Results 1 to 4 of 4

Thread: Sorry, another Virtumonde post

  1. 2008-07-24, 16:34 #1
    dr.ivy
    dr.ivy is offline
    Junior Member
    Join Date
    Jul 2008
    Posts
    2

    Default Sorry, another Virtumonde post

    Hi,

    Firstly thanks for all the volunteer work from the security experts. It's greatly appreciated.

    SpyBot detects but can not get rid some of the Virtumonde files, but did a good job with some of the others. When I start my computer I get a few crazy cmd windows popping up and disappearing (registering dlls??). A few divs during my browsing time get hijacked (Firefox).

    FYI: I did not run SpyBot under Safe mode as I could not log in.

    Hopefully the logs below will help in diagnosis.
    ComboFix ran before hijackthis was.
    -----------------------------

    ComboFix 08-07-23.5 - pinneri 2008-07-24 15:25:01.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.32.1033.18.1437 [GMT 2:00]
    Running from: d:\Documents and Settings\pinneri\Desktop\ComboFix.exe
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\dmxjcikn.dll
    C:\WINDOWS\system32\dpbjfwao.dll
    C:\WINDOWS\system32\iocuojcv.dll
    C:\WINDOWS\system32\MUFLlnpo.ini
    C:\WINDOWS\system32\MUFLlnpo.ini2
    C:\WINDOWS\system32\opnlLFUM.dll
    C:\WINDOWS\system32\qxwjrmyx.dll
    C:\WINDOWS\system32\rgolen.dll
    C:\WINDOWS\system32\ssqRJcCV.dll
    C:\WINDOWS\system32\vcjoucoi.ini
    C:\WINDOWS\system32\xymrjwxq.ini
    d:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    d:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    d:\Documents and Settings\pinneri\Application Data\Microsoft\dtsc
    d:\Documents and Settings\pinneri\Application Data\Microsoft\dtsc\30255.exe
    d:\Documents and Settings\pinneri\Application Data\Microsoft\dtsc\DesktopThemes v1.89.torrent
    d:\Documents and Settings\pinneri\Application Data\Microsoft\dtsc\DesktopThemes v1.89.zip
    d:\Documents and Settings\pinneri\Application Data\Microsoft\dtsc\IsoBuster 1.0 by iNFERNO.torrent
    d:\Documents and Settings\pinneri\Application Data\Microsoft\dtsc\IsoBuster 1.0 by iNFERNO.zip
    d:\Documents and Settings\pinneri\Application Data\Microsoft\dtsc\s

    ----- BITS: Possible infected sites -----

    http://EUSRV-SMS1:80
    .
    ((((((((((((((((((((((((( Files Created from 2008-06-24 to 2008-07-24 )))))))))))))))))))))))))))))))
    .

    2008-07-24 13:29 . 2008-07-24 13:59 <DIR> d-------- d:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-23 17:34 . 2008-07-24 14:07 110,419 --a------ C:\WINDOWS\BMdf0c181f.xml
    2008-07-23 17:28 . 2008-07-24 15:25 <DIR> d-------- C:\Quarantine
    2008-07-18 13:19 . 2008-07-18 13:19 <DIR> d-------- d:\Documents and Settings\All Users\Application Data\Altova
    2008-07-18 13:19 . 2008-07-18 13:19 <DIR> d-------- C:\Program Files\Common Files\Altova
    2008-07-18 13:19 . 2008-07-18 13:19 <DIR> d-------- C:\Program Files\Altova
    2008-07-18 13:18 . 2008-07-18 13:18 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2008-07-18 13:14 . 2008-07-18 13:14 <DIR> d-------- d:\Documents and Settings\pinneri\Application Data\Helios
    2008-07-18 13:14 . 2008-07-18 13:14 <DIR> d-------- C:\Program Files\TextPad 5
    2008-07-03 11:59 . 2008-07-03 11:59 <DIR> d-------- C:\Program Files\The Little App Factory
    2008-07-03 11:46 . 2008-07-03 11:46 25 --a------ C:\WINDOWS\cdplayer.ini
    2008-07-03 11:44 . 2008-07-03 11:44 <DIR> d-------- C:\Program Files\Common Files\xing shared
    2008-07-03 11:44 . 2008-07-03 11:44 <DIR> d-------- C:\Program Files\Common Files\Real
    2008-07-02 10:11 . 2008-07-02 10:12 <DIR> d-------- d:\Documents and Settings\pinneri\Application Data\ModelMakerTools
    2008-06-27 10:51 . 2008-06-27 10:51 <DIR> d-------- C:\Program Files\TomTom DesktopSuite

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-20 10:46 --------- d-----w d:\Documents and Settings\pinneri\Application Data\OpenOffice.org2
    2008-06-20 10:36 --------- d-----w C:\Program Files\OpenOffice.org 2.4
    2008-06-20 10:36 --------- d-----w C:\Program Files\Java
    2008-06-20 09:12 --------- d-----w C:\Program Files\Microsoft Office Communicator
    2008-06-10 12:31 --------- d-----w d:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-06-06 13:01 --------- d-----w d:\Documents and Settings\pinneri\Application Data\ESRI
    2008-06-06 11:28 --------- d-----w C:\Program Files\Tele Atlas
    2008-05-31 14:53 --------- d-----w d:\Documents and Settings\pinneri\Application Data\Juniper Networks
    2008-05-31 12:32 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Juniper Networks
    2008-05-31 12:32 --------- d-----w C:\Program Files\Juniper Networks
    2008-05-27 23:16 --------- d-----w C:\Program Files\Mplayer
    2008-05-27 23:12 --------- d-----w C:\Program Files\Quake III Arena
    2008-05-27 10:56 --------- d-----w d:\Documents and Settings\pinneri\Application Data\gtk-2.0
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
    "apod"="D:\PROGRA~1\APOD\apod.exe" [2004-11-11 14:44 499712]
    "Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
    "PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 18:23 118784]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 04:03 8495104]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 04:03 81920]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 15:18 995328]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 15:13 1101824]
    "McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 15:06 136512]
    "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 20:50 111952]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="d:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="D:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48 479232]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-03 11:44 185896]
    "nwiz"="nwiz.exe" [2007-11-17 04:03 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NVHotkey"="nvHotkey.dll" [2007-11-17 04:03 86016 C:\WINDOWS\system32\nvhotkey.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376]

    D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    McAfee Host Intrusion Prevention Tray.lnk - C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [2008-03-17 15:23:01 856064]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-01-22 19:08:53 106560]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
    "Script"=localadmins.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
    "Script"=sync_domain_dns.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\2\0]
    "Script"=disable_fw.cmd

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\3\0]
    "Script"=Preset.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\4\0]
    "Script"=SiebelPreparation.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2974012768-110200559-582801959-4012\Scripts\Logon\0\0]
    "Script"=ie_proxy_settings.cmd

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2974012768-110200559-582801959-4012\Scripts\Logon\0\1]
    "Script"=firefox_proxy_settings.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2974012768-110200559-582801959-4012\Scripts\Logon\1\0]
    "Script"=mcframeworkserviceinstall_EU.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2974012768-110200559-582801959-4012\Scripts\Logon\2\0]
    "Script"=fixsms.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2974012768-110200559-582801959-4012\Scripts\Logon\3\0]
    "Script"=CompasIQ.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2974012768-110200559-582801959-4012\Scripts\Logon\4\0]
    "Script"=create_shortcut.cmd

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2974012768-110200559-582801959-4012\Scripts\Logon\5\0]
    "Script"=MapDrivesEurope.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2974012768-110200559-582801959-4012\Scripts\Logon\5\1]
    "Script"=trusted_websites.cmd

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2974012768-110200559-582801959-4012\Scripts\Logon\5\2]
    "Script"=logit.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2974012768-110200559-582801959-4012\Scripts\Logon\6\0]
    "Script"=TAWiMAS.vbs

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=

    R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
    R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 02:50]
    R2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [2007-10-01 18:21]
    R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2008-04-30 21:35]
    R3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2006-02-09 02:50]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9517a237-4421-11dd-b1fd-001e375be6e2}]
    \Shell\AutoRun\command - F:\InstallTomTomHOME.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5084F01D-458E-45EB-A6FD-692D4C9D2789}]
    C:\WINDOWS\system32\msiexec.exe /qn /fpu {5084F01D-458E-45EB-A6FD-692D4C9D2789}
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-dc3f2b83 - C:\WINDOWS\system32\qxwjrmyx.dll
    HKLM-Run-BMdf0c181f - C:\WINDOWS\system32\xoqwqrhy.dll
    Notify-igfxcui - (no file)


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = about:blank
    R1 -: HKCU-Internet Settings,ProxyOverride = ;
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-24 15:32:23
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\srvany.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
    C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    C:\WINDOWS\system32\CCM\clicomp\RemCtrl\Wuser32.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
    C:\Program Files\McAfee\Common Framework\Mctray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2008-07-24 15:37:48 - machine was rebooted [pinneri]
    ComboFix-quarantined-files.txt 2008-07-24 13:37:43

    Pre-Run: 24,716,271,616 bytes free
    Post-Run: 24,538,275,840 bytes free

    194 --- E O F --- 2008-05-26 09:01:34


    -------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:40, on 2008-07-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\Srvany.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\PROGRA~1\APOD\apod.exe
    C:\Program Files\Microsoft Office Communicator\Communicator.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    D:\Program Files\wincmd\TOTALCMD.EXE
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "d:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [apod] D:\PROGRA~1\APOD\apod.exe
    O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
    O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.ta.global
    O15 - Trusted Zone: *.teleatlas.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1201000380328
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ta.global
    O17 - HKLM\Software\..\Telephony: DomainName = ta.global
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ta.global
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ta.global
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ta.global
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PWReset - Unknown owner - C:\WINDOWS\System32\Srvany.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 9743 bytes

    ---------------------------

    Again, any help on this matter will be greatly appreciated.

    Ciao,
    Ivy

    ---------------------------------------------
    Do NOT run 'fixes' before helpers have analyzed the HJT log
    Last edited by tashi; 2008-07-24 at 17:35. Reason: Mod: added FYI link for all members
  2. 2008-07-28, 15:23 #2
    katana
    katana is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.
    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. If you don't know, stop and ask! Don't keep going on.
    2. Please reply to this thread. Do not start a new topic.
    3. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those three things, everything should go smoothly :D

    I apologize for the delay in responding, but as you can probably see the forums are quite busy.
    Unfortunately there are far more people needing help than there are helpers.

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe

    ----------------------------------------------------------------------------------------



    Click here to download HJTinstall.exe
    • Save HJTinstall.exe to your desktop.
    • Double click on the HJTinstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\Hijack This.
    • Click I accept
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.







    Installed Programs

    Please could you give me a list of the programs that are installed.
    • Start HijackThis
    • Click on the Misc Tools button
    • Click on the Open Uninstall Manager button.

    You will see a list with the programs installed in your computer.
    Click on save list button and specify where you would like to save this file.
    When you press Save button a notepad will open with the contents of that file.
    Simply copy and paste the contents of that notepad into your next post.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY
  3. 2008-07-28, 15:46 #3
    dr.ivy
    dr.ivy is offline
    Junior Member
    Join Date
    Jul 2008
    Posts
    2

    Default Hope this helps

    Hi Katana,

    Thanks for your quick response and any help is greatly appreciated. I have also ran Spybot in Safe mode now. Hopefully you can tell, from below, if it was successful.



    HijackThis Log:

    ------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:38, on 2008-07-28
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    d:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\Srvany.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\PROGRA~1\APOD\apod.exe
    C:\Program Files\Microsoft Office Communicator\Communicator.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    D:\Program Files\wincmd\TOTALCMD.EXE
    C:\Program Files\MKS\IntegrityClient\bin\IntegrityClient.exe
    C:\Program Files\TextPad 5\TextPad.exe
    D:\Program Files\SQL Developer\sqldeveloper\sqldeveloper.exe
    D:\Program Files\Sybase\PowerDesigner 9\pdshell9.exe
    C:\Program Files\Borland\BDS\4.0\Bin\bds.exe
    C:\Program Files\Common Files\Microsoft Shared\Help\dexplore.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "d:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [apod] D:\PROGRA~1\APOD\apod.exe
    O4 - HKCU\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
    O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1201000380328
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ta.global
    O17 - HKLM\Software\..\Telephony: DomainName = ta.global
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ta.global
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ta.global
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ta.global
    O20 - Winlogon Notify: !SASWinLogon - d:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - d:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PWReset - Unknown owner - C:\WINDOWS\System32\Srvany.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 10000 bytes


    -------------

    Installed software

    -------------
    Ad-Aware
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 8.1.2 - Nederlands
    Adobe Shockwave Player
    Altova XMLSpy® 2008 rel. 2 sp1 Enterprise Edition
    APOD
    Apple Mobile Device Support
    Apple Software Update
    AR System Alert 5.1
    AR System User 5.1
    ArcGIS Desktop
    Avidemux 2.4
    BDE Delphi4
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    Borland Developer Studio 2006
    Broadcom Gigabit Integrated Controller
    Conexant HDA D330 MDC V.92 Modem
    ESRI ArcExplorer 2.0
    Google Gmail Notifier
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB926239)
    INFORMIX-Connect
    Intel(R) PROSet/Wireless Software
    iPodRip
    iTunes
    Java(TM) 6 Update 4
    Java(TM) 6 Update 5
    Juniper Networks Network Connect 6.0.0
    LeechFTP
    M3U2iTunes
    McAfee VirusScan Enterprise
    mCore
    mDriver
    mDrWiFi
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft .NET Framework SDK (English) 1.1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 97, Professional Edition
    Microsoft Office Communicator 2005
    Microsoft Office Professional Edition 2003
    Microsoft Office Visio Professional 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual J# .NET Redistributable Package 1.1
    Microsoft WorldWide Telescope
    mIWA
    MKS Integrity Client 2006
    mLogView
    mMHouse
    ModelMaker Pascal Edition 9.18d
    Mozilla Firefox (3.0.1)
    mPfMgr
    mPfWiz
    mProSafe
    mSCfg
    mSSO
    MSXML 4.0 SP2 (KB936181)
    MSXML 6.0 Parser (KB933579)
    mWlsSafe
    mWMI
    mZConfig
    NVIDIA Drivers
    OpenOffice.org 2.4
    Oz776 SCR Driver V1.1.4.2
    PowerDVD
    Python 2.3 cx_Oracle-4.3.3-10g
    Python 2.3.4
    Python 2.4.1
    QuickTime
    RealPlayer
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio Update Manager
    RunAlyzer
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB946026)
    SigmaTel Audio
    Sonic Activation Module
    Spybot - Search & Destroy
    SQLTools 1.4 (remove only)
    SQLTools 1.5 (remove only)
    SUPERAntiSpyware Free Edition
    Sybase PowerDesigner 12.0 Viewer
    Sybase PowerDesigner 9.0 Beta 2
    TextPad 5
    Total Commander (Remove or Repair)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911164)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB916846)
    Update for Windows XP (KB920342)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB925876)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    VideoLAN VLC media player 0.8.6e
    Virtual Treeview 4.5.2
    VNC 3.3.7
    WavePad Uninstall
    Windows Commander (Remove only)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB889320
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinZip
    XNote Stopwatch 1.40

    --------------------

    Kind regards,
    Ivy
  4. 2008-07-28, 15:54 #4
    katana
    katana is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    1. Please download FixPolicies.exe by Bill Castner and save it to your desktop.
    2. Double click on FixPolicies.exe to run it.
    3. Click on Install. It will create a folder named FixPolicies on your desktop.
    4. Open the FixPolicies folder.
    5. Double click on Fix_policies.cmd to run it. Command Prompt will open and close quickly; this is normal.





    Your Java and Adobe is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Please follow these steps to remove older version Java and Adobe components and update.

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u7 from http://java.sun.com/javase/downloads/index.jsp
    • Scroll down to where it says "The Java Runtime Environment (JRE) 6 update 7 allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.


    Update Adobe Acrobat Reader
    • Please go to this link Adobe Acrobat Reader Download Link
    • Cllick Download
    • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
    • Click the Continue button
    • Click Run, and click Run again
    • Next click the Install Now button and follow the on screen prompts


    Now close all windows, including your browser.
    Double click on the Java installation that you downloaded and follow the prompts.

    Remove Programs
    Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,
    click on the program to highlight it, and click on remove.
    • Java(TM) 6 Update 4
      Java(TM) 6 Update 5
    Now close the Control Panel.

    Reboot your machine.





    Kaspersky Online Scanner .
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    NOTE:- This scan is best done from IE (Internet Explorer)
    NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
    Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

    Read the Requirements and limitations before you click Accept.
    Allow the ActiveX download if necessary and let the database download.
    Once the database has downloaded, click My Computer in the left pane
    Now go and put the kettle on !
    When the scan has completed, click Save Report As...
    Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


    What problems are you currently having ?
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules