Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Speed Monitor + Freeloader_smitfraud + Rap Generic


  • Please log in to reply
1 reply to this topic

#1 djkeyper

djkeyper

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 10 December 2007 - 06:01 PM

Hello everybody! Thanks in advance for looking into this VERY frustrating case of malware.
I am the desktop tech for a small company and one of my users downloaded My Kaza Gold and over the course of a weekend got more than The Beach Boys. =( After uninstall the crap-ware I did my usual google searching to find out fixes for what our in house Trend Micro calls "Freeloader_Smitfraud" and "RAP_Generic" and what my eyes says is an infection from, at least, the "Internet Speed Monitor". I did find multiple (5+) scanner tools and recomendations to take care of both issues but either those tools found nothing or the fixes mentioned weren't applicable. I don't remember all of the tools I ran becuase this has been going on for over a week. To date I do remember running updated versions of Spybot, Ad-aware, Trend Micro (our in house solution for AV), and Spy Sweeper (full retail). I have since started documenting the steps I am taking and have the following to report.

System Restore settings = even though I have switched this off it keeps being turned on. I turned it off once again.

ATF Cleaner = clean bill of health

AVG AntiSpyware tool = Clean bill of health

SUPERAntiSpyware Home Edition = I ran this once, found nothing, and discovered that the updater was hidden behind the main screen. Grrr. I finished the update and reran the scan. This time it found several malware. I think that it cleared out all of the instances. I captured the log and placed it below.

I then ran the Panda Online Scan. It too found some things but was only able to deal with one of those. Log also appened below.

The Windows updates are up to date as we have a WSUS server feeding updates to all machines.

At this time the machine has TeaTimer, spy Sweeper, SuperAnti spyware and Trend Micro running on it. As it is a laptop I hope to be able to par this down some. =)


Anyways, bottom line is that I am pulling my hair out and the boss man is looking at me like I am an idiot cuz I can't solve this issue. HELP!


start of log info
**************************************************************************************************
SUPERAntiSpyware Scan Log
Generated 12/07/2007 at 04:43 PM

Application Version : 3.6.1000

Core Rules Database Version : 3357
Trace Rules Database Version: 1356

Scan type : Complete Scan
Total Scan Time : 01:31:19

Memory items scanned : 734
Memory threats detected : 1
Registry items scanned : 8294
Registry threats detected : 23
File items scanned : 79381
File threats detected : 17

Trojan.Downloader-Gen/QDRModule
C:\PROGRAM FILES\QDRMODULE\QDRMODULE9.EXE
C:\PROGRAM FILES\QDRMODULE\QDRMODULE9.EXE
[QdrModule9] C:\PROGRAM FILES\QDRMODULE\QDRMODULE9.EXE
C:\DOCUMENTS AND SETTINGS\KGRANT\DOCTORWEB\QUARANTINE\QDRMODULE0.EXE
C:\DOCUMENTS AND SETTINGS\KGRANT\DOCTORWEB\QUARANTINE\QDRMODULE9.EXE
C:\WINDOWS\Prefetch\QDRMODULE9.EXE-09FB96E6.pf

Adware.AdSponsor/ISM
HKLM\Software\Classes\CLSID\{1BAC9A2A-4755-43c3-A430-D3512C5B8A4E}
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}#AppID
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\Implemented Categories
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\InprocServer32
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\InprocServer32#ThreadingModel
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\ProgID
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\TypeLib
HKCR\CLSID\{1BAC9A2A-4755-43C3-A430-D3512C5B8A4E}\VersionIndependentProgID
C:\PROGRAM FILES\QDRDRIVE\QDRDRIVE8.DLL
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1BAC9A2A-4755-43c3-A430-D3512C5B8A4E}
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QDRPACK\QDRPACK9.EXE.VIR

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{875A1348-7674-42aa-ADAC-B4F36A004A2D}
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}#AppID
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\InprocServer32
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\InprocServer32#ThreadingModel
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\ProgID
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\TypeLib
HKCR\CLSID\{875A1348-7674-42AA-ADAC-B4F36A004A2D}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{875A1348-7674-42aa-ADAC-B4F36A004A2D}
C:\DOCUMENTS AND SETTINGS\KGRANT\DOCTORWEB\QUARANTINE\QDRDRIVE0.DLL
C:\DOCUMENTS AND SETTINGS\KGRANT\DOCTORWEB\QUARANTINE\QDRDRIVE1.DLL
C:\DOCUMENTS AND SETTINGS\KGRANT\DOCTORWEB\QUARANTINE\QDRDRIVE8.DLL

Adware.Tracking Cookie
C:\Documents and Settings\rcaddell\Cookies\rcaddell@advertising[2].txt
C:\Documents and Settings\rcaddell\Cookies\rcaddell@waterfrontmedia.112.2o7[1].txt
C:\Documents and Settings\rcaddell\Cookies\rcaddell@ads.pointroll[2].txt
C:\Documents and Settings\rcaddell\Cookies\rcaddell@findwhat[1].txt

Adware.ClickSpring-Variant
C:\DOCUMENTS AND SETTINGS\KGRANT\DOCTORWEB\QUARANTINE\IEXPLORE.EX0.VIR
C:\DOCUMENTS AND SETTINGS\KGRANT\DOCTORWEB\QUARANTINE\IEXPLORE.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PPPATC~1\IEXPLORE.EXE.VIR

Adware.ClickSpring
C:\qoobox\Quarantine\C\WINDOWS\SSEMBL~1\UERINI~1.VIR
**********************************************************************************************************
Panda Active Scan log


Incident Status Location

Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\kgrant\DoctorWeb\Quarantine\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\kgrant\DoctorWeb\Quarantine\restart.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\rcaddell\Cookies\rcaddell@atdmt[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\rcaddell\Cookies\rcaddell@questionmarket[2].txt
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\rcaddell\Desktop\Click to Find and Fix Errors.url
Adware:Adware/DnsInsider Not disinfected C:\qoobox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir[UE.exe]
Virus:Trj/Agent.GMX Not disinfected C:\qoobox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir[WSu.exe]
Virus:Trj/Agent.GXF Disinfected C:\qoobox\Quarantine\C\WINDOWS\b111.exe.vir
********************************************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$NR2005\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\ProgramFiles\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\ProgramFiles\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\MRD023.EXE
C:\ProgramFiles\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe
C:\ProgramFiles\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?p=1153254988
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.2.1:8080
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPScheduler] "C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\ProgramFiles\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Walgreens PhotoShow Media Manager] C:\PROGRA~1\WALGRE~1\WALGRE~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Ebc] "C:\WINDOWS\system32\PPPATC~1\iexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Qcjgtl] C:\WINDOWS\?ssembly\u?erinit.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O15 - Trusted Zone: http://www.amazon.com
O15 - Trusted Zone: http://sharepoint.symbio.corp
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n034p/EN/install/gtdownlr.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164726983426
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://connect.plainscapital.com/dana-cach...perSetupSP1.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SYMBIO.CORP
O17 - HKLM\Software\..\Telephony: DomainName = SYMBIO.CORP
O17 - HKLM\System\CCS\Services\Tcpip\..\{766585DB-BACF-4D15-9DCB-735FA43DEA1D}: NameServer = 207.126.96.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{81DCA6F5-5A65-458B-9496-874822B7A00F}: NameServer = 207.126.96.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{A162D10B-62DC-4BEA-86C4-DA1973FA9DD2}: NameServer = 207.126.96.162
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SYMBIO.CORP
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = SYMBIO.CORP
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: TPLogon - TPLogon.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\ProgramFiles\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\ProgramFiles\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\ProgramFiles\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\ProgramFiles\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Spy Sweeper\SpySweeper.exe

--
End of file - 16992 bytes
**************************************************************************************************************

Attached Files



BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:55 AM

Posted 26 December 2007 - 10:27 PM

Welcome to BC :thumbsup:

Sorry for the delay, the forum has been extremely busy lately.

Since its been a few days, please post a fresh Hijackthis log. Thanks.
Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users