Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

OuterInfo pop-ups - HiJackThis Log


  • This topic is locked This topic is locked

#1
Phlegmbot

Phlegmbot

    Member

  • Member
  • PipPipPip
  • 423 posts
Help is much appreciated!

I've run various ad/spyware programs and even RegScrub but none of it got rid of it.

Thanks (!) in advance.

-Phlegmbot


Logfile of HijackThis v1.99.1
Scan saved at 12:59:57 AM, on 11/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\{18A082B4-07C9-1033-0710-030212030001}\Update.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\?dobe\j?vaw.exe
C:\PROGRA~1\COMMON~1\STEM~1\logonui.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\NextStep\LOCALS~1\Temp\Rar$EX00.725\HijackThis.exe

R3 - URLSearchHook: (no name) - {BE072DE5-E857-CBFE-7B90-B79EF14456EF} - C:\WINDOWS\System32\sxrv.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {BE072DE5-E857-CBFE-7B90-B79EF14456EF} - C:\WINDOWS\System32\sxrv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [NPDTray] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Uahe] "C:\PROGRA~1\COMMON~1\STEM~1\logonui.exe" -vt ndrv
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-3.ibm.com...rt/IbmEgath.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = verizon.com,bell-atl.com,bellatlantic.com,nynex.com,gte.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = verizon.com,bell-atl.com,bellatlantic.com,nynex.com,gte.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Edited by Phlegmbot, 26 November 2006 - 03:20 AM.

  • 0

Advertisements


#2
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Please download SUPERAntiSpyware Home Edition (free version)
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Click close and close again to exit the program.
  • Please paste that information here for me with a new HijackThis log.

  • 0

#3
Phlegmbot

Phlegmbot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Here's my SuperAntiSpyware log...



SUPERAntiSpyware Scan Log
Generated 11/26/2006 at 11:17 AM

Application Version : 3.3.1020

Core Rules Database Version : 3135
Trace Rules Database Version: 1152

Scan type : Complete Scan
Total Scan Time : 01:05:54

Memory items scanned : 412
Memory threats detected : 5
Registry items scanned : 5430
Registry threats detected : 14
File items scanned : 67163
File threats detected : 59

Trojan.Update-Mcboo
C:\PROGRAM FILES\COMMON FILES\{18A082B4-07C9-1033-0710-030212030001}\UPDATE.EXE
C:\PROGRAM FILES\COMMON FILES\{18A082B4-07C9-1033-0710-030212030001}\UPDATE.EXE
[{18A082B4-07C9-1033-0710-030212030001}] C:\PROGRAM FILES\COMMON FILES\{18A082B4-07C9-1033-0710-030212030001}\UPDATE.EXE

Trojan.Hacktool
C:\PROGRAM FILES\COMMON FILES\{18A082B4-07C9-1033-0710-030212030001}\SYSTEM.DLL
C:\PROGRAM FILES\COMMON FILES\{18A082B4-07C9-1033-0710-030212030001}\SYSTEM.DLL
C:\DOCUMENTS AND SETTINGS\NEXTSTEP\LOCAL SETTINGS\TEMP\NSJBE.TMP\DETECTIONPROCESSUS.DLL
C:\DOCUMENTS AND SETTINGS\NEXTSTEP\LOCAL SETTINGS\TEMP\NSJC8.TMP\DETECTIONPROCESSUS.DLL

Adware.ClickSpring/Resident
C:\WINDOWS\?DOBE\J?VAW.EXE
C:\WINDOWS\?DOBE\J?VAW.EXE

Adware.ClickSpring
C:\WINDOWS\DOBE~1\JVAW~1.EXE
[Uahe] C:\PROGRA~1\COMMON~1\STEM~1\LOGONUI.EXE
C:\PROGRAM FILES\COMMON FILES\STEM~1\LOGONUI.EXE
C:\WINDOWS\DOBE~1\JVAW~1.EXE

Adware.ClickSpring-Variant
C:\PROGRA~1\COMMON~1\STEM~1\LOGONUI.EXE
C:\PROGRA~1\COMMON~1\STEM~1\LOGONUI.EXE

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{BE072DE5-E857-CBFE-7B90-B79EF14456EF}
HKCR\CLSID\{BE072DE5-E857-CBFE-7B90-B79EF14456EF}
HKCR\CLSID\{BE072DE5-E857-CBFE-7B90-B79EF14456EF}\InprocServer32
HKCR\CLSID\{BE072DE5-E857-CBFE-7B90-B79EF14456EF}\InprocServer32#ThreadingModel
HKCR\CLSID\{BE072DE5-E857-CBFE-7B90-B79EF14456EF}\Programmable
HKCR\CLSID\{BE072DE5-E857-CBFE-7B90-B79EF14456EF}\TypeLib
C:\WINDOWS\SYSTEM32\SXRV.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE072DE5-E857-CBFE-7B90-B79EF14456EF}
HKU\S-1-5-21-163748893-963918322-4271176276-1004\Software\Microsoft\Internet Explorer\URLSearchHooks#{BE072DE5-E857-CBFE-7B90-B79EF14456EF}
HKCR\TypeLib\{7C237B37-D246-CFAB-587B-98A6A468A866}

Adware.Tracking Cookie
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][1].txt
C:\Documents and Settings\NextStep\Cookies\[email protected][2].txt

Adware.Toolbar888
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\888Bar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\888Bar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\888Bar#UninstallString
C:\RECYCLER\S-1-5-21-163748893-963918322-4271176276-1004\DC141.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP9\A0002648.DLL

Malware.DriveCleaner
C:\DOCUMENTS AND SETTINGS\NEXTSTEP\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OV2FMTI1\INSTALLDRIVECLEANERSTART[1].EXE

Trojan.Freeprod
C:\SYSTEM VOLUME INFORMATION\_RESTORE{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP9\A0002645.EXE

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP9\A0002647.EXE
C:\WINDOWS\SYSTEM32\WNSINTCC.EXE
  • 0

#4
Phlegmbot

Phlegmbot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
And this is the new Hijack This Log...


Logfile of HijackThis v1.99.1
Scan saved at 11:31:15 AM, on 11/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\NextStep\Local Settings\Temp\Rar$EX00.725\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [NPDTray] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-3.ibm.com...rt/IbmEgath.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = verizon.com,bell-atl.com,bellatlantic.com,nynex.com,gte.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = verizon.com,bell-atl.com,bellatlantic.com,nynex.com,gte.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
  • 0

#5
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Looks better - are you still getting the pop-ups?
  • 0

#6
Phlegmbot

Phlegmbot

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Nope! Thanks so much! This isn't my computer, so it wasn't properly protected or updated.

Is there anything else I need to do at this point?

-Phlegmbot
  • 0

#7
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
You're welcome - glad to help :whistling:

To help keep you clean follow the recommendations in Tony's article here:

So how did I get infected in the first place?



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP