Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log - Ie Kept Going To Softwarereferral.com


  • This topic is locked This topic is locked
19 replies to this topic

#1 bryanhepworth

bryanhepworth

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 01 September 2007 - 08:55 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39, on 2007-08-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\lotus\wordpro\ltsstart.exe
C:\lotus\register\remind32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [HPWG myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus SmartSuite 97 Registration.lnk = C:\lotus\register\remind32.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...ZSzed001YYGB_ZS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stanley.clinotherm.com
O17 - HKLM\Software\..\Telephony: DomainName = stanley.clinotherm.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 7669 bytes

BC AdBot (Login to Remove)

 


#2 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 01 September 2007 - 12:01 PM

Hello bryanhepworth

I would like to take a look at this log for you and will get back to you as soon as I can.

Thank You.

#3 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 03 September 2007 - 10:48 AM

Hello bryanhepworth

Please Copy and Paste this post into a new text document or print it for reference

1. Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

2. Download the latest SmitfraudFix by S!Ri from either of these mirrors to your desktop:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip
http://siri.geekstogo.com/SmitfraudFix.zip

Right click SmitfraudFix.zip and Extract (unzip) the SmitfraudFix folder inside to your desktop.
Open the SmitfraudFix folder and double-click "smitfraudfix.cmd"
Select option #1 - "Search" by typing "1" and press "Enter".
Please copy & paste the SmitfraudFix text file which appears back here please.

Thank you.

#4 bryanhepworth

bryanhepworth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 03 September 2007 - 02:03 PM

Ourwilly

Thanks for the reply. I'll be able to check that out in the morning.

Before I posted the original log I do have to say I'd run CCleaner and tidied up quite a bit of stuff. It's not my computer, I'm helping someone else out, however they require the computer for work so I was trying to get it sorted with as minimal disruption as possible. Some of my previous attempts had stopped the redirects for a day or so, but they *magically* came back, which was why I was trying to be more ruthless as to getting to the root cause. I figured another pair of eyes was well called for, thanks for the hand it's much appreciated.

Bryan

#5 bryanhepworth

bryanhepworth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 04 September 2007 - 05:40 AM

SmitFraudFix v2.219

Scan done at 11:39:39.92, 2007-09-04
Run from C:\Documents and Settings\johnw\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\lotus\wordpro\ltsstart.exe
C:\lotus\register\remind32.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\Program Files\Trend Micro\OfficeScan Client\PCCNTMON.EXE
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\HPWGTBX.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\mstsc.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\main_uninstaller.exe FOUND !
C:\WINDOWS\wmpdev.dll FOUND !
C:\WINDOWS\wmphost.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\johnw


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\johnw\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\johnw\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 180.50.1.5

HKLM\SYSTEM\CCS\Services\Tcpip\..\{44D11F38-9461-4010-85A7-5B153C8F2062}: DhcpNameServer=180.50.1.5
HKLM\SYSTEM\CS2\Services\Tcpip\..\{44D11F38-9461-4010-85A7-5B153C8F2062}: DhcpNameServer=180.50.1.5
HKLM\SYSTEM\CS3\Services\Tcpip\..\{44D11F38-9461-4010-85A7-5B153C8F2062}: DhcpNameServer=180.50.1.5
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=180.50.1.5
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=180.50.1.5
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=180.50.1.5


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#6 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 04 September 2007 - 01:12 PM

Hello bryanhepworth

Please Reboot your System into Safe Mode
Shut down your system, then Restart your computer as soon as it starts booting up again continuously tap F8. from the menu select the option to enter Safe Mode

open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Please post a new HiJack This Log & the C:\rapport.txt

Thank you.

#7 bryanhepworth

bryanhepworth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 05 September 2007 - 03:08 AM

SmitFraudFix v2.219

Scan done at 7:35:56.07, 05/09/2007
Run from C:\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\main_uninstaller.exe Deleted
C:\WINDOWS\wmpdev.dll Deleted
C:\WINDOWS\wmphost.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{44D11F38-9461-4010-85A7-5B153C8F2062}: DhcpNameServer=180.50.1.5
HKLM\SYSTEM\CS2\Services\Tcpip\..\{44D11F38-9461-4010-85A7-5B153C8F2062}: DhcpNameServer=180.50.1.5
HKLM\SYSTEM\CS3\Services\Tcpip\..\{44D11F38-9461-4010-85A7-5B153C8F2062}: DhcpNameServer=180.50.1.5
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=180.50.1.5
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=180.50.1.5
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=180.50.1.5


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#8 bryanhepworth

bryanhepworth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 05 September 2007 - 04:01 AM

Hijack This log: -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:48, on 2007-09-05

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\SYSTEM32\DWRCS.EXE

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe

C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe

C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe

C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\lotus\wordpro\ltsstart.exe

C:\lotus\register\remind32.exe

C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Documents and Settings\johnw\Desktop\HiJackThis.exe



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe

O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [HPWG myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe

O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe

O4 - Startup: Lotus SmartSuite 97 Registration.lnk = C:\lotus\register\remind32.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...ZSzed001YYGB_ZS

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [JAVA_IBM] Java (IBM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stanley.clinotherm.com

O17 - HKLM\Software\..\Telephony: DomainName = stanley.clinotherm.com

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe



--

End of file - 7276 bytes

#9 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 05 September 2007 - 10:50 AM

Hello bryanhepworth

Copy and Paste this post into a new text document or print it for reference

1. Please Open Notepad, (Start | Run, type Notepad)
Click Format from the Notepad menu and ensure "Word Wrap" is NOT selected.


2. Now Download ComboFix.exe to your desktop.
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Doubleclick combofix.exe to launch the application.

Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.

Post this log in your next reply

#10 bryanhepworth

bryanhepworth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 06 September 2007 - 08:46 AM

ComboFix 07-08-30.3 - "johnw" 2007-09-06 11:16:21.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.544 [GMT 1:00]

* Created a new restore point





((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))





C:\WINDOWS\dat.txt

C:\WINDOWS\rs.txt





((((((((((((((((((((((((( Files Created from 2007-08-06 to 2007-09-06 )))))))))))))))))))))))))))))))





2007-09-05 07:32 <DIR> d-------- C:\SmitfraudFix

2007-09-04 11:39 53,248 --a------ C:\WINDOWS\system32\Process.exe

2007-09-04 11:39 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2007-09-04 11:39 3,474 --a------ C:\WINDOWS\system32\tmp.reg

2007-09-04 11:39 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2007-08-31 13:21 <DIR> d-------- C:\Program Files\CCleaner

2007-08-31 13:20 <DIR> d-------- C:\spyware

2007-08-30 08:59 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-30 08:57 <DIR> d-------- C:\VundoFix Backups

2007-08-30 07:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com

2007-08-30 07:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2007-08-30 07:41 <DIR> d-------- C:\DOCUME~1\johnw\APPLIC~1\SUPERAntiSpyware.com

2007-08-29 08:00 0 --a------ C:\WINDOWS\nsreg.dat

2007-08-28 14:10 <DIR> d-------- C:\WINDOWS\ERUNT

2007-08-28 13:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-08-28 10:31 <DIR> d-------- C:\DOCUME~1\johnw\APPLIC~1\SpywareBot

2007-08-28 10:30 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

2007-08-27 09:52 102,400 --a------ C:\WINDOWS\system32\drivers\ianswxp.sys





(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



2007-09-05 13:46 --------- d-------- C:\Program Files\AutoCAD LT 98

2007-08-31 13:26 --------- d--h----- C:\Program Files\InstallShield Installation Information

2007-08-28 10:49 --------- d-------- C:\Program Files\Trend Micro

2007-08-27 09:52 --------- d-------- C:\Program Files\Intel

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll

2007-07-19 07:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll

2007-07-13 00:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll

2007-06-27 15:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-27 15:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll

2007-06-27 15:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-06-27 15:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-06-27 15:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-06-27 15:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-06-27 15:34 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll

2007-06-27 15:34 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-06-27 15:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-06-27 15:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-06-27 15:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-06-27 15:34 232960 --------- C:\WINDOWS\system32\dllcache\webcheck.dll

2007-06-27 15:34 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-06-27 15:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll

2007-06-27 15:34 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-06-27 15:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll

2007-06-27 15:34 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll

2007-06-27 15:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll

2007-06-27 15:34 105984 --------- C:\WINDOWS\system32\dllcache\url.dll

2007-06-27 15:34 102400 --------- C:\WINDOWS\system32\dllcache\occache.dll

2007-06-27 09:27 63488 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-06-27 09:27 625152 --------- C:\WINDOWS\system32\dllcache\iexplore.exe

2007-06-27 09:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-06-27 08:00 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll

2007-06-26 22:10 317440 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe

2007-06-26 07:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 07:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll

2007-06-19 14:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-19 14:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll

2007-06-13 11:23 1033216 --a------ C:\WINDOWS\explorer.exe

2007-06-13 11:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll





((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))





*Note* empty entries & legit default entries are not shown



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 19:24]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 19:11]

"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-27 01:36]

"UC_Start"="C:\IBMTools\Updater\ucstartup.exe" [2003-03-17 23:27]

"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 08:56]

"LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [2001-11-20 11:51]

"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2003-11-06 21:27]

"HPWG myPrintMileage Agent"="C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe" [2003-04-17 11:27]

"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31]

"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]

"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 17:24]

"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" []



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]

"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 14:08]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 07:48]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]



C:\DOCUME~1\johnw\STARTM~1\Programs\Startup\

Lotus QuickStart.lnk - C:\lotus\wordpro\ltsstart.exe [1997-01-10 19:02:28]

Lotus SmartSuite 97 Registration.lnk - C:\lotus\register\remind32.exe [1995-11-06 13:56:32]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll



R2 MSSQL$FLUKE;MSSQL$FLUKE;C:\Program Files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe -sFLUKE

R2 ntrtscan;OfficeScanNT RealTime Scan;C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

R2 tmlisten;OfficeScanNT Listener;C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

R2 TmPreFilter;Trend Micro PreFilter;\??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys

S3 PCDRDRV;Pcdr Helper Driver;\??\C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys

S3 SQLAgent$FLUKE;SQLAgent$FLUKE;C:\Program Files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlagent.EXE -i FLUKE





Contents of the 'Scheduled Tasks' folder

2007-08-31 02:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job - C:\Program Files\SpywareBot\SpywareBot.exe



**************************************************************************



catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-06 11:17:52

Windows 5.1.2600 Service Pack 2 NTFS



scanning hidden processes ...



scanning hidden autostart entries ...



scanning hidden files ...



scan completed successfully

hidden files: 0



**************************************************************************



Completion time: 2007-09-06 11:18:52

C:\ComboFix-quarantined-files.txt ... 2007-09-06 11:18

C:\ComboFix2.txt ... 2007-08-30 09:05



--- E O F ---

#11 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 06 September 2007 - 10:57 AM

Hello bryanhepworth

Please Open Hijackthis
Click Open Misc Tools | Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Click on Save List...
The list will be saved as Uninstall_list.txt

In your next reply please post:

1/ A new HijackThis log
2/ The Uninstall_list.txt

Thank you.

#12 bryanhepworth

bryanhepworth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 06 September 2007 - 05:13 PM

ourwilly

Just out of curiousity, is the program list so that you can look at outdated/compromised programs that were used to gain access in the first place?

I'm curious to know how you work through issues like this.

I have to fess up to being a linux person and am doing this for a friend, this is the worst Win PC I've seen to date!

Bry

#13 bryanhepworth

bryanhepworth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 07 September 2007 - 09:46 AM

Access IBM

Adobe Acrobat 5.0

Adobe Flash Player 9 ActiveX

AutoCAD 2004

AutoCAD LT 98

Autodesk Express Viewer

Browser Mouse

CCleaner (remove only)

Driving Test Success 2002-2003

EPSON CardMonitor

EPSON PhotoStarter3.0

EPSON Printer Software

Google Earth

Google Toolbar for Internet Explorer

HijackThis 2.0.2

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB914440)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB926239)

hp designjet printer software

hp deskjet 9300 series

HP System maintenance for HP Designjet 30 130 series

IBM 32-bit Runtime Environment for Java 2, v1.4.0

IBM Access Support

IBM Access Support - Local Content Pack

IBM Themes

IBM Update Connector

InsideIR 3.1

Intel® Extreme Graphics Driver

Intel® PRO Network Adapters and Drivers

Intel® PROSet

Lotus SmartSuite 97

Microsoft .NET Framework 2.0

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office XP Professional

Microsoft Publisher 2002

Microsoft SQL Server Desktop Engine (FLUKE)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Mozilla Firefox (2.0.0.6)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

Nero Suite

Nokia Connectivity Cable Driver

Nokia PC Suite

SafeCast Shared Components

Security Update for Microsoft .NET Framework 2.0 (KB928365)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB883939)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB896688)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901190)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB903235)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB908531)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912812)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913446)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB938829)

SoundMAX

SUPERAntiSpyware Free Edition

Support.com Software

ThinkCentre Wallpaper

Trend Micro OfficeScan Client

Update for Windows XP (KB894391)

Update for Windows XP (KB896727)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB904942)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB933360)

Update for Windows XP (KB936357)

Update for Windows XP (KB938828)

Windows Installer 3.1 (KB893803)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player 11

Windows XP Hotfix - KB834707

Windows XP Hotfix - KB867282

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB885884

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890047

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB890923

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB893066

Windows XP Hotfix - KB893086

Windows XP Service Pack 2















Access IBM
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
AutoCAD 2004
AutoCAD LT 98
Autodesk Express Viewer
Browser Mouse
CCleaner (remove only)
Driving Test Success 2002-2003
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON Printer Software
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp designjet printer software
hp deskjet 9300 series
HP System maintenance for HP Designjet 30 130 series
IBM 32-bit Runtime Environment for Java 2, v1.4.0
IBM Access Support
IBM Access Support - Local Content Pack
IBM Themes
IBM Update Connector
InsideIR 3.1
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Lotus SmartSuite 97
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Publisher 2002
Microsoft SQL Server Desktop Engine (FLUKE)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero Suite
Nokia Connectivity Cable Driver
Nokia PC Suite
SafeCast Shared Components
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
SoundMAX
SUPERAntiSpyware Free Edition
Support.com Software
ThinkCentre Wallpaper
Trend Micro OfficeScan Client
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

Edited by bryanhepworth, 07 September 2007 - 09:47 AM.


#14 ourwilly

ourwilly

  • Members
  • 921 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 PM

Posted 07 September 2007 - 01:17 PM

Hello bryanhepworth

Thank you for doing that for me...

Copy and Paste this post into a new text document or print it for reference

1. Re-open HijackThis and select "Do a System Scan only" and place a checkmark in the boxes before the following entries:

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...ZSzed001YYGB_ZS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

Close any Explorer windows which may be open and click the "Fix Checked" button.


2. Double-click on My Computer, Double-click on Local Disk and navigate to then Right Click on and Delete the following Bold entries if present:

C:\DOCUME~1\johnw\APPLIC~1\SpywareBot
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
C:\SmitfraudFix
C:\VundoFix Backups


Please post a new HijackThis log and can you let me know how this system is running.

Thank you.

#15 bryanhepworth

bryanhepworth
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 11 September 2007 - 02:41 AM

Hi Ourwilly

I've gone through and done those steps. The computer is running much better. This is the latest log: -

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:12, on 2007-09-11

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\SYSTEM32\DWRCS.EXE

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe

C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\lotus\wordpro\ltsstart.exe

C:\lotus\register\remind32.exe

C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe

C:\Program Files\Trend Micro\OfficeScan Client\PCCNTMON.EXE

C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe

C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\HPWGTBX.exe

C:\Documents and Settings\johnw\Desktop\HiJackThis.exe



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe

O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe

O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [HPWG myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe

O4 - Startup: Lotus SmartSuite 97 Registration.lnk = C:\lotus\register\remind32.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [JAVA_IBM] Java (IBM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = stanley.clinotherm.com

O17 - HKLM\Software\..\Telephony: DomainName = stanley.clinotherm.com

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe



--

End of file - 7028 bytes

Edited by bryanhepworth, 11 September 2007 - 02:42 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users