Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Cannot remove Virtumonde

  1. #1
    Junior Member
    Join Date
    Feb 2009
    Posts
    7

    Default Cannot remove Virtumonde

    Hello, I have a few Virtumode's that are detected using Spybot S&D but I cannot seem to remove them. Any help would be greatly appreciated. Thank you very much in advance......Scott

    Here is my HJT log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:32:08 PM, on 2/24/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Hyperion\common\DBMS\MySQL\4.0.12\bin\mysqld-max-nt.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\OraHome_1\oracledq\Common Files\oracledp\inetd\2\inetd.exe
    C:\OraHome_1\oracledq\metabase_server\bin\scheduler.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\KADxMain.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Citrix\ICA Client\PNAMain.exe
    C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
    C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmPad.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
    C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
    C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4071215
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4071215
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: {ae087811-7de6-8ecb-0ab4-00a4db667026} - {620766bd-4a00-4ba0-bce8-6ed7118780ea} - C:\WINDOWS\system32\cousef.dll
    O2 - BHO: (no name) - {6d72d764-e8db-41da-ab66-5d5d95d5ca05} - C:\WINDOWS\system32\bivemufi.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [webawojeja] Rundll32.exe "C:\WINDOWS\system32\ziyojozi.dll",s
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [webawojeja] Rundll32.exe "C:\WINDOWS\system32\ziyojozi.dll",s
    O4 - HKUS\S-1-5-19\..\Run: [webawojeja] Rundll32.exe "C:\WINDOWS\system32\ziyojozi.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [webawojeja] Rundll32.exe "C:\WINDOWS\system32\ziyojozi.dll",s (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [webawojeja] Rundll32.exe "C:\WINDOWS\system32\ziyojozi.dll",s (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [webawojeja] Rundll32.exe "C:\WINDOWS\system32\ziyojozi.dll",s (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Program Neighborhood Agent.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
    O4 - Global Startup: Start WebEx MeetMeNow.LNK = ?
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll
    O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
    O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
    O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\hamewina.dll c:\windows\system32\hodaluho.dll c:\windows\system32\bikojoki.dll c:\windows\system32\kejowigi.dll c:\windows\system32\hotomoho.dll c:\windows\system32\yepogofa.dll cousef.dll
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yepogofa.dll (file missing)
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yepogofa.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hyperion-MySQL-4.0.12 - Unknown owner - C:\Hyperion\common\DBMS\MySQL\4.0.12\bin\mysqld-max-nt.exe
    O23 - Service: Hyperion S9 Financial Data Quality Management Task Manager Service (HyS9FDMTaskManagerSrv) - Hyperion Solutions Corporation - c:\hyperion\fdm\taskmanager\taskmanagerservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    O23 - Service: Oracle Data Quality Inetd (TS inetd) - Oracle Corporation - C:\OraHome_1\oracledq\Common Files\oracledp\inetd\2\inetd.exe
    O23 - Service: Oracle Data Quality Scheduler (TSS 11.5 - Scheduler) - Oracle Corporation - C:\OraHome_1\oracledq\metabase_server\bin\scheduler.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 14945 bytes

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,538

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
    The junk can be tough to remove, so do not expect fast or easy.

    For your benefit, the instructions are pinned (sticky) to the top of the Malware Removal forum, please read and be sure you have followed those instructions. I have also posted the "Before you Post" instructions at the top of this thread.

    1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

    2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

    Download ComboFix from here:

    Link 1

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

    Tutorial if needed
    http://www.bleepingcomputer.com/comb...o-use-combofix

    3) Post also an uninstall list: Open Hijackthis.
    Click the "Open the Misc Tools" section Button.
    Click the "Open Uninstall Manager" Button.
    Click the "Save list..." Button.
    Save it to your desktop. Copy and paste the contents into your reply.
    (You may edit out Microsoft, Hotfixes, Security Update for Windows XP,
    Update for Windows XP and Windows XP Hotfix to shorten the list
    )
    Image: http://img.bleepingcomputer.com/tuto...nstall-man.jpg

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  3. #3
    Junior Member
    Join Date
    Feb 2009
    Posts
    7

    Default

    Hi PSKelley, thank you so much for your response. I have been going crazy with this and appreciate your help. Here is my ComboFix Log and I will provide the HJT log and Uninstall log in a seperate reply. Thanks again!

    ComboFix 09-02-26.02 - Scott 2009-02-27 10:34:33.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3574.2843 [GMT -6:00]
    Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Downloaded Program Files\MyWebEx
    c:\windows\Downloaded Program Files\MyWebEx\419\atarm.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\atas32.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\atasanot.exe
    c:\windows\Downloaded Program Files\MyWebEx\419\atasctrl.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\atasnt40.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\atcarmcl.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\atdl2006.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\atjpeg60.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\atkbctl.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\atlchat.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\atmemmgr.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\atnetext.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\atpack.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\atres.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\attp.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\atwbxui6.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\h264dec.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\h264enc.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\ieatgpc.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\mmssl32.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\msess.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\mticket.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\mutiltpd.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\mvc.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\mwm.ini
    c:\windows\Downloaded Program Files\MyWebEx\419\mwmcliun.exe
    c:\windows\Downloaded Program Files\MyWebEx\419\mwmie.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\mwmim.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\mwmoi.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\mwmpad.exe
    c:\windows\Downloaded Program Files\MyWebEx\419\mwmproxy.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\mwmres.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\mwmres1.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\mwmtrace.txt
    c:\windows\Downloaded Program Files\MyWebEx\419\mwmupd.exe
    c:\windows\Downloaded Program Files\MyWebEx\419\ratrace.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\raurl.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\uilibres.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\wbxcrypt.dll
    c:\windows\Downloaded Program Files\MyWebEx\419\webexmgr.dll
    c:\windows\system32\bivemufi.dll
    c:\windows\system32\bkxvru.dll
    c:\windows\system32\Cache
    c:\windows\system32\cousef.dll
    c:\windows\system32\cqmfpk.dll
    c:\windows\system32\dopegemo.dll
    c:\windows\system32\ejqakc.dll
    c:\windows\system32\fvrvba.dll
    c:\windows\system32\gemuyisu.dll
    c:\windows\system32\getogasi.dll
    c:\windows\system32\guhukene.dll
    c:\windows\system32\hamewina.dll
    c:\windows\system32\hufehega.dll
    c:\windows\system32\ipshqy.dll
    c:\windows\system32\issnev.dll
    c:\windows\system32\kapidapu.dll
    c:\windows\system32\lonadupa.dll
    c:\windows\system32\losuruta.dll
    c:\windows\system32\mlirlt.dll
    c:\windows\system32\muwobiyu.dll
    c:\windows\system32\nozahiti.dll
    c:\windows\system32\nufifini.dll
    c:\windows\system32\sulajono.dll
    c:\windows\system32\tomeruga.dll
    c:\windows\system32\tqyitn.dll
    c:\windows\system32\tsxgox.dll
    c:\windows\system32\vepuhuje.dll
    c:\windows\system32\x64
    c:\windows\system32\xucvrk.dll
    c:\windows\system32\yhlbyq.dll
    c:\windows\system32\yirazali.dll
    c:\windows\system32\zidekebe.dll
    c:\windows\system32\ziyojozi.dll
    c:\windows\system32\zuyijuli.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-01-27 to 2009-02-27 )))))))))))))))))))))))))))))))
    .

    2009-02-24 21:31 . 2009-02-24 21:31 <DIR> d-------- c:\program files\Trend Micro
    2009-02-22 10:24 . 2009-02-22 10:24 <DIR> d-------- c:\program files\Spybot - Search & Destroy
    2009-02-22 10:24 . 2009-02-22 11:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-21 23:20 . 2009-02-22 12:02 <DIR> d-------- c:\program files\Lavasoft
    2009-02-21 23:20 . 2009-02-22 12:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-02-21 23:20 . 2009-02-22 12:02 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0
    2009-02-12 00:07 . 2009-02-12 00:07 <DIR> d-------- c:\program files\Common Files\Trillium Software
    2009-02-11 23:58 . 2009-02-12 00:12 <DIR> d-------- C:\OraHome_1
    2009-02-11 23:57 . 2009-02-11 23:57 <DIR> d-------- c:\program files\Oracle
    2009-02-11 12:13 . 2009-02-11 12:13 <DIR> d-------- c:\program files\Microsoft Analysis Services
    2009-02-10 12:30 . 2009-02-10 12:30 <DIR> dr------- c:\documents and settings\Scott\Application Data\Brother
    2009-02-07 22:02 . 2009-02-07 22:23 <DIR> d-------- c:\documents and settings\Scott\.thinupload

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-27 16:44 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
    2009-02-27 15:57 --------- d-----w c:\documents and settings\LocalService\Application Data\VMware
    2009-02-24 16:31 --------- d-----w c:\documents and settings\Scott\Application Data\VMware
    2009-02-23 13:46 --------- d-----w c:\program files\Roxio
    2009-02-23 13:46 --------- d-----w c:\program files\Common Files\Sonic Shared
    2009-02-23 13:46 --------- d-----w c:\program files\Common Files\Roxio Shared
    2009-02-23 13:46 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
    2009-02-11 17:56 --------- d-----w c:\program files\Microsoft SQL Server
    2009-02-11 04:47 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
    2009-02-10 22:26 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-01-31 19:01 --------- d-----w c:\documents and settings\Scott\Application Data\Move Networks
    2009-01-29 16:07 --------- d-----w c:\documents and settings\Scott\Application Data\webex
    2009-01-25 20:37 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-25 20:37 --------- d-----w c:\program files\Common Files\InstallShield
    2009-01-25 20:37 --------- d-----w c:\program files\Brother
    2009-01-25 20:36 --------- d-----w c:\documents and settings\All Users\Application Data\Brother
    2009-01-21 02:44 149,760 ----a-w c:\windows\system32\drivers\WpsHelper.sys
    2009-01-08 21:33 --------- d-----w c:\program files\Google
    2008-11-07 19:01 60,744 ----a-w c:\documents and settings\Scott\g2mdlhlpx.exe
    2008-03-13 02:37 256 ----a-w c:\documents and settings\Scott\pool.bin
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-01 68856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1392640]
    "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
    "Acrobat Speed Launch"="c:\program files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [2006-10-23 46200]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-15 227328]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 115560]
    "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-10-28 96816]
    "SetDefPrt"="c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
    "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
    "SigmatelSysTrayApp"="stsystra.exe" [2007-02-18 c:\windows\stsystra.exe]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-15 50688]
    Program Neighborhood Agent.lnk - c:\windows\Installer\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2008-05-14 61440]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-01-01 69632]
    SnagIt 9.lnk - c:\program files\TechSmith\SnagIt 9\SnagIt32.exe [2008-09-22 6825288]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "VMware NAT Service"=2 (0x2)
    "vmount2"=2 (0x2)
    "VMnetDHCP"=2 (0x2)
    "VMAuthdService"=2 (0x2)
    "stllssvr"=3 (0x3)
    "STacSV"=2 (0x2)
    "SQLWriter"=3 (0x3)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "NICCONFIGSVC"=2 (0x2)
    "HFMCESAgent"=3 (0x3)
    "gusvc"=3 (0x3)
    "GoogleDesktopManager"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "ASFIPmon"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "iPod Service"=3 (0x3)
    "HFMWebServiceManager"=2 (0x2)
    "HFMService"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
    "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
    "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
    "c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
    "c:\\Program Files\\Cisco Systems\\VPN Client\\cvpnd.exe"=

    R2 Hyperion-MySQL-4.0.12;Hyperion-MySQL-4.0.12;c:\hyperion\common\DBMS\MySQL\4.0.12\bin\mysqld-max-nt.exe Hyperion-MySQL-4.0.12 --> c:\hyperion\common\DBMS\MySQL\4.0.12\bin\mysqld-max-nt.exe Hyperion-MySQL-4.0.12 [?]
    R2 TS inetd;Oracle Data Quality Inetd;c:\orahome_1\oracledq\Common Files\oracledp\inetd\2\inetd.exe [2008-06-30 122880]
    R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-28 54960]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-02 97536]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-10 99376]
    S2 HyS9FDMTaskManagerSrv;Hyperion S9 Financial Data Quality Management Task Manager Service;c:\hyperion\FDM\TaskManager\TaskManagerService.exe [2007-07-17 45056]
    S2 TSS 11.5 - Scheduler;Oracle Data Quality Scheduler;c:\orahome_1\oracledq\metabase_server\bin\scheduler.exe "--name:TSS 11.5 - Scheduler" --> c:\orahome_1\oracledq\metabase_server\bin\scheduler.exe --name:TSS 11.5 - Scheduler [?]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888]
    S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
    S4 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
    S4 HFMCESAgent;HFMCESAgent;c:\hyperion\Hyperion Financial Management\Client\HFMCESAgent.exe [2008-01-01 53248]
    S4 HFMService;HFMService;c:\hyperion\Hyperion Financial Management\Server\HsxService.exe [2008-01-01 69748]
    S4 HFMWebServiceManager;HFMWebServiceManager;c:\hyperion\Hyperion Financial Management\Web Services\HFMWebServiceManager.exe [2008-01-01 168053]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-10 47128]
    S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
    UnknownUnknown dsload;dsload; [x]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - dsgrab_01c95c665fd619fa

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{336bed46-749e-11dd-b490-005056c00008}]
    \Shell\AutoRun\command - e:\wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34a8330e-f215-11dd-b4bd-005056c00008}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94754f57-bbb1-11dc-b450-001c232d33be}]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

    2009-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{6d72d764-e8db-41da-ab66-5d5d95d5ca05} - c:\windows\system32\bivemufi.dll
    BHO-{955bc37e-67af-4816-ad62-26f760351d31} - c:\windows\system32\tqyitn.dll
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    HKCU-Run-webawojeja - c:\windows\system32\ziyojozi.dll
    HKLM-Run-CPM3baf8449 - c:\windows\system32\safimedu.dll
    HKLM-Run-389cb7d5 - c:\windows\system32\damepehu.dll
    HKU-Default-Run-webawojeja - c:\windows\system32\ziyojozi.dll
    SafeBoot-Symantec Antvirus


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.dell.com
    mSearch Bar = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
    Trusted Zone: mascohq.com\citrix
    DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-27 10:45:53
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSS 11.5 - Scheduler]
    "ImagePath"="c:\orahome_1\oracledq\metabase_server\bin\scheduler.exe \"--name:TSS 11.5 - Scheduler\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
    "ImagePath"="a"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1908)
    c:\program files\Symantec\Symantec Endpoint Protection\SnacNp.dll

    - - - - - - - > 'explorer.exe'(4628)
    c:\windows\system32\msi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\windows\system32\WLTRYSVC.EXE
    c:\windows\system32\BCMWLTRY.EXE
    c:\windows\system32\scardsvr.exe
    c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    c:\program files\Apoint\ApMsgFwd.exe
    c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Apoint\hidfind.exe
    c:\hyperion\common\DBMS\MySQL\4.0.12\bin\mysqld-max-nt.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Apoint\ApntEx.exe
    c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    c:\progra~1\MI6841~1\MSSQL\Binn\sqlservr.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\windows\system32\vmnat.exe
    c:\windows\system32\fxssvc.exe
    c:\program files\Citrix\ICA Client\pnamain.exe
    c:\program files\TechSmith\SnagIt 9\TscHelp.exe
    c:\program files\TechSmith\SnagIt 9\SnagPriv.exe
    c:\windows\system32\vmnetdhcp.exe
    c:\program files\TechSmith\SnagIt 9\SnagItEditor.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    .
    **************************************************************************
    .
    Completion time: 2009-02-27 10:49:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-02-27 16:49:30

    Pre-Run: 25,295,319,040 bytes free
    Post-Run: 25,539,321,856 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    336 --- E O F --- 2009-01-25 20:55:56

  4. #4
    Junior Member
    Join Date
    Feb 2009
    Posts
    7

    Default

    Here is my new HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:13:01 AM, on 2/27/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Hyperion\common\DBMS\MySQL\4.0.12\bin\mysqld-max-nt.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    C:\OraHome_1\oracledq\Common Files\oracledp\inetd\2\inetd.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
    C:\Program Files\Citrix\ICA Client\PNAMain.exe
    C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
    C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Notepad++\notepad++.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4071215
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Program Neighborhood Agent.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
    O4 - Global Startup: Start WebEx MeetMeNow.LNK = ?
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll (file missing)
    O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
    O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
    O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hyperion-MySQL-4.0.12 - Unknown owner - C:\Hyperion\common\DBMS\MySQL\4.0.12\bin\mysqld-max-nt.exe
    O23 - Service: Hyperion S9 Financial Data Quality Management Task Manager Service (HyS9FDMTaskManagerSrv) - Hyperion Solutions Corporation - c:\hyperion\fdm\taskmanager\taskmanagerservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    O23 - Service: Oracle Data Quality Inetd (TS inetd) - Oracle Corporation - C:\OraHome_1\oracledq\Common Files\oracledp\inetd\2\inetd.exe
    O23 - Service: Oracle Data Quality Scheduler (TSS 11.5 - Scheduler) - Oracle Corporation - C:\OraHome_1\oracledq\metabase_server\bin\scheduler.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 13757 bytes

  5. #5
    Junior Member
    Join Date
    Feb 2009
    Posts
    7

    Default

    Here is my uninstall list from HJT. Thanks again, I am looking forward to getting this resolved!

    ------------------------------------------------------------------------
    2007 Microsoft Office system
    Adobe Acrobat 8.1.1 Standard
    Adobe Flash Player ActiveX
    Adobe Reader 8.1.1
    Apple Mobile Device Support
    Apple Software Update
    AV Music Morpher
    Bonjour
    Broadcom ASF Management Applications
    Broadcom Management Programs
    Brother MFL-Pro Suite
    Cisco Systems VPN Client 4.8.01.0300
    Citrix Presentation Server Client
    Conexant HDA D330 MDC V.92 Modem
    Crystal Reports
    Dell Touchpad
    Dell Wireless WLAN Card
    Digital Line Detect
    Easy CD-DA Extractor 11
    Google Desktop
    Google Toolbar for Internet Explorer
    HFMOfficeProviderSetup
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
    Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hyperion AutoPilot 2.2.6.1
    Hyperion Enterprise
    Hyperion Essbase Administration Services
    Hyperion Essbase(R) Client 7.1.5
    Hyperion Essbase(R) Server 7.1.5
    Hyperion FDM 9.3.1
    Hyperion Financial Management
    Hyperion Planning 4.0.5
    Hyperion Smart View for Office
    Intel(R) Graphics Media Accelerator Driver
    IntelliSonic Speech Enhancement
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    LiveUpdate 3.3 (Symantec Corporation)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2000
    Microsoft SQL Server 2005 Backward compatibility
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files (English)
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
    Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Modem Diagnostic Tool
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6 Service Pack 2 (KB954459)
    NetWaiting
    Notepad++
    O2Micro USB Smart Card Reader
    Oracle Web Conferencing Console
    PowerDVD
    QuickSet
    QuickTime
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio Update Manager
    R-Studio 4.5
    SearchAssist
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917537)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB939373)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB942830)
    Security Update for Windows XP (KB942831)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB960714)
    SigmaTel Audio
    SnagIt 8
    SnagIt 9
    Sonic Activation Module
    Spybot - Search & Destroy
    Sql Server Customer Experience Improvement Program
    SQL Server System CLR Types
    Symantec Endpoint Protection
    TSS 11.5
    TSS 11.5 - Brazilian Language Pack
    TSS 11.5 - French Language Pack
    TSS 11.5 - German Language Pack
    TSS 11.5 - Italian Language Pack
    TSS 11.5 - Japanese Language Pack
    TSS 11.5 - Korean Language Pack
    TSS 11.5 - Metabase Definitions
    TSS 11.5 - Metabase Definitions Brazilian Language Pack
    TSS 11.5 - Metabase Definitions French Language Pack
    TSS 11.5 - Metabase Definitions German Language Pack
    TSS 11.5 - Metabase Definitions Italian Language Pack
    TSS 11.5 - Metabase Definitions Japanese Language Pack
    TSS 11.5 - Metabase Definitions Korean Language Pack
    TSS 11.5 - Metabase Definitions Simplified Chinese Language Pack
    TSS 11.5 - Metabase Definitions Spanish Language Pack
    TSS 11.5 - Metabase Definitions Traditional Chinese Language Pack
    TSS 11.5 - Metabase Server Brazilian Language Pack
    TSS 11.5 - Metabase Server French Language Pack
    TSS 11.5 - Metabase Server German Language Pack
    TSS 11.5 - Metabase Server Italian Language Pack
    TSS 11.5 - Metabase Server Japanese Language Pack
    TSS 11.5 - Metabase Server Korean Language Pack
    TSS 11.5 - Metabase Server Simplified Chinese Language Pack
    TSS 11.5 - Metabase Server Spanish Language Pack
    TSS 11.5 - Metabase Server Traditional ChineseLanguage Pack
    TSS 11.5 - ODBC Adapter
    TSS 11.5 - Simplified Chinese Language Pack
    TSS 11.5 - Spanish Language Pack
    TSS 11.5 - Traditional Chinese Language Pack
    UltraCompare Professional
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB925876)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955839)
    URL Assistant
    VMware Workstation
    WebEx MeetMeNow
    Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
    Windows Imaging Component
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    WinZip 12.0

  6. #6
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,538

    Default

    This can be done as time permits, but it is important, and may be why you are infected.
    Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
    Hackers are using out of date programs to infect folks more and more,
    Here is a small free tool that lets you know when something needs an update if you are interested:
    http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

    Adobe Flash Player ActiveX
    Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
    http://www.adobe.com/support/securit...apsb09-01.html

    Adobe Reader 8.1.1 <<< out of date and unsafe, see this:
    http://news.cnet.com/8301-1009_3-100...ml?tag=nl.e433
    http://www.filehippo.com/download_adobe_reader/
    (if you want a smaller program, look at this one)
    Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
    http://www.foxitsoftware.com/pdf/rd_intro.php

    J2SE Runtime Environment 5.0 Update 6 <<< out of date and unsafe, see this:
    http://forums.spybot.info/showpost.p...80&postcount=2
    Be aware of this information so you can opt out of anything you do not want.
    Microsoft Does MSN Toolbar Distribution Deal With Java:
    http://searchengineland.com/microsof...java-15413.php


    Follow the directions carefully and in the numbered order.

    1) Please download ATF Cleaner by Atribune
    http://www.atribune.org/public-beta/ATF-Cleaner.exe
    Save it to your Desktop. We will use this later.

    2) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

    Close all programs but HJT and all browser windows, then click on "Fix Checked"

    3) Run ATF Cleaner
    Double-click ATF-Cleaner.exe to run the program.
    Click Select All found at the bottom of the list.
    Click the Empty Selected button.
    Click Exit on the Main menu to close the program.

    *Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
    http://www.windowsnetworking.com/art...efetch-XP.html

    4) Download Malwarebytes' Anti-Malware to your Desktop
    http://www.malwarebytes.org/

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform FULL SCAN, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    * Please post contents of that file & a new HJT log in your next reply.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Tutorial if needed:
    http://www.techsupportteam.org/forum...ware-mbam.html

    How is the computer running now?

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  7. #7
    Junior Member
    Join Date
    Feb 2009
    Posts
    7

    Smile

    Here is the Malwarebytes log. I will be posting the HJT log right after this. My computer seems to be running much much better. I will update the programs that you mentioned were out of date. Many many thanks for your help, you don't know how thankful I am. Thanks again.............Scott


    Malwarebytes' Anti-Malware 1.34
    Database version: 1810
    Windows 5.1.2600 Service Pack 2

    2/27/2009 9:18:17 PM
    mbam-log-2009-02-27 (21-18-17).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 285595
    Time elapsed: 2 hour(s), 36 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  8. #8
    Junior Member
    Join Date
    Feb 2009
    Posts
    7

    Default

    Here is the HJT log. Thanks again!!!



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:22:08 PM, on 2/27/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Hyperion\common\DBMS\MySQL\4.0.12\bin\mysqld-max-nt.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    C:\OraHome_1\oracledq\Common Files\oracledp\inetd\2\inetd.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
    C:\Program Files\Citrix\ICA Client\PNAMain.exe
    C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
    C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4071215
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: Program Neighborhood Agent.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: SnagIt 9.lnk = C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
    O4 - Global Startup: Start WebEx MeetMeNow.LNK = ?
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll (file missing)
    O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
    O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
    O16 - DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader45.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hyperion-MySQL-4.0.12 - Unknown owner - C:\Hyperion\common\DBMS\MySQL\4.0.12\bin\mysqld-max-nt.exe
    O23 - Service: Hyperion S9 Financial Data Quality Management Task Manager Service (HyS9FDMTaskManagerSrv) - Hyperion Solutions Corporation - c:\hyperion\fdm\taskmanager\taskmanagerservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    O23 - Service: Oracle Data Quality Inetd (TS inetd) - Oracle Corporation - C:\OraHome_1\oracledq\Common Files\oracledp\inetd\2\inetd.exe
    O23 - Service: Oracle Data Quality Scheduler (TSS 11.5 - Scheduler) - Oracle Corporation - C:\OraHome_1\oracledq\metabase_server\bin\scheduler.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 13966 bytes

  9. #9
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,538

    Default

    Good morning Scott, before I post closing information, you have a lot of running processes. You may need them all to run all of the time but I doubt it, have a look at this information to help you computer perform better.

    http://www.netsquirrel.com/msconfig/msconfig_xp.html
    http://www.malwareremoval.com/tutori...ningslowly.php
    http://users.telenet.be/bluepatchy/m...wcomputer.html
    http://www.microsoft.com/atwork/getstarted/speed.mspx

    Make sure you get those programs updated, it only takes one visit to a website using Javascript that has been hacked to infect you. Read the links from experts right away for information about additional security measures you can take.

    Remove combofix from the computer like this:

    Click START then RUN
    Now type or copy Combofix /u in the runbox and click OK.
    Note the space between the X and the U, it needs to be there.



    Clean the System Restore files like this:

    Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Reboot

    Turn ON System Restore,
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.

    (optional scan since the last one was clean)
    Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
    (MBAM is yours to keep if you wish, update it and run it once a month or so)

    Update Symantec and scan the system, to be sure it is running right and scanning clean. If you have problems with the program, contact tech support for instructions.
    http://www.symantec.com/enterprise/support/index.jsp

    If all is well at this point, let me know and I will close the topic.

    Some good information for you:
    http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

    Here is some great information from experts in this field that will help you stay clean and safe online.
    http://users.telenet.be/bluepatchy/m...revention.html
    http://forums.spybot.info/showthread.php?t=279
    http://russelltexas.com/malware/allclear.htm
    http://forum.malwareremoval.com/viewtopic.php?t=14
    http://www.bleepingcomputer.com/forums/topict2520.html
    http://cybercoyote.org/security/not-admin.shtml

    http://www.malwarecomplaints.info/

    Thanks...pskelley
    Safer Networking Forums
    http://www.spybot.info/en/donate/index.html
    If you are reading this information...thank a teacher,
    If you are reading it in English...thank a soldier.

    http://users.telenet.be/bluepatchy/m...oes/Links.html
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  10. #10
    Junior Member
    Join Date
    Feb 2009
    Posts
    7

    Smile

    Hi PSKelley, thank you and thanks again for your help. I will expore all of the documentation that you sent. I really appreciate you taking the time to assist, I will definitely be donating to help keep this wonderful service around. You can go ahead and close the issue as far as I am concerened. Thanks again...............Scott

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •