Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winanonymous Malware Help

Started by Skimoab , Apr 02 2008 02:02 AM

  • Please log in to reply

#1
Skimoab
Posted 02 April 2008 - 02:02 AM

Skimoab

    New Member

  • Member
  • Pip
  • 2 posts
My issue is very similar to the one that Ace Brown posted on Feb 19th and that Kahdah helped him out with:

Symptoms are pop-up ads, and it seems like when i'm on a website, something causes an "invisible window" to pop up. hard to explain, the dark blue bar at the top of Internet Explorer turns light blue and i can no longer continue typing, scrolling with mouse wheel, etc. as if i had clicked on a new window. It works again once i click anywhere on my regular window.

That's mildly annoying, the biggest pest are the ads. they are varied from Boact Systems LTD. to Area Connect, to Edmunds.com, dating services, NoAdware.com, and other various.
-ace


Here is my ComboFix Log:

ComboFix 08-04-01.2 - dacook 2008-04-02 1:28:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.463 [GMT -6:00]
Running from: C:\Documents and Settings\dacook\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BM275d3b1d.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abegkhvq.dll
C:\WINDOWS\system32\AbeNoVGh.ini
C:\WINDOWS\system32\AbeNoVGh.ini2
C:\WINDOWS\system32\adxaoudi.dll
C:\WINDOWS\system32\awtQhgFw.dll
C:\WINDOWS\system32\awtqnkhe.dll
C:\WINDOWS\system32\awtsPHxW.dll
C:\WINDOWS\system32\cbXPfcDT.dll
C:\WINDOWS\system32\ecyuxqsf.dll
C:\WINDOWS\system32\fstmcyfa.dll
C:\WINDOWS\system32\hgGwWQjJ.dll
C:\WINDOWS\system32\hGVoNebA.dll
C:\WINDOWS\system32\hidpbich.dll
C:\WINDOWS\system32\ljJDSmlJ.dll
C:\WINDOWS\system32\qoMEurss.dll
C:\WINDOWS\system32\QtAGNqru.ini
C:\WINDOWS\system32\QtAGNqru.ini2
C:\WINDOWS\system32\qvhkgeba.ini
C:\WINDOWS\system32\qWDNnUvw.ini
C:\WINDOWS\system32\qWDNnUvw.ini2
C:\WINDOWS\system32\rqRkjkHx.dll
C:\WINDOWS\system32\ssqOFUKe.dll
C:\WINDOWS\system32\tuvTkliJ.dll
C:\WINDOWS\system32\xxyayYrO.dll

----- BITS: Possible infected sites -----

hxxp://mom
.
((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.

2008-04-01 15:47 . 2008-04-01 15:47 2,713,538 ---hs---- C:\WINDOWS\system32\jpirobsw.ini
2008-04-01 14:46 . 2008-04-01 15:37 2,865,173 ---hs---- C:\WINDOWS\system32\pxrgyfds.ini
2008-04-01 14:19 . 2008-04-01 14:19 <DIR> d-------- C:\VundoFix Backups
2008-04-01 10:59 . 2008-04-01 10:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-01 10:58 . 2008-04-01 14:36 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-01 10:58 . 2008-04-01 10:58 <DIR> d-------- C:\Documents and Settings\dacook\Application Data\SUPERAntiSpyware.com
2008-04-01 00:03 . 2008-04-01 00:03 67,056 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-31 22:49 . 2008-03-31 22:49 <DIR> d-------- C:\Program Files\Safari
2008-03-31 19:56 . 2008-03-31 19:56 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-31 19:56 . 2008-03-31 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 14:44 . 2008-04-01 09:38 1,597,484 ---hs---- C:\WINDOWS\system32\pniusnpx.ini
2008-03-30 14:46 . 2008-03-30 14:46 1,583,697 ---hs---- C:\WINDOWS\system32\lenpamud.ini
2008-03-29 09:54 . 2008-03-30 10:53 1,583,637 ---hs---- C:\WINDOWS\system32\ifvmtmvo.ini
2008-03-26 16:27 . 2008-03-26 16:27 79,872 -r-hs---- C:\WINDOWS\system32\msnuserv.exe
2008-03-21 09:33 . 2008-03-21 09:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-19 22:39 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-19 09:30 . 2008-03-19 09:30 691,481 --a------ C:\WINDOWS\unins000.exe
2008-03-19 09:30 . 2008-03-19 09:30 919 --a------ C:\WINDOWS\unins000.dat
2008-03-17 11:38 . 2008-03-17 11:38 1,462 --a------ C:\Documents and Settings\dacook\Application Data\MT.dat
2008-03-17 11:35 . 2008-03-17 11:35 <DIR> d-------- C:\Documents and Settings\dacook\Application Data\Productivity Tools
2008-03-14 14:20 . 2008-03-26 16:18 <DIR> d-------- C:\Documents and Settings\dacook\Application Data\gtk-2.0
2008-03-14 14:19 . 2008-03-14 14:19 <DIR> d-------- C:\Program Files\Aspell
2008-03-14 14:19 . 2008-04-02 01:26 <DIR> d-------- C:\Documents and Settings\dacook\Application Data\.purple
2008-03-14 14:18 . 2008-03-14 14:19 <DIR> d-------- C:\Program Files\Pidgin
2008-03-14 14:18 . 2008-03-14 14:18 <DIR> d-------- C:\Program Files\Common Files\GTK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-02 07:35 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-02 07:26 --------- d-----w C:\Documents and Settings\dacook\Application Data\.purple
2008-04-02 06:08 --------- d-----w C:\Program Files\Charles
2008-04-01 22:48 --------- d-----w C:\Program Files\LimeWire
2008-04-01 22:47 --------- d-----w C:\Documents and Settings\dacook\Application Data\ShoreWare Client
2008-04-01 16:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 06:01 --------- d-----w C:\Documents and Settings\dacook\Application Data\Apple Computer
2008-03-28 15:35 --------- d-----w C:\Documents and Settings\dacook\Application Data\LimeWire
2008-03-24 15:31 --------- d-----w C:\Documents and Settings\dacook\Application Data\Webex
2008-03-20 04:39 --------- d-----w C:\Program Files\Java
2008-03-20 02:37 --------- d-----w C:\Program Files\Freecorder
2008-03-19 16:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-17 17:36 --------- d-----w C:\Program Files\WebEx
2008-03-14 20:24 --------- d-----w C:\Program Files\Trillian
2008-03-07 07:11 --------- d-----w C:\Program Files\ExamDiff
2008-02-26 05:55 --------- d-----w C:\Program Files\iTunes
2008-02-26 05:55 --------- d-----w C:\Program Files\iPod
2008-02-26 05:53 --------- d-----w C:\Program Files\QuickTime
2008-02-17 09:26 --------- d-----w C:\Documents and Settings\dacook\Application Data\HouseCall 6.6
2008-02-17 02:01 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-11 19:32 --------- d-----w C:\Documents and Settings\dacook\Application Data\ZoomBrowser EX
2008-02-11 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-08 04:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-06 05:19 --------- d-----w C:\Documents and Settings\dacook\Application Data\Uniblue
2007-04-28 12:51 185,936 ----a-w C:\Documents and Settings\dacook\Application Data\OI31Upd.exe
2007-04-28 10:56 49,152 ----a-w C:\Documents and Settings\dacook\Application Data\olkupres.dll
2005-11-15 21:32 3,638 ----a-r C:\Program Files\Common Files\Altiris_Icon.ico
2008-03-17 17:35 27,976 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2008-03-17 17:35 125,840 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
2008-03-20 19:03 46,408 ----a-w C:\Program Files\mozilla firefox\plugins\atmccli.dll
2008-03-20 19:03 98,712 ----a-w C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50B5314E-5CEF-4962-845D-37200D761A57}]
C:\WINDOWS\system32\wvUnNDWq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D93CD55-5A13-4BA6-BFEF-E1219D9D0CC4}]
C:\WINDOWS\system32\urqNGAtQ.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"ShoreTel Personal Call Manager"="C:\Program Files\Shoreline Communications\ShoreWare Client\StartCli.exe" [2007-09-14 15:39 41000]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:34 128000]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"PTIM.exe"="C:\Program Files\WebEx\Productivity Tools\PTIM.exe" [2008-02-01 04:19 210248]
"ptmsgfrm.exe"="C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe" [2008-02-01 04:19 42312]
"PTOneClick"="C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe" [2008-02-01 04:19 165192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 06:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-28 19:05 8429568]
"nwiz"="nwiz.exe" [2007-04-28 19:05 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-04-28 19:05 67584 C:\WINDOWS\system32\nvhotkey.dll]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 23:11 866584]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2004-03-24 10:13 177152]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 12:29 1191936]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-28 19:05 81920]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 14:05 282624]
"AeXAgentLogon"="C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2007-02-18 17:58 143360]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 14:26 303104 C:\WINDOWS\stsystra.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 09:23 132624]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 12:43 228088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"MSN User Services"="msnuserv.exe" [2008-03-26 16:27 79872 C:\WINDOWS\system32\msnuserv.exe]

C:\Documents and Settings\dacook\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-11 20:43:46 2150400]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-02-20 22:56:11 1528880]
SAC-Desktop-Alert.lnk - C:\Program Files\SteepAndCheap\Desktop Alert\SAC-Desktop-Alert.exe [2007-04-04 20:40:56 335872]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 12:11:48 6395464]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsPHxW]
awtsPHxW.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\Stardock\Object Desktop\WindowBlinds\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1887399213-3708965502-2405855065-2262\Scripts\Logon\0\0]
"Script"=office-vpn-route.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1887399213-3708965502-2405855065-2558\Scripts\Logon\0\0]
"Script"=office-vpn-route.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1887399213-3708965502-2405855065-3979\Scripts\Logon\0\0]
"Script"=office-vpn-route.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1887399213-3708965502-2405855065-4166\Scripts\Logon\0\0]
"Script"=office-vpn-route.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1887399213-3708965502-2405855065-4485\Scripts\Logon\0\0]
"Script"=office-vpn-route.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Java\\jre1.5.0_11\\launch4j-tmp\\Charles.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 DXEC01;DXEC01;C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 12:32]
S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-10-28 05:26]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-01 04:48:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-02 07:38:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-27 14:41:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-12-03 21:13:56 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 01:36:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\CSGina.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PDF Complete\pdfsaver.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2008-04-02 1:41:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-02 07:41:01
Pre-Run: 51,157,172,224 bytes free
Post-Run: 52,053,348,352 bytes free
.
2008-03-28 15:31:32 --- E O F ---


And my HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:50, on 2008-04-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\PDF Complete\pdfsaver.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://omniportal/_l...eateMySite.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8888; https=127.0.0.1:8888
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {50B5314E-5CEF-4962-845D-37200D761A57} - C:\WINDOWS\system32\wvUnNDWq.dll (file missing)
O2 - BHO: (no name) - {5D93CD55-5A13-4BA6-BFEF-E1219D9D0CC4} - C:\WINDOWS\system32\urqNGAtQ.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSN User Services] msnuserv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ShoreTel Personal Call Manager] C:\Program Files\Shoreline Communications\ShoreWare Client\StartCli.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\PTIM.exe
O4 - HKCU\..\Run: [ptmsgfrm.exe] C:\Program Files\WebEx\Productivity Tools\ptmsgfrm.exe
O4 - HKCU\..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: SAC-Desktop-Alert.lnk = C:\Program Files\SteepAndCheap\Desktop Alert\SAC-Desktop-Alert.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} (Shoretel SClientInstall) - http://phoneserver/s...ientInstall.ocx
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186163720797
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1205940683259
O16 - DPF: {99C7B1B6-C556-4BA2-BBF6-4E19394A260B} (RNTProcessManager Control) - http://omniture.cust.../RNTProcMan.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://omniture.web...bex/ieatgpc.cab
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlonte...2ie06041001.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = orm.omniture.com
O17 - HKLM\Software\..\Telephony: DomainName = orm.omniture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = orm.omniture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = orm.omniture.com
O20 - AppInit_DLLs: ,wbsys.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtsPHxW - awtsPHxW.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12658 bytes


Thank you in advance for any help.

-Skimoab
  • 0

Advertisements

#2
Skimoab
Posted 02 April 2008 - 08:25 AM

Skimoab

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
*Edit - Sorry, I just read the note on not bumping. :)

Edited by Skimoab, 02 April 2008 - 09:07 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP