Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager, Folder Options, Regedit All Disabled Consistantly Rebooting


  • This topic is locked This topic is locked
5 replies to this topic

#1 pmahelpdesk

pmahelpdesk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 30 July 2008 - 04:11 PM

we have a number of computers on our network that have one or more of the following symptoms disabled task manager, regedit, and folder options. Some machines continually reboot. Virus scanner does not find anything wrong. Softspy idenfies the changed registry keys and can correct them but after reboot it all goes back to being disabled. log to follow

Deckard's System Scanner v20071014.68
Run by administrator on 2008-07-30 16:58:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:34 PM, on 7/30/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys
C:\WINNT\System32\CpqRcmc.exe
C:\Compaq\vcagent\vcagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\EMC\PowerPath\PowMigSrvc.exe
C:\Program Files\EMC\PowerCommon\EmcPowSrv.exe
C:\Program Files\CommVault\Galaxy\Base\cvd.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\EMC\Navisphere Agent\Naviagent.exe
C:\Program Files\Common Files\Intuit\Track-It!\PRISMXL.SYS
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\compaq\survey\Surveyor.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\TIREMOTE\wuser32.exe
C:\WINNT\TIREMOTE\TIRemoteService.exe
C:\DMI\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\WINNT\System32\CPQNiMgt\CPQNIMGT.EXE
C:\WINNT\system32\cpqmgmt\CqMgServ\CqMgServ.EXE
C:\WINNT\system32\cpqmgmt\cqmgstor\cqmgstor.exe
C:\WINNT\system32\Dfssvc.exe
C:\Program Files\CommVault\Galaxy\Base\evmgrc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\system32\sysdown.exe
C:\WINNT\system32\cpqmgmt\CqMgHost\CQMGHOST.EXE
C:\WINNT\System32\CPQMGMT\CPQWMGMT.EXE
C:\WINNT\Explorer.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\naPrdMg.exe
C:\WINNT\system32\cpqteam.exe
C:\Program Files\Track-It! Deploy\Client\PTClient.exe
C:\WINNT\TIREMOTE\TIServiceMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\system32\slvcm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EMC\PowerCommon\EmcPowMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\Administrator.PMANT1\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eventid.net/
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\naPrdMg.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar3.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar3.dll
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [Prism Deploy Client] "C:\Program Files\Track-It! Deploy\Client\PTClient.exe" /Subscriber
O4 - HKLM\..\Run: [Track-It! Workstation Manager Service Monitor] C:\WINNT\TIREMOTE\TIServiceMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [slvcm.exe] C:\WINNT\system32\slvcm.exe
O4 - HKLM\..\Run: [naPrdMg.exe] C:\WINNT\system32\naPrdMg.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPath Monitor.lnk = C:\Program Files\EMC\PowerCommon\EmcPowMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - https://is-v174h3p7apuw:50000/ui/classes/j2..._1_02-win-i.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pmant1.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{F76F00C9-FF72-4033-A800-58424DF298B0}: NameServer = 192.168.10.80
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pmant1.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pmant1.local
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Channel Deployer - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys
O23 - Service: Compaq NIC Agents (CPQNicMgmt) - Compaq Computer Corp. - C:\WINNT\System32\CPQNiMgt\CPQNIMGT.EXE
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.exe
O23 - Service: Compaq Version Control Agent (cpqvcagent) - Compaq Computer Corporation - C:\Compaq\vcagent\vcagent.exe
O23 - Service: Compaq Web Agent (CpqWebMgmt) - HP Corporation - C:\WINNT\System32\CPQMGMT\CPQWMGMT.EXE
O23 - Service: Compaq Foundation Agents (CqMgHost) - Compaq Computer Corp. - C:\WINNT\system32\cpqmgmt\CqMgHost\CQMGHOST.EXE
O23 - Service: Compaq Server Agents (CqMgServ) - Compaq Computer Corp. - C:\WINNT\system32\cpqmgmt\CqMgServ\CqMgServ.EXE
O23 - Service: Compaq Storage Agents (CqMgStor) - Compaq Computer Corp. - C:\WINNT\system32\cpqmgmt\cqmgstor\cqmgstor.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EMC PowerPath Migration Service 5.1.0 (EmcPowMig) - EMC Corporation - C:\Program Files\EMC\PowerPath\PowMigSrvc.exe
O23 - Service: EMC PowerPath Service 5.1.0 (EmcPowSrv) - EMC Corporation - C:\Program Files\EMC\PowerCommon\EmcPowSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Galaxy Communications Service (Instance001) (GxCVD(Instance001)) - CommVault Systems - C:\Program Files\CommVault\Galaxy\Base\cvd.exe
O23 - Service: Galaxy Client Event Manager (Instance001) (GxEvMgrC(Instance001)) - CommVault Systems - C:\Program Files\CommVault\Galaxy\Base\evmgrc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Navisphere Agent (Navisphere_Agent) - Unknown owner - C:\Program Files\EMC\Navisphere Agent\Naviagent.exe
O23 - Service: PrismXL - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Track-It!\PRISMXL.SYS
O23 - Service: ProLiant Performance Analyzer - HP - C:\Program Files\HP\Proliant Performance Analyzer\ppa.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Surveyor - Compaq Computer Corp. - C:\compaq\survey\Surveyor.EXE
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Compaq System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\system32\sysdown.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINNT\TIREMOTE\wuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:\WINNT\TIREMOTE\TIRemoteService.exe
O23 - Service: Win32sl - Intel - C:\DMI\Win32\bin\Win32sl.exe

--
End of file - 9592 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Gernuwa - c:\winnt\system32\drivers\gernuwa.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 AW_HOST - c:\winnt\system32\drivers\aw_host5.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 awlegacy - c:\winnt\system32\drivers\awlegacy.sys <Not Verified; Symantec Corporation; pcAnywhere>

S3 CNMPROT (Compaq Network Management Protocol Driver) - c:\winnt\system32\drivers\cnmprot.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Channel Deployer - c:\program files\common files\intuit\track-it!\channeldeploy.sys <Not Verified; Intuit, Inc.; Track-It! Software Family>
R2 CPQNicMgmt (Compaq NIC Agents) - c:\winnt\system32\cpqnimgt\cpqnimgt.exe <Not Verified; Compaq Computer Corp.; Compaq NIC Agents>
R2 CpqRcmc (Compaq Remote Monitor Service) - c:\winnt\system32\cpqrcmc.exe <Not Verified; Compaq; Compaq CpqRcmc>
R2 cpqvcagent (Compaq Version Control Agent) - c:\compaq\vcagent\vcagent.exe <Not Verified; Compaq Computer Corporation; Compaq Computer Corp. Web Based Version Control Agents>
R2 CpqWebMgmt (Compaq Web Agent) - c:\winnt\system32\cpqmgmt\cpqwmgmt.exe <Not Verified; HP Corporation; Web Agent>
R2 CqMgHost (Compaq Foundation Agents) - c:\winnt\system32\cpqmgmt\cqmghost\cqmghost.exe <Not Verified; Compaq Computer Corp.; Compaq Foundation Agents>
R2 CqMgServ (Compaq Server Agents) - c:\winnt\system32\cpqmgmt\cqmgserv\cqmgserv.exe <Not Verified; Compaq Computer Corp.; Compaq Server Agents>
R2 CqMgStor (Compaq Storage Agents) - c:\winnt\system32\cpqmgmt\cqmgstor\cqmgstor.exe <Not Verified; Compaq Computer Corp.; Compaq Storage Agents>
R2 Diskeeper - c:\program files\executive software\diskeeper\dkservice.exe <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>
R2 EmcPowMig (EMC PowerPath Migration Service 5.1.0) - "c:\program files\emc\powerpath\powmigsrvc.exe" <Not Verified; EMC Corporation; PowerPath 5.1>
R2 EmcPowSrv (EMC PowerPath Service 5.1.0) - "c:\program files\emc\powercommon\emcpowsrv.exe" <Not Verified; EMC Corporation; PowerPath 5.1>
R2 GxCVD(Instance001) (Galaxy Communications Service (Instance001)) - "c:\program files\commvault\galaxy\base\cvd.exe" -vm instance001 <Not Verified; CommVault Systems; CommVault Systems QiNetix>
R2 GxEvMgrC(Instance001) (Galaxy Client Event Manager (Instance001)) - "c:\program files\commvault\galaxy\base\evmgrc.exe" -vm instance001 <Not Verified; CommVault Systems; CommVault Systems QiNetix>
R2 MSSEARCH (Microsoft Search) - "c:\program files\common files\system\mssearch\bin\mssearch.exe" <Not Verified; Microsoft Corporation; PKM>
R2 Navisphere_Agent (Navisphere Agent) - c:\program files\emc\navisphere agent\naviagent.exe
R2 Surveyor - c:\compaq\survey\surveyor.exe <Not Verified; Compaq Computer Corp.; Compaq Survey Service for Microsoft® Windows NT™>
R2 TIRmtCtl (Track-It! Remote Control) - c:\winnt\tiremote\wuser32.exe <Not Verified; Intuit Track-It!; Intuit Track-It! Remote>
R2 TIRmtSvc (Track-It! Workstation Manager) - c:\winnt\tiremote\tiremoteservice.exe <Not Verified; Numara Software, Inc.; Track-It! 7.0>
R2 Win32sl - c:\dmi\win32\bin\win32sl.exe <Not Verified; Intel; DMI 2.0 SDK>

S2 ProLiant Performance Analyzer - c:\program files\hp\proliant performance analyzer\ppa.exe <Not Verified; HP; ProLiant Performance Analyzer>
S3 awhost32 (pcAnywhere Host Service) - c:\program files\symantec\pcanywhere\awhost32.exe <Not Verified; Symantec Corporation; pcAnywhere>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: COMPAQ SDX-400C SCSI Sequential Device
Device ID: SCSI\SEQUENTIAL&VEN_COMPAQ&PROD_SDX-400C&REV_3.0G\4&242F8F74&0&050
Manufacturer:
Name: COMPAQ SDX-400C SCSI Sequential Device
PNP Device ID: SCSI\SEQUENTIAL&VEN_COMPAQ&PROD_SDX-400C&REV_3.0G\4&242F8F74&0&050
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-15 05:00:00 256 --a------ C:\WINNT\Tasks\SHUTDOWN.job
2008-07-01 01:00:03 516 --a------ C:\WINNT\Tasks\SQLres.job


-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-30 16:54:09 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_620.dat
2008-07-30 16:47:06 61440 --a------ C:\s4j1v4x7t8b1.exe
2008-07-30 16:15:47 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_8b4.dat
2008-07-30 15:35:18 0 d-------- C:\WINNT\pss
2008-07-30 11:37:59 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_8f4.dat
2008-07-30 11:37:07 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_614.dat
2008-07-30 11:31:10 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_91c.dat
2008-07-30 11:22:19 0 d-------- C:\Program Files\Trend Micro
2008-07-30 11:11:38 0 d-a------ C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-30 10:40:20 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_910.dat
2008-07-30 10:39:24 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_630.dat
2008-07-29 11:41:55 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_780.dat
2008-07-29 11:41:04 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_618.dat
2008-07-29 11:37:04 104448 -r-hs---- C:\WINNT\system32\naPrdMg.exe
2008-07-29 11:32:08 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_8ec.dat
2008-07-29 11:32:07 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_798.dat
2008-07-29 11:31:16 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_610.dat
2008-07-28 09:09:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_8e0.dat
2008-07-28 09:08:09 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_604.dat
2008-07-28 07:57:38 105472 -r-hs---- C:\WINNT\system32\slvcm.exe
2008-07-28 07:57:38 0 d-------- C:\Program Files\KAZAA
2008-07-28 07:57:38 0 d-------- C:\My Downloads
2008-07-15 05:06:11 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_8e8.dat
2008-07-15 05:06:10 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_794.dat
2008-07-15 05:05:23 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_61c.dat
2008-07-02 14:36:17 19456 --a------ C:\WINNT\SHUTDOWN.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-07-30 16:55:23 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-30 16:55:01 17680 --a------ C:\WINNT\system32\tftp.exe
2008-07-30 16:55:01 39696 --a------ C:\WINNT\system32\FTP.EXE
2008-07-30 16:50:16 1110458 ---h----- C:\WINNT\ShellIconCache
2008-07-30 13:05:09 0 d-------- C:\Program Files\MyWay
2008-07-28 07:58:06 95024 --a------ C:\WINNT\system32\sfc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQTEAM"="cpqteam.exe" [04/09/03 01:17a C:\WINNT\system32\cpqteam.exe]
"Prism Deploy Client"="C:\Program Files\Track-It! Deploy\Client\PTClient.exe" [09/11/03 02:15p]
"Track-It! Workstation Manager Service Monitor"="C:\WINNT\TIREMOTE\TIServiceMonitor.exe" [01/31/07 11:57a]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/07/06 02:02p]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/17/06 07:34a]
"slvcm.exe"="C:\WINNT\system32\slvcm.exe" [07/28/08 07:57a]
"naPrdMg.exe"="C:\WINNT\system32\naPrdMg.exe" [07/29/08 11:37a]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/08 11:43a]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]
PowerPath Monitor.lnk - C:\Program Files\EMC\PowerCommon\EmcPowMon.exe [9/20/2007 11:01:32 AM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [7/5/2005 8:25:21 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ShowSuperHidden"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe %WINDIR%\system32\naPrdMg.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= FPNWCLNT RASSFM KDCSVC scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv Tapisrv




-- End of Deckard's System Scanner: finished at 2008-07-30 16:59:25 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Server (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® III CPU family 1133MHz
CPU 1: Intel® Pentium® III CPU family 1133MHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1279.53 MiB / 710.03 MiB
Pagefile Memory (total/avail): 3050.09 MiB / 2541.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1964 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 21.59 GiB total, 13.86 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 46.2 GiB total, 39.86 GiB free.
K: is Fixed (NTFS) - 200 GiB total, 122.48 GiB free.
W: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - COMPAQ LOGICAL VOLUME SCSI Disk Device - 67.83 GiB - 3 partitions
\PARTITION0 - Unknown - 35.84 MiB
\PARTITION1 (bootable) - Installable File System - 21.59 GiB - C:
\PARTITION2 - Installable File System - 46.2 GiB - E:

\\.\PHYSICALDRIVE1 - PowerDevice by PowerPath - 200 GiB - 1 partition
\PARTITION0 - Installable File System - 200 GiB - K:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
AUState says computer has updates disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator.PMANT1\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TMS_SERVER
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator.PMANT1
LOGONSERVER=\\PMASERV1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\Program Files\EMC\PowerPath\;C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\Symantec\pcAnywhere\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;c:\dmi\win32\bin;C:\MSSQL7\BINN;C:\Program Files\Executive Software\Diskeeper\;C:\Program Files\EMC\Navisphere CLI
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
powermig=C:\Program Files\EMC\PowerPath\
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 11 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0b01
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1.PMA\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.PMA\LOCALS~1\Temp
USERDNSDOMAIN=pmant1.local
USERDOMAIN=PMANT1
USERNAME=administrator
USERPROFILE=C:\Documents and Settings\Administrator.PMANT1
Win32DMIPath=C:\DMI\Win32
windir=C:\WINNT


-- User Profiles ---------------------------------------------------------------

Administrator (admin)
BillW (admin)
vincentj (admin)
emuseum (new local, net ready)
Administrator.PMANT1 (admin)


-- Add/Remove Programs ---------------------------------------------------------

Adobe Acrobat 5.0 --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
CommVault Systems File System iDataAgent (Instance001) --> MsiExec.exe /X{6196CE06-843A-4680-87E6-6AE4EBF31B0A}
CommVault Systems Microsoft SQL Server iDataAgent (Instance001) --> MsiExec.exe /X{50E5F067-C0C5-4BB1-8A06-0A9CCB753A27}
Compaq Management Agents --> C:\WINNT\System32\cpqmgmt\install.exe /r
Compaq Survey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42FF18A5-EE1C-11D3-825F-00805FD6C6D4}\setup.exe" UNINSTALL
Compaq Version Control Agent 1.0 --> C:\Compaq\vcagent\Uninstall.exe C:\Compaq\vcagent\vcagent.inf
Diskeeper Server Standard Edition --> MsiExec.exe /X{806FC371-84F6-42BD-8CE3-AFC338C5591C}
EasyRecovery Professional --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A8BB9906-E618-406A-B161-7383AFF46C39} /l1033
EMC PowerPath 5.1.0 (32bit) --> MsiExec.exe /I{CEF40DC4-70B6-4EEA-9715-FF27D3912CF8}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\winnt\googletoolbar3.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Array Configuration Utility --> C:\Program Files\Compaq\Cpqacuxe\hpuninst.exe
HP StorageWorks Library And Tape Tools --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EFD6AEDA-AD95-4A68-862C-FBABA8C3EE4D} uninstall
Java 2 Runtime Environment Standard Edition v1.2.2 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.2\Uninst.isu"
Java 2 Runtime Environment Standard Edition v1.3.1_02 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.0_01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CF31609-270B-11D6-9445-000102308676}\Setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\Setup.exe"
Java 2 SDK, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7915B05-FC28-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
Kazaa Media Desktop 2.5.1 --> RunDll32 C:\WINNT\system32\cd_clint.dll,ServiceRunDll u_329 "{4C560D9B-BEA0-4098-ADE2-28576DF8CA8B}"
LiveAdvisor (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveAdvisor\VcSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\PROGRA~1\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office XP Web Components --> MsiExec.exe /I{90260409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2000 --> C:\WINNT\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\MSSQL\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\MSSQL\sqlsun.dll" -msql.mif i=MSSQLSERVER
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Navisphere Agent --> "C:\Program Files\EMC\Navisphere Agent\Uninstall_agent_6.26.5.0.95\uninstall_agent_6.26.5.0.95.exe"
Navisphere CLI 6.26.5.0.95 --> "C:\Program Files\EMC\Navisphere CLI\Uninstall_Navisphere CLI\Uninstall Navisphere CLI 6.26.5.0.95.exe"
Proliant Performance Analyzer --> C:\WINNT\ISUNINST.EXE -f"C:\Program Files\HP\Proliant Performance Analyzer\Uninst.isu" -c"C:\Program Files\HP\Proliant Performance Analyzer\unset.dll"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sun ONE Studio 4 update 1, Community Edition --> C:\Program Files\s1studio_jdk\s1studio\_uninst\uninstaller.exe
SupportNow --> C:\WINNT\IsUninst.exe -f"C:\Program Files\SupportNow\Uninst.isu" -c"C:\Program Files\Common Files\Opsession\SupportNow\uninstall.dll
Symantec AntiVirus --> MsiExec.exe /I{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}
Symantec pcAnywhere --> MsiExec.exe /I{A05E8183-866A-11D3-97DF-0000F8D8F2E9}
The Museum System 9.20 --> MsiExec.exe /X{A55DE345-2252-11D6-810E-0003471F7BBF}
The Raiser's Edge 7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3ED92977-5FCD-11D3-9293-00104BD34E29}\setup.exe"
Track-It! 7.0 Technician Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA6D7CBF-4D30-4721-86CF-5599752136C9}\setup.exe" -l0x9 /remove
UniVerse ODBC Client 3.6.1 --> C:\WINNT\uninst.exe -fC:\UV\UVODBC\DeIsL1.isu
VERITAS Backup Exec for Windows Servers --> C:\WINNT\Installer\{201E698C-B88E-41AE-8C46-3BBACADCD6E7}\setup.exe /X
VERITAS Backup Exec Remote Agent for Windows Servers --> MsiExec.exe /I{5E98EE22-F59B-4ED0-82BE-010A6F886C3E}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-07-30 16:59:25 ------------

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:58 PM

Posted 30 July 2008 - 09:03 PM

Hello pmahelpdesk,

Welcome to Bleeping Computer :thumbsup:

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Could I please see an uninstall list?

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 pmahelpdesk

pmahelpdesk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 31 July 2008 - 11:03 AM

We ran the malware program which removed the spyware but it keeps coming back. windows server 2000 is the OS

This is the new log file after running it again.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:30 AM, on 7/31/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys
C:\WINNT\System32\CpqRcmc.exe
C:\Program Files\Track-It! Deploy\Client\PTClient.exe
C:\Compaq\vcagent\vcagent.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\EMC\PowerPath\PowMigSrvc.exe
C:\Program Files\EMC\PowerCommon\EmcPowSrv.exe
C:\Program Files\CommVault\Galaxy\Base\cvd.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\EMC\Navisphere Agent\Naviagent.exe
C:\Program Files\Common Files\Intuit\Track-It!\PRISMXL.SYS
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\compaq\survey\Surveyor.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\TIREMOTE\wuser32.exe
C:\WINNT\TIREMOTE\TIRemoteService.exe
C:\DMI\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
C:\WINNT\System32\CPQNiMgt\CPQNIMGT.EXE
C:\WINNT\system32\cpqmgmt\CqMgServ\CqMgServ.EXE
C:\WINNT\system32\cpqmgmt\cqmgstor\cqmgstor.exe
C:\WINNT\system32\Dfssvc.exe
C:\Program Files\CommVault\Galaxy\Base\evmgrc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINNT\system32\sysdown.exe
C:\WINNT\system32\cpqmgmt\CqMgHost\CQMGHOST.EXE
C:\WINNT\System32\CPQMGMT\CPQWMGMT.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\ashDsp.exe
C:\WINNT\system32\cpqteam.exe
C:\WINNT\TIREMOTE\TIServiceMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Track-It! Deploy\Client\PTClient.exe
C:\Program Files\EMC\PowerCommon\EmcPowMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINNT\system32\logon.scr
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\cpqteam.exe
C:\WINNT\TIREMOTE\TIServiceMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ashDsp.exe
C:\Program Files\EMC\PowerCommon\EmcPowMon.exe
C:\Program Files\Track-It! Deploy\Client\PTClient.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\4j1v4x7t86b1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eventid.net/
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\ashDsp.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar3.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar3.dll
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [Prism Deploy Client] "C:\Program Files\Track-It! Deploy\Client\PTClient.exe" /Subscriber
O4 - HKLM\..\Run: [Track-It! Workstation Manager Service Monitor] C:\WINNT\TIREMOTE\TIServiceMonitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ashDsp.exe] C:\WINNT\system32\ashDsp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPath Monitor.lnk = C:\Program Files\EMC\PowerCommon\EmcPowMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1_02) - https://is-v174h3p7apuw:50000/ui/classes/j2..._1_02-win-i.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pmant1.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{F76F00C9-FF72-4033-A800-58424DF298B0}: NameServer = 192.168.10.80
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pmant1.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pmant1.local
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Channel Deployer - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Track-It!\ChannelDeploy.sys
O23 - Service: Compaq NIC Agents (CPQNicMgmt) - Compaq Computer Corp. - C:\WINNT\System32\CPQNiMgt\CPQNIMGT.EXE
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.exe
O23 - Service: Compaq Version Control Agent (cpqvcagent) - Compaq Computer Corporation - C:\Compaq\vcagent\vcagent.exe
O23 - Service: Compaq Web Agent (CpqWebMgmt) - HP Corporation - C:\WINNT\System32\CPQMGMT\CPQWMGMT.EXE
O23 - Service: Compaq Foundation Agents (CqMgHost) - Compaq Computer Corp. - C:\WINNT\system32\cpqmgmt\CqMgHost\CQMGHOST.EXE
O23 - Service: Compaq Server Agents (CqMgServ) - Compaq Computer Corp. - C:\WINNT\system32\cpqmgmt\CqMgServ\CqMgServ.EXE
O23 - Service: Compaq Storage Agents (CqMgStor) - Compaq Computer Corp. - C:\WINNT\system32\cpqmgmt\cqmgstor\cqmgstor.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EMC PowerPath Migration Service 5.1.0 (EmcPowMig) - EMC Corporation - C:\Program Files\EMC\PowerPath\PowMigSrvc.exe
O23 - Service: EMC PowerPath Service 5.1.0 (EmcPowSrv) - EMC Corporation - C:\Program Files\EMC\PowerCommon\EmcPowSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Galaxy Communications Service (Instance001) (GxCVD(Instance001)) - CommVault Systems - C:\Program Files\CommVault\Galaxy\Base\cvd.exe
O23 - Service: Galaxy Client Event Manager (Instance001) (GxEvMgrC(Instance001)) - CommVault Systems - C:\Program Files\CommVault\Galaxy\Base\evmgrc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Navisphere Agent (Navisphere_Agent) - Unknown owner - C:\Program Files\EMC\Navisphere Agent\Naviagent.exe
O23 - Service: PrismXL - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Track-It!\PRISMXL.SYS
O23 - Service: ProLiant Performance Analyzer - HP - C:\Program Files\HP\Proliant Performance Analyzer\ppa.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Surveyor - Compaq Computer Corp. - C:\compaq\survey\Surveyor.EXE
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Compaq System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\system32\sysdown.exe
O23 - Service: Track-It! Remote Control (TIRmtCtl) - Intuit Track-It! - C:\WINNT\TIREMOTE\wuser32.exe
O23 - Service: Track-It! Workstation Manager (TIRmtSvc) - Numara Software, Inc. - C:\WINNT\TIREMOTE\TIRemoteService.exe
O23 - Service: Win32sl - Intel - C:\DMI\Win32\bin\Win32sl.exe

--
End of file - 10202 bytes

#4 pmahelpdesk

pmahelpdesk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:58 PM

Posted 31 July 2008 - 11:05 AM

THis is the uninstall list



Adobe Acrobat 5.0
CommVault Systems File System iDataAgent (Instance001)
CommVault Systems Microsoft SQL Server iDataAgent (Instance001)
Compaq Management Agents
Compaq Survey Utility
Compaq Version Control Agent 1.0
Diskeeper Server Standard Edition
EasyRecovery Professional
EMC PowerPath 5.1.0 (32bit)
Google Toolbar for Internet Explorer
HijackThis 2.0.2
HP Array Configuration Utility
HP StorageWorks Library And Tape Tools
Java 2 Runtime Environment Standard Edition v1.2.2
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 2 Runtime Environment, SE v1.4.0_01
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 SDK, SE v1.4.1_02
Java Web Start
Kazaa Media Desktop 2.5.1
LiveAdvisor (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft Internet Explorer 6 SP1
Microsoft Office 2000 Premium
Microsoft Office XP Web Components
Microsoft SQL Server 2000
Microsoft Visual C++ 2005 Redistributable
Navisphere Agent
Navisphere CLI 6.26.5.0.95
Prevx CSI
Proliant Performance Analyzer
Spybot - Search & Destroy
Sun ONE Studio 4 update 1, Community Edition
SupportNow
Symantec AntiVirus
Symantec pcAnywhere
The Museum System 9.20
The Raiser's Edge 7
Track-It! 7.0 Technician Client
UniVerse ODBC Client 3.6.1
VERITAS Backup Exec for Windows Servers
VERITAS Backup Exec Remote Agent for Windows Servers
Windows 2000 Hotfix - KB823559
Windows Installer 3.1 (KB893803)
WinRAR archiver
WinZip

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:58 PM

Posted 31 July 2008 - 03:16 PM

Hello,

I asked for the report. Could I see it please? :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:58 PM

Posted 08 August 2008 - 01:26 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users