Page 3 of 6 FirstFirst 123456 LastLast
Results 21 to 30 of 51

Thread: Virtumonde Malware Problem

  1. 2009-01-06, 23:09 #21
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    ok good. lets get a file checked out.
    to help show all files you can do this:

    FOr XP: on the desktop double click my computer,at the top click on> tools>folder options>view> then select "show hidden files and folders", then UNcheck "hide protected operating system files " also UNcheck "hide extensions for known file types" click apply to all folders, apply then ok

    navigate to:
    c:\windows\system32
    and see if you can spot this:
    Partizan.exe

    if so, go to the website below, browse for the file again on your computer and upload it so it can be checked out. you can copy/paste the results in your reply. site can get busy at times.

    website:
    http://www.virustotal.com/
    How Can I Reduce My Risk?
  2. 2009-01-07, 01:22 #22
    gblgbl38
    gblgbl38 is offline
    Member
    Join Date
    Dec 2008
    Posts
    35

    Default

    I think this file is associated with an AV tool I tried to download prior to starting this thread. Maybe it's one of those apps that masks as good AV, but is, in reality, malware. I believe the product was RegRun 5 by GreatIs Software. Have you heard of this or do you know about it? I think the Partizan piece checks the system as an anti-rootkit prior to loading Windows.

    I uploaded the file successfully. I'm not sure what I'm looking for and what to include, so I'll include both the initial page:


    File has already been analysed:
    MD5: e83cbb77d5523947f7e9424316822230
    First received: 07.23.2008 14:39:30 (CET)
    Date: 12.20.2008 10:46:05 (CET) [>17D]
    Results: 1/38
    Permalink: analisis/2c83f016ece5746763f1c27efcdba069

    and the report page:

    File partizan.exe received on 12.20.2008 10:43:24 (CET)
    Antivirus Version Last Update Result
    AhnLab-V3 2008.12.19.3 2008.12.19 -
    AntiVir 7.9.0.45 2008.12.19 -
    Authentium 5.1.0.4 2008.12.20 -
    Avast 4.8.1281.0 2008.12.19 -
    AVG 8.0.0.199 2008.12.19 -
    BitDefender 7.2 2008.12.20 -
    CAT-QuickHeal 10.00 2008.12.20 -
    ClamAV 0.94.1 2008.12.20 -
    Comodo 781 2008.12.19 -
    DrWeb 4.44.0.09170 2008.12.20 -
    eSafe 7.0.17.0 2008.12.18 -
    eTrust-Vet 31.6.6269 2008.12.19 -
    Ewido 4.0 2008.12.19 -
    F-Prot 4.4.4.56 2008.12.19 -
    F-Secure 8.0.14332.0 2008.12.20 Suspicious:W32/DNSChanger!Gemini
    Fortinet 3.117.0.0 2008.12.20 -
    GData 19 2008.12.20 -
    Ikarus T3.1.1.45.0 2008.12.20 -
    K7AntiVirus 7.10.559 2008.12.19 -
    Kaspersky 7.0.0.125 2008.12.20 -
    McAfee 5469 2008.12.19 -
    McAfee+Artemis 5469 2008.12.19 -
    Microsoft 1.4205 2008.12.20 -
    NOD32 3707 2008.12.19 -
    Norman 5.80.02 2008.12.19 -
    Panda 9.0.0.4 2008.12.20 -
    PCTools 4.4.2.0 2008.12.19 -
    Prevx1 V2 2008.12.20 -
    Rising 21.08.52.00 2008.12.20 -
    SecureWeb-Gateway 6.7.6 2008.12.19 -
    Sophos 4.37.0 2008.12.20 -
    Sunbelt 3.2.1801.2 2008.12.11 -
    Symantec 10 2008.12.20 -
    TheHacker 6.3.1.4.193 2008.12.19 -
    TrendMicro 8.700.0.1004 2008.12.19 -
    VBA32 3.12.8.10 2008.12.20 -
    ViRobot 2008.12.20.1528 2008.12.20 -
    VirusBuster 4.5.11.0 2008.12.19 -
    Additional information
    File size: 28672 bytes
    MD5...: e83cbb77d5523947f7e9424316822230
    SHA1..: 2d0722b00eaa0e3436d915e50ede398a1f2f3806
    SHA256: aaeb2d731a1e2816e848ee813d719472afc2c22957af3653c1111a7419c62d8a
    SHA512: 28c4e0ddeaaaac125f69d14c7c3c61f34b436bb8076c133a345598fa81c5014b<br>002518ce0dda9eea32818eb7e268cbd19e899e6b5adf46af8cacbb648b54c9d3<br>
    ssdeep: 384:JE8pNGT/MEGsGrmyoQMnYzFTOyqdnnWRE3Ra3bh+:acMT/ME3cM2qqE3M3bo<br>
    PEiD..: -
    TrID..: File type identification<br>Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x401000<br>timedatestamp.....: 0x48491eac (Fri Jun 06 11:25:32 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x31ee 0x3200 5.63 0a3df165ae52639ca6a0dfaa8282b1f3<br>.rdata 0x5000 0x49a 0x600 4.11 35a167108aab8012aded551e0f820b3e<br>.data 0x6000 0x1b5c 0x1c00 3.40 41a6558f30dd6a7e6ceed137f5012890<br>.rsrc 0x8000 0x1358 0x1400 4.02 87501695ce4dbb53b5f5f5f064b3b847<br>.reloc 0xa000 0x33e 0x400 5.49 e7c3be85d684482a26df0c03c5478e06<br><br>( 1 imports ) <br>&gt; ntdll.dll: NtTerminateProcess, NtClose, RtlFreeHeap, RtlCompareUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, memmove, NtReadFile, RtlAllocateHeap, RtlCreateHeap, memset, NtQueryInformationFile, RtlTimeToTimeFields, NtQuerySystemTime, swprintf, NtCreateFile, NtOpenFile, RtlUpcaseUnicodeString, RtlDosPathNameToNtPathName_U, RtlGetVersion, RtlInitUnicodeString, NtDeleteFile, NtSetInformationFile, NtQueryAttributesFile, NtFlushBuffersFile, NtFlushKey, NtSaveKey, RtlAdjustPrivilege, NtOpenKey, NtEnumerateKey, NtEnumerateValueKey, NtQueryKey, _chkstk, NtDelayExecution, _allmul, NtWriteFile, NtUnloadKey, NtLoadKey, NtDeleteKey, NtOpenSymbolicLinkObject, memcpy, RtlQueryRegistryValues, NtDisplayString<br><br>( 0 exports ) <br>
    CWSandbox info: <a href="http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=e83cbb77d5523947f7e9424316822230" target="_blank">http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=e83cbb77d5523947f7e9424316822230</a>
  3. 2009-01-07, 03:00 #23
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    yes I think your right. Yes I have heard of RegRun but I really know nothing about it as a anti-malware tool. Hows it all looking on your end now? post one more hjt log.
    How Can I Reduce My Risk?
  4. 2009-01-07, 07:23 #24
    gblgbl38
    gblgbl38 is offline
    Member
    Join Date
    Dec 2008
    Posts
    35

    Default

    My computer is running much more smoothly now, though I'm still unsure if I can resume doing online banking, etc.

    Here is the latest HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:15 PM, on 1/6/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\LANDesk\Shared Files\residentagent.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    C:\PROGRA~1\LANDesk\LDClient\issuser.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$GASP\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\srvany.exe
    C:\pvsw\bin\w3dbsmgr.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\LANDesk\LDClient\softmon.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\LANDesk\LDClient\collector.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=2061014
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [PeachtreePrefetcher.exe] "C:\PROGRA~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
    O4 - HKLM\..\Run: [sowepaveri] Rundll32.exe "C:\WINDOWS\system32\lufabowe.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1228978302390
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1228978632156
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://btconferencing.webex.com/cli...ex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intl.businessobjects.com
    O17 - HKLM\Software\..\Telephony: DomainName = intl.businessobjects.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intl.businessobjects.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = usa.businessobjects.com,intl.businessobjects.com,crystald.net,crystaldecisions.com,businessobjects.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intl.businessobjects.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = usa.businessobjects.com,intl.businessobjects.com,crystald.net,crystaldecisions.com,businessobjects.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = intl.businessobjects.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = usa.businessobjects.com,intl.businessobjects.com,crystald.net,crystaldecisions.com,businessobjects.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = usa.businessobjects.com,intl.businessobjects.com,crystald.net,crystaldecisions.com,businessobjects.com
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    O23 - Service: Intel PDS - Unknown owner - C:\WINDOWS\system32\CBA\pds.exe (file missing)
    O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Pervasive.SQL Workgroup Engine - Unknown owner - C:\WINDOWS\system32\srvany.exe
    O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 15418 bytes
  5. 2009-01-08, 03:22 #25
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    thanks for all the info. hold off on the online transactions until we are all done.

    please disable tea timer for the next part:

    1. Run Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    3. On the left hand side, Click on Tools
    4. Then click on the Resident Icon in the List
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.

    start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

    O4 - HKLM\..\Run: [sowepaveri] Rundll32.exe "C:\WINDOWS\system32\lufabowe.dll",s

    reboot computer, rescan and post a new hjt log and also a uninstall log which you can get like this;

    start hjt
    click on open misc tools section
    click on open uninstall manager
    then click Save List
    post the list.
    How Can I Reduce My Risk?
  6. 2009-01-08, 06:01 #26
    gblgbl38
    gblgbl38 is offline
    Member
    Join Date
    Dec 2008
    Posts
    35

    Default

    Shelf Life,

    Thanks for all your help so far. It seems we're making progress.

    Here is the new HJT log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:45 PM, on 1/7/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\LANDesk\Shared Files\residentagent.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    C:\PROGRA~1\LANDesk\LDClient\issuser.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$GASP\Binn\sqlservr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\srvany.exe
    C:\pvsw\bin\w3dbsmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\LANDesk\LDClient\softmon.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\LANDesk\LDClient\LDIScn32.EXE
    C:\Program Files\LANDesk\LDClient\vulScan.exe
    C:\Program Files\LANDesk\LDClient\collector.exe
    C:\Program Files\LANDesk\LDClient\LDregwatch.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\PROGRA~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\LANDesk\LDClient\LDIScn32.EXE
    C:\Program Files\LANDesk\LDClient\vulScan.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =

    http://www.google.com/ig/dell?hl=en&...us&ibd=2061014
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

    files\google\googletoolbar4.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584}

    - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program

    Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI]

    C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI

    Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe

    bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network

    Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network

    Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program

    Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program

    Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat

    7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [PeachtreePrefetcher.exe]

    "C:\PROGRA~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe"

    /configfile:peachtreeprefetcher.winstart.config
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software

    Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support

    Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common

    Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero

    BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major

    Audio\WDM\stsystra.exe
    O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

    Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft

    ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

    "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

    Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

    Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF -

    res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF -

    res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF -

    res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF -

    res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF -

    res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF -

    res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite -

    {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

    C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -

    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F}

    - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 -

    {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth

    Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

    C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -

    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144

    - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://www.update.microsoft.com/wind...x86/client/wuw

    eb_site.cab?1228978302390
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://update.microsoft.com/microsof...6/client/muweb

    _site.cab?1228978632156
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -

    https://btconferencing.webex.com/cli...ex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =

    intl.businessobjects.com
    O17 - HKLM\Software\..\Telephony: DomainName = intl.businessobjects.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =

    intl.businessobjects.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList =

    usa.businessobjects.com,intl.businessobjects.com,crystald.net,crystaldecision

    s.com,businessobjects.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =

    intl.businessobjects.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList =

    usa.businessobjects.com,intl.businessobjects.com,crystald.net,crystaldecision

    s.com,businessobjects.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain =

    intl.businessobjects.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList =

    usa.businessobjects.com,intl.businessobjects.com,crystald.net,crystaldecision

    s.com,businessobjects.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList =

    usa.businessobjects.com,intl.businessobjects.com,crystald.net,crystaldecision

    s.com,businessobjects.com
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program

    Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

    C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program

    Files\Belkin\Bluetooth Software\bin\btwdins.exe
    O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. -

    C:\Program Files\LANDesk\Shared Files\residentagent.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program

    Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

    Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel

    32\IDriverT.exe
    O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. -

    C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    O23 - Service: Intel PDS - Unknown owner - C:\WINDOWS\system32\CBA\pds.exe

    (file missing)
    O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) -

    LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software,

    Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. -

    C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network

    Associates, Inc. - C:\Program Files\Network Associates\Common

    Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates,

    Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network

    Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program

    Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

    Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Pervasive.SQL Workgroup Engine - Unknown owner -

    C:\WINDOWS\system32\srvany.exe
    O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk

    Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter)

    (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell

    Support Center\bin\sprtsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software

    Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner -

    C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 15671 bytes


    And here is the Uninstall List:

    32 Bit HP CIO Components Installer
    ACDSee
    Ad-Aware
    Adobe Acrobat 4.0
    Adobe Acrobat 7.1.0 Professional
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 7.0.5 Language Support
    Adobe Reader 7.0.9
    Age of Mythology Gold
    Alchemy 1.2
    AOLIcon
    Apple Software Update
    ATI - Software Uninstall Utility
    ATI Catalyst Control Center
    ATI Display Driver
    AusLogics Disk Defrag
    AVG Anti-Rootkit Free
    BearFlix
    Bejeweled 1.23
    Belkin Bluetooth Software
    Broadcom 440x 10/100 Integrated Controller
    Broadcom Management Programs
    Bsecure Internet Protection Services v.5.0
    Business Plan Pro 2003
    CCleaner (remove only)
    CDDRV_Installer
    Conexant HDA D110 MDC V.92 Modem
    Consulting Business
    Dell Digital Jukebox Driver
    Dell Media Experience
    Dell Support Center (Support Software)
    Dell Wireless WLAN Card
    DellSupport
    DesertCombat 0.7
    DiscAPI (Studio 10)
    DivX
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    Dynomite 2.01
    FoxyTunes for Firefox
    GameSpy Arcade
    GASP Standard 7.1
    GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)
    GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)
    Ghost Recon
    Google Earth
    Google Toolbar for Internet Explorer
    Google Updater
    GospeLink 2001
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    HP Document Manager 1.0
    HP Imaging Device Functions 10.0
    HP Officejet J6400 Series
    HP PSC & OfficeJet 3.5
    HP Smart Web Printing
    HP Solution Center 10.0
    HP Update
    ICE Book Reader Professional v8.10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1
    KhalInstallWrapper
    Kinko's File Prep Tool
    LANDesk Advance Agent
    LDS Gospel Resource
    Learn2 Player (Uninstall Only)
    LimeWire 4.16.6
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    McAfee VirusScan Enterprise
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft ActiveSync
    Microsoft Age of Empires II: The Conquerors Expansion
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Money 2005
    Microsoft National Language Support Downlevel APIs
    Microsoft Office FrontPage 2003
    Microsoft Office Professional Edition 2003
    Microsoft Office Visio Professional 2003
    Microsoft Outlook Personal Folders Backup
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (ESM)
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Desktop Engine (GASP)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Streets and Trips 2005
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Virtual PC 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Modem Helper
    Mozilla Firefox (3.0.5)
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    msxml4
    MSXML4 Parser
    Nero 8
    neroxml
    NetWaiting
    NotePadSync
    OCR Software by I.R.I.S. 10.0
    Peachtree Pro Accounting 2008
    PeachTree Signature Ready Forms
    PeopleSoft CRM Client 8.6 SP2
    Pervasive Software PSQL v9.1 Client
    Pervasive System Analyzer v9.1
    Pinnacle device drivers
    Pinnacle Instant DVD Recorder
    PivotTable
    PowerDVD 5.7
    proDAD Heroglyph 2.5
    QuickSet
    QuickTime
    RAPID (Studio 10)
    RealPlayer
    SAMSUNG Mobile Modem Driver Set
    Sardegna3D
    Security Task Manager 1.7g
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    SharpReader 0.9.7.0
    SigmaTel Audio
    SmartSound Quicktracks Plugin
    SnagIt 9
    Sonic Foundry Sound Forge 6.0
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    Studio 10
    Studio 10 Bonus DVD
    Synaptics Pointing Device Driver
    The Battle for Middle-earth (tm)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    VC 9.0 Runtime
    VCRedistSetup
    Viewpoint Media Player
    WebCyberCoach 3.2 Dell
    WebEx
    Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
    Windows Imaging Component
    Windows Live Messenger
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows Messenger 5.1
    Windows Mobile® Device Handbook
    Windows Presentation Foundation
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    Windows XP Service Pack 3
    WinRAR archiver
    XQDC X-Setup Pro 9.0.100
    Xvid 1.1.3 final uninstall
    ZoneAlarm
  7. 2009-01-08, 06:04 #27
    gblgbl38
    gblgbl38 is offline
    Member
    Join Date
    Dec 2008
    Posts
    35

    Default

    Sorry, text wrapping was on for my HJT log in that last post. Here it is without text wrapping:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:45 PM, on 1/7/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\LANDesk\Shared Files\residentagent.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    C:\PROGRA~1\LANDesk\LDClient\issuser.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$GASP\Binn\sqlservr.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\srvany.exe
    C:\pvsw\bin\w3dbsmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\LANDesk\LDClient\softmon.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\LANDesk\LDClient\LDIScn32.EXE
    C:\Program Files\LANDesk\LDClient\vulScan.exe
    C:\Program Files\LANDesk\LDClient\collector.exe
    C:\Program Files\LANDesk\LDClient\LDregwatch.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\PROGRA~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\LANDesk\LDClient\LDIScn32.EXE
    C:\Program Files\LANDesk\LDClient\vulScan.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=2061014
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [PeachtreePrefetcher.exe] "C:\PROGRA~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O10 - Unknown file in Winsock LSP: inetcntrl0011.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1228978302390
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1228978632156
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://btconferencing.webex.com/cli...ex/ieatgpc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intl.businessobjects.com
    O17 - HKLM\Software\..\Telephony: DomainName = intl.businessobjects.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intl.businessobjects.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = usa.businessobjects.com,intl.businessobjects.com,crystald.net,crystaldecisions.com,businessobjects.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intl.businessobjects.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = usa.businessobjects.com,intl.businessobjects.com,crystald.net,crystaldecisions.com,businessobjects.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = intl.businessobjects.com
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = usa.businessobjects.com,intl.businessobjects.com,crystald.net,crystaldecisions.com,businessobjects.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = usa.businessobjects.com,intl.businessobjects.com,crystald.net,crystaldecisions.com,businessobjects.com
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
    O23 - Service: Intel PDS - Unknown owner - C:\WINDOWS\system32\CBA\pds.exe (file missing)
    O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
    O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Pervasive.SQL Workgroup Engine - Unknown owner - C:\WINDOWS\system32\srvany.exe
    O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 15671 bytes
  8. 2009-01-09, 00:44 #28
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    good. thanks for the info. Check MBAM for any updates and rescan and post the log please. Hjt log looks ok. that text wrapping does make if difficult to read.

    RE:LimeWire 4.16.6 There is much malware that is distributed via p2p networks.
    How Can I Reduce My Risk?
  9. 2009-01-09, 01:09 #29
    gblgbl38
    gblgbl38 is offline
    Member
    Join Date
    Dec 2008
    Posts
    35

    Default

    With MBAM, should I do a quick scan or a full scan?

    RE: LimeWire, whenever I have used it, it's been almost strictly for MP3 sharing. What's the likelihood of malware with an MP3 file?
  10. 2009-01-09, 01:19 #30
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    Full scan please. A file can be named anything audio mp3 or video. Just pointing it out as a potential malware source. Most people dont need more sources for malware.
    How Can I Reduce My Risk?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules