- C:\Deckard

2007-12-10 15:00 . 2007-11-28 13:06 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-12-10 12:40 . 2007-12-10 12:40 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Tenebril

2007-12-10 12:39 . 2007-12-10 12:39 <DIR> d-------- C:\Program Files\Trend Micro

2007-12-10 12:38 . 2007-12-10 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril

2007-12-10 12:37 . 2007-12-10 12:37 <DIR> d-------- C:\WINDOWS\system32\tenarchlib

2007-12-10 12:37 . 2005-10-12 23:10 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll

2007-12-10 12:17 . 2007-12-10 12:17 <DIR> d-------- C:\Program Files\Lavasoft

2007-12-10 12:17 . 2007-12-10 12:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2007-12-06 09:21 . 2007-12-06 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2007-12-06 09:10 . 2007-12-06 09:10 <DIR> d-------- C:\Program Files\Sygate

2007-12-06 09:10 . 2006-07-12 11:19 81,080 --a------ C:\WINDOWS\system32\SSSensor.dll

2007-12-06 09:10 . 2006-07-12 10:59 61,520 --a------ C:\WINDOWS\system32\drivers\Teefer.sys

2007-12-06 09:10 . 2006-07-12 11:02 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys

2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg6n.sys

2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg5n.sys

2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg4n.sys

2007-12-06 09:10 . 2006-07-12 11:22 14,944 --a------ C:\WINDOWS\system32\drivers\wg3n.sys

2007-12-05 15:21 . 2007-12-05 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2007-12-05 15:20 . 2007-12-06 09:03 <DIR> d-------- C:\Program Files\Panda Security

2007-12-05 15:20 . 2007-02-15 20:02 50,736 --a------ C:\WINDOWS\system32\avldr.dll

2007-12-05 11:59 . 2007-12-05 12:01 <DIR> d-------- C:\Program Files\SlimServer

2007-12-05 10:01 . 2007-12-05 10:01 <DIR> d-------- C:\Program Files\AnalogX

2007-12-05 07:56 . 2007-12-05 07:56 <DIR> d-------- C:\Program Files\YIT

2007-12-04 13:59 . 2007-12-04 13:59 32,768 --a------ C:\WINDOWS\system\smvss.exe

2007-12-04 08:38 . 2007-12-04 08:38 <DIR> d-------- C:\Dell

2007-12-03 16:33 . 2007-12-03 16:33 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Songbird1

2007-12-03 16:33 . 2007-12-03 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC

2007-12-03 16:19 . 2007-12-11 13:31 <DIR> d-------- C:\Program Files\Synergy

2007-12-03 15:57 . 2007-12-12 09:46 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\uTorrent

2007-11-30 15:52 . 2007-11-30 15:52 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Thunderbird

2007-11-30 13:55 . 2007-12-05 12:37 <DIR> d-------- C:\Program Files\FileZilla Client

2007-11-28 13:06 . 2007-12-10 16:05 <DIR> d-------- C:\Documents and Settings\jhollett\.housecall6.6

2007-11-27 14:55 . 2007-11-27 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application DataTechSmith

2007-11-27 14:53 . 2007-11-27 14:53 <DIR> d-------- C:\Program Files\TechSmith

2007-11-27 14:53 . 2007-12-11 13:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-11-27 08:10 . 2007-11-27 08:10 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2007-11-26 12:37 . 2007-11-26 12:37 0 --a------ C:\WINDOWS\system32\(null)id.tmp

2007-11-17 00:48 . 2007-11-17 00:48 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\Apple Computer

2007-11-15 08:03 . 2007-08-20 02:04 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-11-15 08:03 . 2007-04-17 01:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-11-15 08:03 . 2007-03-07 21:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2007-11-15 08:03 . 2007-08-20 02:04 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-11-15 08:03 . 2007-08-20 02:04 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-11-15 08:03 . 2007-08-20 02:04 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-11-15 08:03 . 2007-08-20 02:04 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll

2007-11-15 08:03 . 2007-08-20 02:04 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-11-15 08:03 . 2007-08-17 02:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-11-14 14:56 . 2007-11-14 14:56 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2007-11-13 13:20 . 2007-12-06 15:43 <DIR> d-------- C:\Documents and Settings\jhollett\Application Data\FileZilla

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-13 00:04 --------- d-----w C:\Documents and Settings\jhollett\Application Data\.purple

2007-12-12 23:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\vulScan

2007-12-12 20:02 --------- d-----w C:\Program Files\Connected

2007-12-12 14:55 --------- d-----w C:\Program Files\Symantec AntiVirus

2007-12-05 23:20 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-05 20:42 --------- d-----w C:\Program Files\WinSCP3

2007-12-05 20:41 --------- d-----w C:\Program Files\UltraMon

2007-12-05 20:41 --------- d-----w C:\Program Files\Pidgin

2007-12-05 20:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2007-12-05 20:36 --------- d-----w C:\Program Files\Aruba Wireless Networks

2007-12-04 00:37 --------- d-----w C:\Program Files\Yahoo! Inc

2007-11-20 22:41 --------- d-----w C:\Program Files\Common Files\Adobe

2007-11-13 16:17 --------- d-----w C:\Program Files\Yahoo!

2007-11-13 16:02 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Yahoo!

2007-11-13 16:01 --------- d-----w C:\Program Files\FileZilla

2007-11-13 00:43 --------- d-----w C:\Program Files\CMAK

2007-11-12 21:53 --------- d-----w C:\Documents and Settings\jhollett\Application Data\DameWare Development

2007-11-10 08:35 --------- d-----w C:\Documents and Settings\staticnoise\Application Data\uTorrent

2007-11-10 08:27 --------- d-----w C:\Program Files\uTorrent

2007-11-10 08:25 --------- d-----w C:\Documents and Settings\staticnoise\Application Data\Realtime Soft

2007-11-10 07:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Realtime Soft

2007-11-09 19:09 --------- d-----w C:\Program Files\Google

2007-11-09 19:05 --------- d-----w C:\Program Files\Common Files\Data Dynamics

2007-11-09 19:04 --------- d-----w C:\Program Files\Microsoft SQL Server

2007-11-09 19:04 --------- d-----w C:\Program Files\LANDesk

2007-11-09 17:18 --------- d-----w C:\Program Files\DameWare Development

2007-11-08 19:36 --------- d-----w C:\Program Files\Common Files\Realtime Soft

2007-11-08 19:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Realtime Soft

2007-11-08 17:14 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Realtime Soft

2007-11-08 00:07 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Winamp

2007-11-07 16:43 --------- d-----w C:\Program Files\Winamp

2007-11-06 23:27 48,456 ----a-w C:\WINDOWS\system32\UninstallElectricSheep.exe

2007-11-06 22:31 --------- d-----w C:\Program Files\Common Files\GTK

2007-11-06 18:59 --------- d-----w C:\Program Files\Java

2007-11-06 17:47 --------- d-----w C:\Documents and Settings\jhollett\Application Data\Avaya

2007-11-05 20:05 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Instantbird

2007-11-05 19:32 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Winamp

2007-11-05 18:22 --------- d-----w C:\Program Files\Avaya

2007-11-05 18:22 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Avaya

2007-11-05 17:41 --------- d-----w C:\Documents and Settings\jhollet\Application Data\Thunderbird

2007-11-05 16:11 97,936 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

2007-11-05 16:11 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll

2007-11-05 16:11 31,888 ----a-w C:\WINDOWS\system32\drivers\symids.sys

2007-11-05 16:11 28,304 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

2007-11-05 16:11 24,208 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

2007-11-05 16:11 20 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat

2007-11-05 16:11 189,584 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

2007-11-05 16:11 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll

2007-11-05 16:11 12,944 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

2007-11-05 16:11 1,133 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf

.

 

((((((((((((((((((((((((((((( [email protected]_16.44.17.18 )))))))))))))))))))))))))))))))))))))))))

.

- 2007-12-11 22:25:15 71,370 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2007-12-12 15:04:04 71,370 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2007-12-11 22:25:15 439,832 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2007-12-12 15:04:04 439,832 ----a-w C:\WINDOWS\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-18 20:50]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-18 20:50]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-18 20:50]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 16:47]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 10:24]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-04-16 10:22]

"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-05-01 15:52]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 04:00]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 04:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 04:00]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 09:33]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-26 19:51]

"IntelAPMClient"="C:\Program Files\LANDesk\LDCLient\amclient.exe" [2006-12-04 06:38]

"SDClientMonitor"="C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe" [2006-11-01 07:06]

"pwreset"="C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe" [2005-10-25 11:17]

"UltraMon"="C:\Program Files\UltraMon\UltraMon.exe" [2006-10-12 21:27]

"devenv"="C:\WINDOWS\system\smvss.exe" [2007-12-04 13:59]

"SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [2006-07-12 11:21]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]

"Script"=\\ds\NETLOGON\gpo-scripts\GPOAddAdmin.bat

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk

backup=C:\WINDOWS\pss\SnagIt 7.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]

C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE /s

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

C:\Program Files\Analog Devices\SoundMAX\smax4.exe /tray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2007-01-05 15:36 872448 --a------ C:\Program Files\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]

2007-05-23 10:00 192512 --a------ C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet

 

R2 Aruba VPN Service;Aruba VPN Service;C:\Program Files\Aruba Wireless Networks\ArubaService.exe

R2 atchksrv;Intel® Active Management Technology System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe

R2 CBA8;LANDesk® Management Agent;"C:\Program Files\LANDesk\Shared Files\residentagent.exe"

R2 Client for NFS;Client for NFS;C:\WINDOWS\system32\nfsclnt.exe

R2 iPCAgent;iPCAgent;C:\Program Files\iPass\iPassConnect\iPCAgent.exe

R2 LDXDD;LANDesk® Extended device discovery service;"C:\Program Files\LANDesk\LDCLient\xddclient.exe"

R2 LMS;Intel® Active Management Technology Local Management Service;C:\Program Files\Intel\AMT\LMS.exe

R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;C:\WINDOWS\system32\DRIVERS\mdc80211.sys

R2 Softmon;LANDesk® Software Monitoring Service;"C:\Program Files\LANDesk\LDCLient\softmon.exe"

R2 UltraMonUtility;UltraMon Utility Driver;\??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys

R2 UNS;Intel® Active Management Technology User Notification Service;C:\Program Files\Intel\AMT\UNS.exe

R2 zzInterix;Interix Subsystem Startup;C:\WINDOWS\system32\PSXRUN.EXE

R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

R3 ldblank;Screen Blanking driver for Remote Control;C:\WINDOWS\system32\DRIVERS\ldblank.sys

R3 ldmirror;ldmirror;C:\WINDOWS\system32\DRIVERS\ldmirror.sys

R3 mirrorflt;Mirror Filter Driver for Uninstall;C:\WINDOWS\system32\DRIVERS\mirrorflt.sys

R3 NfsRdr;NfsRdr;\??\C:\WINDOWS\system32\drivers\nfsrdr.sys

R3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys

R3 Portmap;Portmap;\??\C:\WINDOWS\system32\drivers\portmap.sys

R3 PsxDrv;PsxDrv;\??\C:\WINDOWS\system32\drivers\PSXDRV.SYS

R3 rismc32;RICOH Smart Card Reader;C:\WINDOWS\system32\DRIVERS\rismc32.sys

R3 RpcXdr;RpcXdr;\??\C:\WINDOWS\system32\drivers\rpcxdr.sys

R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys

R3 WOEM_3_2a;WinPcap Packet Driver (WOEM_3_2a);C:\WINDOWS\system32\drivers\WOEM_3_2a.sys

S3 magaService;Lan Discover Agent;C:\Program Files\Sygate\SSA\maga\maga.exe

S3 OracleClientCache80;OracleClientCache80;C:\orant\BIN\ONRSD80.EXE

S4 CronService;Windows Cron Service;C:\SFU\common\cron.exe

S4 Mapsvc;User Name Mapping;C:\SFU\Mapper\mapsvc.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##is-landesk#ldmain]

\Shell\AutoRun\command - setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Snv-na-fs1#Anne]

\Shell\AutoRun\command - Z:\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{601d89d1-92ce-11dc-ad74-001a6bb9b52b}]

\Shell\AutoRun\command - E:\Autorun.exe /run

\Shell\Shell00\Command - E:\Autorun.exe /run

\Shell\Shell01\Command - E:\Autorun.exe /action

\Shell\Shell02\Command - E:\Autorun.exe /uninstall

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{671c6ac2-452e-11dc-b2ed-806d6172696f}]

\Shell\AutoRun\command - D:\Programs\nu2menu\nu2menu.exe

 

*Newly Created Service* - IPFILTERDRIVER

*Newly Created Service* - PGFILTER

.

**************************************************************************

 

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-12 16:08:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2007-12-12 16:09:08

C:\ComboFix2.txt ... 2007-12-11 16:45

.

2007-11-26 20:01:52 --- E O F ---

 

----------------------------------------------------------

 

 

----------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:17, on 2007-12-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sygate\SSA\smc.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Connected\AgentSrv.EXE

C:\Program Files\Aruba Wireless Networks\ArubaService.exe

C:\Program Files\Intel\AMT\atchksrv.exe

C:\Program Files\LANDesk\Shared Files\residentagent.exe

C:\WINDOWS\system32\nfsclnt.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\QosServM.exe

C:\Program Files\LANDesk\LDClient\LocalSch.EXE

C:\WINDOWS\system32\CBA\pds.exe

C:\Program Files\LANDesk\LDCLient\tmcsvc.exe

C:\Program Files\iPass\iPassConnect\iPCAgent.exe

C:\PROGRA~1\LANDesk\LDCLient\issuser.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\LANDesk\LDCLient\xddclient.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\LANDesk\LDClient\collector.exe

C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe

C:\Program Files\Intel\AMT\LMS.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\LANDesk\LDCLient\softmon.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\AMT\UNS.exe

C:\WINDOWS\system32\PSXRUN.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\ams_ii\hndlrsvc.exe

C:\WINDOWS\system32\psxss.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\MsgSys.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\SFU\usr\sbin\zzInterix

C:\Program Files\Intel\AMT\atchk.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\SFU\usr\sbin\init

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\SFU\usr\sbin\inetd

C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe

C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Connected\CBSysTray.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\LANDesk\LDCLient\LDIScn32.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\LANDesk\Shared Files\proxyhost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ticketing.corp.yahoo.com/callcenter...WETS=1196976644

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=socks.yahoo.com:1080

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Avaya Web Dialer - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Agent\WebDialer.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDCLient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart

O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDCLient\webportal\sdclientmonitor.exe"

O4 - HKLM\..\Run: [pwreset] C:\Program Files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe

O4 - HKLM\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto

O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1186628029890

O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - https://ticketing.corp.yahoo.com/callcenter...x_HI_Client.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ds.corp.yahoo.com

O17 - HKLM\Software\..\Telephony: DomainName = ds.corp.yahoo.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{28E58799-FDB7-49B5-A190-4A34FF457CA8}: NameServer = 192.168.0.23

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE

O23 - Service: Aruba VPN Service - Unknown owner - C:\Program Files\Aruba Wireless Networks\ArubaService.exe

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\system32\\QosServM.exe

O23 - Service: Intel Alert Handler - LANDesk Software Ltd. - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe

O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE

O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe

O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\tmcsvc.exe

O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe

O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe

O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LANDesk® Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDCLient\xddclient.exe

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe

O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

 

--

End of file - 11799 bytes

Share this post


Link to post
Share on other sites

Hi.staticnoise

 

Please do this for I just want to make sure about something here.

 

Please submit the following files for analysis.

 

Jotti File Submission:

 

[*]Please go to Jotti's malware scan

[*]Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

 

[*]C:\WINDOWS\system32\archlib.dll

 

[*]Click on the submit button

[*]Please post the results in your next reply.

 

Please note that if you are submitting more than one file they will have to be entered one at a time.

 

 

=========================

 

Please come back here with the scan results. Also may I have some feedback how is PC! going any better now.

 

 

Gogo :(

Share this post


Link to post
Share on other sites

thank you so much for your help. My machine is running a lot better now.

 

Thank you!

 

 

 

File: archlib.dll

Status:

OK

MD5: b2cfe0aa4d83f78887d348fc39b57434

Packers detected:

-

Bit9 reports: No threat detected (more info)

 

Scanner results

Scan taken on 13 Dec 2007 15:40:19 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Rising Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

Share this post


Link to post
Share on other sites

Hey.staticnoise

 

Sorry about the delay here. Now how is the PC! doing better or the same. Give me, feedback here.

 

Gogo :)

Share this post


Link to post
Share on other sites

Hey.staticnoise

 

Then let's do some cleaning up here.

 

Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u It needs to be there.

 

The above procedure will:

 

* Delete the following:

o ComboFix and its associated files and folders.

o VundoFix backups, if present

o The C:\Deckard folder, if present

o The C:_OtMoveIt folder, if present

* Reset the clock settings.

* Hide file extensions, if required.

* Hide System/Hidden files, if required.

* Set a new, clean Restore Point.

 

===========================

 

Clean out your Temporary Internet files.

Internet Explorer

Close Internet Explorer and close any instances of Windows Explorer.

Click Start -> Control Panel and then double-click Internet Options.

On the General tab, click Delete Files under Temporary Internet Files.

In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.

On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.

Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.

Click OK.

 

---------------------

 

Firefox (In case you also have Firefox installed)

Open Firefox and go to Tools -> Options.

Click Privacy in the menu on the left side of the Options window.

Click the Clear button located to the right of each option (History, Cookies, Cache).

Click OK to close the Options window.

Alternatively, you can clear all information stored while browsing by clicking Clear All.

A confirmation dialog box will be shown before clearing the information.

 

===========================

 

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

 

===========================

 

Make your Internet Explorer more secure - This can be done by following these simple instructions:

1. From within Internet Explorer click on the Tools menu and then click on Options.

2. Click once on the Security tab

3. Click once on the Internet icon so it becomes highlighted.

4. Click once on the Custom Level button.

a. Change the Download signed ActiveX controls to Prompt

b. Change the Download unsigned ActiveX controls to Disable

c . Change the Initialize and script ActiveX controls not marked as safe to Disable

d. Change the Installation of desktop items to Prompt

e. Change the Launching programs and files in an IFRAME to Prompt

f. Change the Navigate sub-frames across different domains to Prompt

g. When all these settings have been made, click on the OK button.

h. If it prompts you as to whether or not you want to save the settings, press the Yes button.

5. Next press the Apply button and then the OK to exit the Internet Properties page.

 

===========================

 

Please report back to me, any problems you may or may not of had.

 

Gogo :)

Share this post


Link to post
Share on other sites
Sign in to follow this