Results 1 to 10 of 21

Thread: MSN Virus??

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. 2008-03-19, 10:37 #1
    nellie
    nellie is offline
    Member
    Join Date
    Mar 2008
    Posts
    33

    Default MSN Virus??

    Hi. my laptop seems to have become infected with a virus. This was received via MSN when i clicked on a link from a known friend saying 'your photos have been placed on facebook'.

    I am running CA eTrust AntiVirus which although after an initial scan found no problems has since detected a win32\matcash worm a couple of times during realtime scanning.

    Attached are my kapersky and hijack this logs. The SpyBot scan found no immediate threats. Every time i reboot the laptop spybot asks if i want to allow a reg change for Flash Media in hklm\software\microsoft\windows\currentversion\run

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Wednesday, March 19, 2008 8:01:24 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 18/03/2008
    Kaspersky Anti-Virus database records: 638211
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 64719
    Number of viruses found: 1
    Number of infected objects: 2
    Number of suspicious objects: 0
    Duration of the scan process: 02:52:31

    Infected Object Name / Virus Name / Last Action
    C:\SYSMGT\ETRAV6\DB\rtmaster.dbf Object is locked skipped
    C:\SYSMGT\ETRAV6\DB\rtmaster.ntx Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{40AF1343-9B93-4851-9EB7-55CBB3CB6D44}\RP466\change.log Object is locked skipped
    C:\WINNT\$NtUninstallKB824141$\user32.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB824141$\win32k.sys Object is locked skipped
    C:\WINNT\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\colbact.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\comuid.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\es.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\ole32.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB828741$\txflog.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\callcont.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\h323.tsp Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\msgina.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\mst120.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB835732$\schannel.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB837001$\dao360.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB839645$\shell32.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB839645$\sxs.dll Object is locked skipped
    C:\WINNT\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
    C:\WINNT\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
    C:\WINNT\$NtUninstallQ828026$\wmp.dll Object is locked skipped
    C:\WINNT\CSC\00000001 Object is locked skipped
    C:\WINNT\Debug\Netlogon.log Object is locked skipped
    C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
    C:\WINNT\Internet Logs\Fujitsu Services_1205148649899.RDB Object is locked skipped
    C:\WINNT\Internet Logs\IAMDB.RDB Object is locked skipped
    C:\WINNT\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINNT\Internet Logs\UK090213LT.ldb Object is locked skipped
    C:\WINNT\SchedLgU.Txt Object is locked skipped
    C:\WINNT\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
    C:\WINNT\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
    C:\WINNT\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
    C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINNT\Sti_Trace.log Object is locked skipped
    C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\default Object is locked skipped
    C:\WINNT\system32\config\default.LOG Object is locked skipped
    C:\WINNT\system32\config\Internet.evt Object is locked skipped
    C:\WINNT\system32\config\SAM Object is locked skipped
    C:\WINNT\system32\config\SAM.LOG Object is locked skipped
    C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\SECURITY Object is locked skipped
    C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINNT\system32\config\software Object is locked skipped
    C:\WINNT\system32\config\software.LOG Object is locked skipped
    C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\system Object is locked skipped
    C:\WINNT\system32\config\system.LOG Object is locked skipped
    C:\WINNT\system32\h323log.txt Object is locked skipped
    C:\WINNT\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINNT\Temp\Perflib_Perfdata_5a8.dat Object is locked skipped
    C:\WINNT\Temp\vmware-vmount.log Object is locked skipped
    C:\WINNT\Temp\ZLT03b4c.TMP Object is locked skipped
    C:\WINNT\wiadebug.log Object is locked skipped
    C:\WINNT\wiaservc.log Object is locked skipped
    C:\WINNT\WindowsUpdate.log Object is locked skipped
    D:\profiles\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    D:\profiles\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    D:\profiles\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    D:\profiles\All Users\Application Data\VMware\vmnetdhcp.leases Object is locked skipped
    D:\profiles\LocalService.NT AUTHORITY.001\Cookies\index.dat Object is locked skipped
    D:\profiles\LocalService.NT AUTHORITY.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    D:\profiles\LocalService.NT AUTHORITY.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    D:\profiles\LocalService.NT AUTHORITY.001\Local Settings\History\History.IE5\index.dat Object is locked skipped
    D:\profiles\LocalService.NT AUTHORITY.001\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    D:\profiles\LocalService.NT AUTHORITY.001\NTUSER.DAT Object is locked skipped
    D:\profiles\LocalService.NT AUTHORITY.001\NTUSER.DAT.LOG Object is locked skipped
    D:\profiles\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    D:\profiles\NetworkService.NT AUTHORITY.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    D:\profiles\NetworkService.NT AUTHORITY.001\NTUSER.DAT Object is locked skipped
    D:\profiles\NetworkService.NT AUTHORITY.001\NTUSER.DAT.LOG Object is locked skipped
    D:\profiles\O'NeillR\Cookies\index.dat Object is locked skipped
    D:\profiles\O'NeillR\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
    D:\profiles\O'NeillR\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
    D:\profiles\O'NeillR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    D:\profiles\O'NeillR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    D:\profiles\O'NeillR\Local Settings\History\History.IE5\index.dat Object is locked skipped
    D:\profiles\O'NeillR\Local Settings\Temp\services.exe Object is locked skipped
    D:\profiles\O'NeillR\Local Settings\Temp\~DF779.tmp Object is locked skipped
    D:\profiles\O'NeillR\Local Settings\Temp\~DF79E.tmp Object is locked skipped
    D:\profiles\O'NeillR\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    D:\profiles\O'NeillR\Local Settings\Temporary Internet Files\Content.IE5\7IJHE232\6736f989[1].exe Infected: Trojan-Downloader.Win32.Small.sth skipped
    D:\profiles\O'NeillR\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    D:\profiles\O'NeillR\ntuser.dat Object is locked skipped
    D:\profiles\O'NeillR\NTUSER.DAT.LOG Object is locked skipped
    D:\profiles\O'NeillR\zriqhj.exe Infected: Trojan-Downloader.Win32.Small.sth skipped
    D:\System Volume Information\_restore{40AF1343-9B93-4851-9EB7-55CBB3CB6D44}\RP466\change.log Object is locked skipped

    Scan process completed.

    ---------------------------

    Hijack this log posted in next post....
  2. 2008-03-19, 10:38 #2
    nellie
    nellie is offline
    Member
    Join Date
    Mar 2008
    Posts
    33

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:25:42, on 19/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
    c:\Program Files\Fujitsu Services\VPN Client\cvpnd.exe
    C:\WINNT\System32\svchost.exe
    C:\SYSMGT\ETRAV6\InoRpc.exe
    C:\SYSMGT\ETRAV6\InoRT.exe
    C:\SYSMGT\ETRAV6\InoTask.exe
    C:\WINNT\System32\Fast.exe
    C:\WINNT\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    D:\profiles\O'NeillR\LOCALS~1\Temp\services.exe
    C:\WINNT\Explorer.EXE
    C:\SYSMGT\TNGSD\BIN\SDSERV.EXE
    C:\WINNT\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\VMware\VMware Player\vmware-authd.exe
    C:\SYSMGT\TNGSD\BIN\TRIGGAG.EXE
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\WINNT\system32\vmnat.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\WINNT\system32\vmnetdhcp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINNT\LTSMMSG.exe
    C:\WINNT\system32\hkcmd.exe
    C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    C:\WINNT\System32\taskswitch.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINNT\AGRSMMSG.exe
    C:\SYSMGT\ETRAV6\realmon.exe
    C:\WINNT\system32\igfxtray.exe
    C:\SYSMGT\TNGSD\BIN\triggusr.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Fujitsu Siemens\Bluetooth Software\BTTray.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Zone Labs\Integrity Client\iclient.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    D:\profiles\All Users\Start Menu\Programs\Startup\KVM.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\FUJITS~1\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
    D:\profiles\O'NeillR\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cafevik.fs.fujitsu.com/index.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.fel01.icl.local:80
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fs.fujitsu.com;*.icl.fi;*.icl.se;145.227.*.*;172.19.*;192.168.*.*;*.icl.co.uk;*.fjcomp.com;172.30.*.*;<local>
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,D:\profiles\O'NeillR\LOCALS~1\Temp\services.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINNT\System32\taskswitch.exe
    O4 - HKLM\..\Run: [FastUser] C:\WINNT\System32\fast.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Realtime Monitor] C:\SYSMGT\ETRAV6\realmon.exe -s
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Fujitsu Services VPN Client.lnk = C:\Program Files\Fujitsu Services\VPN Client\ipsecdialer.exe
    O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
    O4 - Global Startup: KVM.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Fujitsu Siemens\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.cafevik.fs.fujitsu.com
    O15 - Trusted Zone: *.confarchives.com
    O15 - Trusted Zone: *.conferencing.com
    O15 - Trusted Zone: *.fs.fujitsu.com
    O15 - Trusted Zone: *.genesys.com
    O15 - Trusted Zone: *.icl.co.uk
    O15 - Trusted Zone: *.iconf.net
    O15 - Trusted Zone: *.confarchives.com (HKLM)
    O15 - Trusted Zone: *.conferencing.com (HKLM)
    O15 - Trusted Zone: *.fs.fujitsu.com (HKLM)
    O15 - Trusted Zone: *.genesys.com (HKLM)
    O15 - Trusted Zone: *.icl.co.uk (HKLM)
    O15 - Trusted Zone: *.iconf.net (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus1.firstdi...rontdoorFD.cab
    O16 - DPF: {0BA88017-39EC-4954-B6D3-C366B8C27CE6} (PWLibraryComponent.ctlProjectWEBLibrary) - http://pjweb-uk1.solutionnet.fs.fuji...yComponent.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/gb/securityadvisor...n/pestscan.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1127474906889
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1194346262496
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/gb/securityadvisor...fo/webscan.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} -
    O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/De...pi/activex.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
    O16 - DPF: {CAFECAFE-0013-0001-0017-ABCDEFABCDEF} (JInitiator 1.3.1.17) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = europe.fs.fujitsu.com
    O17 - HKLM\Software\..\Telephony: DomainName = europe.fs.fujitsu.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = europe.fs.fujitsu.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = europe.fs.fujitsu.com
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Fujitsu Siemens\Bluetooth Software\bin\btwdins.exe
    O23 - Service: CA-License Client (CA_LIC_CLNT) - Unknown owner - C:\WINNT\Lic98Rmt.exe
    O23 - Service: CA-License Server (CA_LIC_SRVR) - Unknown owner - C:\WINNT\Lic98RmtD.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\Fujitsu Services\VPN Client\cvpnd.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\SYSMGT\ETRAV6\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\SYSMGT\ETRAV6\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\SYSMGT\ETRAV6\InoTask.exe
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe
    O23 - Service: Unicenter Software Delivery (SDService) - Computer Accociates, Intl Inc. - C:\SYSMGT\TNGSD\BIN\SDSERV.EXE
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

    --
    End of file - 12802 bytes
  3. 2008-03-24, 13:53 #3
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    sorry for delay, no shortage of posters. log dosnt look to bad some items to clean and one to get checked out.

    this looks like a work place computer not a personal one.
    is that the case? normally a business would have somebody in house that could help you.

    since its been a few days, if you still need help; post back
    How Can I Reduce My Risk?
  4. 2008-03-25, 08:03 #4
    nellie
    nellie is offline
    Member
    Join Date
    Mar 2008
    Posts
    33

    Default

    Hi yes this is a workplace computer although I am expected to support the machine myself as I work remotely. Still require assistance please
  5. 2008-03-25, 11:10 #5
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi nellie

    ok iam short on time right now. i will post back later.

    shelf life
    How Can I Reduce My Risk?
  6. 2008-03-26, 00:58 #6
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    ok iam back. lets do this:

    navigate to D:\profiles\O'NeillR
    see if you can find and delete:
    zriqhj.exe
    ----------------------------
    the intresting one is here:
    D:\profiles\O'NeillR\LOCALS~1\Temp\services.exe

    D;\profiles\user name\local settings\Temp
    in the temp folder look for a services.exe running

    if you dont see the Local Settings dir. do this to help show all files:
    FOr XP: on the desktop double click my computer,go to tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

    if you can locate the services.exe do this:

    go to this website below, browse for the .exe again and upload it to the website so it can be checked out.
    http://www.virustotal.com/

    you can copy/paste the results in your reply.

    shelf life
    How Can I Reduce My Risk?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules