Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cleaned Trojan.BHO and found xwreg32.dll. What else is here?


  • This topic is locked This topic is locked
13 replies to this topic

#1 LissaNY

LissaNY

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 03 August 2009 - 02:37 PM

Microsoft Windows XP Professional Version 5.1.2600
Internet Explorer 7.0


Hello there. Yesterday I started getting a browser redirect and popups. The browser redirect that started happening at the same time was taking me to searchoye{dot}com and cs102175{dot}com, and opens multiple instances of IE in Task Manager Processes. I also had 5 websites keep reappearing in my IE approved pop-up list. I would delete and they would reappear the next time I started IE. The 5 websites that kept reappearing in my allowed sites are (commas to keep them from hyperlinking):

ads,arcade-hq,com
ads,quixsurf,com
ox,arcade-hq,com
www,arcadehq,com
www,arcade-hq,com

I ran Malwarebytes full scan in safe mode and in regular mode, and it found 8 infected files listed at Trojan.BHO. Let Malwarebytes clean it, rescanned again with no further results. Popups and redirects stopped, and the sites no longer keep appearing in my approved pop-up list. However, I still am getting multiple instances of iexplore.exe in the background, even when I don't have a browser open (on occasion up to 8, but mostly 2-3). I have looked around on this website, and I have found that that is often the first sign of a trojan.

Also, I have run a Hijack This scan, and I am not seeing anything unusual other than O18 - Filter hijack: text/html - {05aecc65-fd32-4258-be79-0fbad009029d} - (no file). This was calling for xwreg32.dll. I researched this on your site, and saw that it was a trojan, and tried having Hijackthis remove it, but it kept coming back. I manually deleted the dll, and deleted a registry item pointing to it.

Can you help me figure out if there is anything else on here? This is our business computer, so there could potentially be some serious privacy issues at stake here.

Thank you,
Melissa

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:06:47 AM

Posted 13 August 2009 - 01:50 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#3 LissaNY

LissaNY
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 13 August 2009 - 07:34 AM

Thank you for getting back to me. I can only imagine how busy you all are, and I appreciate your being here. I have not had any other wierd popups or anything. Things seem to be running smoothly as far as I can tell, but since this is our business computer, I would feel better knowing that the system is clean. Here is the DDS as requested:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 8:22:56.62 on Thu 08/13/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2014.1372 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\ArchestrA\aaLogger.exe
C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe
C:\Program Files\Common Files\ArchestrA\NTServApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\Intellution\iLicenseSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\GE Fanuc\Proficy Machine Edition\Proficy Event Logger\LoggingService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\ArchestrA\slssvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\MSTMON_S.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Administrator\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lockettandassociates.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080104
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=oI_DjAM2Uinz2e3f10FL137_y6w
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\tsi32\tsircusr.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [UIUCU] c:\docume~1\admini~1\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [KONICA MINOLTA magicolor 2400W STD] c:\windows\system32\MSTMON_S.EXE STARTUP
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CimSync] "c:\program files\ge fanuc\proficy cimplicity\exe\cimsync.exe" /autostart
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: amica.com
Trusted Zone: mycheckfree.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/54.13/uploader2.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.laplink.com/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {9FD0B466-9971-4D62-9100-FBBCB5A59066} = 10.0.0.2
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 tsircmir;LapLink Mirror Driver Miniport;c:\windows\system32\drivers\tsircmir.sys [2008-3-3 2816]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 LoggingService;Proficy Log Server;c:\program files\ge fanuc\proficy machine edition\proficy event logger\LoggingService.exe [2008-4-1 143360]
R2 MSSQL$CIMPLICITY;SQL Server (CIMPLICITY);c:\program files\ge fanuc\proficy cimplicity\mssql.1\mssql\binn\sqlservr.exe [2006-4-14 28933976]
R2 TrapiServer;Trapi File Server;c:\program files\ge fanuc\proficy machine edition\common\components\nt\TrapiServer.exe [2008-4-8 102400]
R2 TSISER;TSISER;c:\windows\system32\drivers\tsiser.sys [2008-3-3 43040]
R2 TSISTRMX;Traveling Software Stream Driver;c:\windows\system32\drivers\TSISTRMX.SYS [2008-3-3 5120]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 ikbf5;GE Fanuc Keyboard Class Upper Filter Driver;c:\windows\system32\drivers\ikbf5.sys [2009-3-24 11688]
R3 TSIKBF5;Traveling Software Keyboard Filter Driver;c:\windows\system32\drivers\TSIKBF5.sys [2008-3-3 9728]
R3 TSIMSF5;Traveling Software Mouse Filter Driver;c:\windows\system32\drivers\TSIMSF5.sys [2008-3-3 5632]
S1 TSIRCINK;Traveling Software Install Driver;c:\windows\system32\drivers\TSIRCINK.SYS [2008-3-3 9216]
S3 CIMPLICITY Advanced Viewer;CIMPLICITY Advanced Viewer;c:\program files\ge fanuc\proficy cimplicity\exe\ptopc.exe [2009-3-24 249856]
S3 CIMPLICITY;CIMPLICITY HMI Service;c:\windows\system32\cimplicity.exe [2009-3-24 21504]
S3 CimplicityViewConnectionService;CimplicityViewConnectionService;c:\program files\ge fanuc\proficy cimplicity\exe\CimplicityViewConnectionService.exe [2009-3-24 151552]
S3 EGD Service;EGD Service;c:\windows\egdservice.exe [2009-3-24 47616]
S3 GefVCRService;GefVCRService;c:\program files\ge fanuc\proficy cimplicity\exe\GefVCRService.exe [2009-3-24 241664]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-4 29744]
S3 OPCAECOLLECTOR1;Proficy Historian OPC AE Collector CIMPLICITY.HMI.AESvr.1;c:\program files\ge fanuc\proficy server\historian\server\ihOPCAECollector.exe [2009-3-24 528384]
S3 OPCCOLLECTOR1;Proficy Historian OPC Collector CIMPLICITY.HMI.OPCServer;c:\program files\ge fanuc\proficy server\historian\server\ihOPCCollector.exe [2009-3-24 544768]
S3 Proficy Driver Runtime;Proficy Driver Runtime;c:\program files\ge fanuc\proficy machine edition\fxview\runtime\proficydrivers\win32\GefPdfOpc.exe [2006-11-24 192512]
S3 WEBVIEW;CIMPLICITY WebView/ThinView Service;c:\windows\system32\CIMWebViewService.exe [2009-3-24 18944]

=============== Created Last 30 ================

2009-08-01 17:58 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-08-01 17:58 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-01 17:58 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-01 17:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 17:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-29 20:36 40,960 a------- c:\windows\system32\VPN.dll
2009-07-29 20:36 <DIR> --d----- c:\program files\Linksys

==================== Find3M ====================

2009-05-12 11:20 100,800 a------- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 8:23:06.73 ===============

Attached Files



#4 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:06:47 AM

Posted 13 August 2009 - 02:29 PM

Hello LissaNY,

Welcome to Bleeping Computer.

My name is Tokek and I will be helping you with your Malware problem.

I apologize for the delay in replying to your post, the forum have been extremely busy.

There may be a delay in my response to your posts as I am still currently in training. I will be helping you with supervision of the teachers and they will approve every posts before I present them to you.

Please make no further changes or run any other tools unless instructed to. This may hinder the cleaning of your machine.

Please give me some time to look over your log, I will post the reply as soon as they are approved.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#5 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:06:47 AM

Posted 13 August 2009 - 07:46 PM

Hello LissaNY,

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode


Please reply with a new DDS log and GMER log.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#6 LissaNY

LissaNY
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 14 August 2009 - 10:28 AM

GMER 1.0.15.15020 [GMER.exe] - http://www.gmer.net
Rootkit scan 2009-08-14 11:25:26
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\KONICA MINOLTA magicolor 2400W@ChangeID 306179125

---- EOF - GMER 1.0.15 ----





DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 11:27:22.07 on Fri 08/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2014.1302 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\ArchestrA\aaLogger.exe
C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe
C:\Program Files\Common Files\ArchestrA\NTServApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\Intellution\iLicenseSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\GE Fanuc\Proficy Machine Edition\Proficy Event Logger\LoggingService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\ArchestrA\slssvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\MSTMON_S.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lockettandassociates.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080104
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=oI_DjAM2Uinz2e3f10FL137_y6w
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\tsi32\tsircusr.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [UIUCU] c:\docume~1\admini~1\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [KONICA MINOLTA magicolor 2400W STD] c:\windows\system32\MSTMON_S.EXE STARTUP
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CimSync] "c:\program files\ge fanuc\proficy cimplicity\exe\cimsync.exe" /autostart
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: amica.com
Trusted Zone: mycheckfree.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/54.13/uploader2.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.laplink.com/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {9FD0B466-9971-4D62-9100-FBBCB5A59066} = 10.0.0.2
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 tsircmir;LapLink Mirror Driver Miniport;c:\windows\system32\drivers\tsircmir.sys [2008-3-3 2816]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 LoggingService;Proficy Log Server;c:\program files\ge fanuc\proficy machine edition\proficy event logger\LoggingService.exe [2008-4-1 143360]
R2 MSSQL$CIMPLICITY;SQL Server (CIMPLICITY);c:\program files\ge fanuc\proficy cimplicity\mssql.1\mssql\binn\sqlservr.exe [2006-4-14 28933976]
R2 TrapiServer;Trapi File Server;c:\program files\ge fanuc\proficy machine edition\common\components\nt\TrapiServer.exe [2008-4-8 102400]
R2 TSISER;TSISER;c:\windows\system32\drivers\tsiser.sys [2008-3-3 43040]
R2 TSISTRMX;Traveling Software Stream Driver;c:\windows\system32\drivers\TSISTRMX.SYS [2008-3-3 5120]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 ikbf5;GE Fanuc Keyboard Class Upper Filter Driver;c:\windows\system32\drivers\ikbf5.sys [2009-3-24 11688]
R3 TSIKBF5;Traveling Software Keyboard Filter Driver;c:\windows\system32\drivers\TSIKBF5.sys [2008-3-3 9728]
R3 TSIMSF5;Traveling Software Mouse Filter Driver;c:\windows\system32\drivers\TSIMSF5.sys [2008-3-3 5632]
S1 TSIRCINK;Traveling Software Install Driver;c:\windows\system32\drivers\TSIRCINK.SYS [2008-3-3 9216]
S3 CIMPLICITY Advanced Viewer;CIMPLICITY Advanced Viewer;c:\program files\ge fanuc\proficy cimplicity\exe\ptopc.exe [2009-3-24 249856]
S3 CIMPLICITY;CIMPLICITY HMI Service;c:\windows\system32\cimplicity.exe [2009-3-24 21504]
S3 CimplicityViewConnectionService;CimplicityViewConnectionService;c:\program files\ge fanuc\proficy cimplicity\exe\CimplicityViewConnectionService.exe [2009-3-24 151552]
S3 EGD Service;EGD Service;c:\windows\egdservice.exe [2009-3-24 47616]
S3 GefVCRService;GefVCRService;c:\program files\ge fanuc\proficy cimplicity\exe\GefVCRService.exe [2009-3-24 241664]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-4 29744]
S3 OPCAECOLLECTOR1;Proficy Historian OPC AE Collector CIMPLICITY.HMI.AESvr.1;c:\program files\ge fanuc\proficy server\historian\server\ihOPCAECollector.exe [2009-3-24 528384]
S3 OPCCOLLECTOR1;Proficy Historian OPC Collector CIMPLICITY.HMI.OPCServer;c:\program files\ge fanuc\proficy server\historian\server\ihOPCCollector.exe [2009-3-24 544768]
S3 Proficy Driver Runtime;Proficy Driver Runtime;c:\program files\ge fanuc\proficy machine edition\fxview\runtime\proficydrivers\win32\GefPdfOpc.exe [2006-11-24 192512]
S3 WEBVIEW;CIMPLICITY WebView/ThinView Service;c:\windows\system32\CIMWebViewService.exe [2009-3-24 18944]

=============== Created Last 30 ================

2009-08-01 17:58 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-08-01 17:58 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-01 17:58 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-01 17:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 17:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-29 20:36 40,960 a------- c:\windows\system32\VPN.dll
2009-07-29 20:36 <DIR> --d----- c:\program files\Linksys

==================== Find3M ====================

2009-05-12 11:20 100,800 a------- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 11:27:26.60 ===============

Attached Files



#7 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:06:47 AM

Posted 14 August 2009 - 01:27 PM

Hello LissaNY,

Do you have any Anti Virus program installed on your PC? I don't see any listed.


Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Posted Image


Please reply with the Kaspersky log and a new DDS log.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#8 LissaNY

LissaNY
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 14 August 2009 - 04:43 PM

KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, August 14, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 14, 2009 20:30:31
Records in database: 2627311


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics
Objects scanned 160057
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 02:01:55

No threats found. Scanned area is clean.
Selected area has been scanned.
_____________________________________



DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 17:41:36.18 on Fri 08/14/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2014.1196 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\ArchestrA\aaLogger.exe
C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe
C:\Program Files\Common Files\ArchestrA\NTServApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\Intellution\iLicenseSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\GE Fanuc\Proficy Machine Edition\Proficy Event Logger\LoggingService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\ArchestrA\slssvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\MSTMON_S.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jkos-Administrator\binaries\ScanningProcess.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lockettandassociates.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080104
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=oI_DjAM2Uinz2e3f10FL137_y6w
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\tsi32\tsircusr.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [UIUCU] c:\docume~1\admini~1\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [KONICA MINOLTA magicolor 2400W STD] c:\windows\system32\MSTMON_S.EXE STARTUP
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CimSync] "c:\program files\ge fanuc\proficy cimplicity\exe\cimsync.exe" /autostart
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat

5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat

7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk

shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft

office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common

files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql

server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: amica.com
Trusted Zone: mycheckfree.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/54.13/uploader2.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.laplink.com/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {9FD0B466-9971-4D62-9100-FBBCB5A59066} = 10.0.0.2
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks

2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 tsircmir;LapLink Mirror Driver Miniport;c:\windows\system32\drivers\tsircmir.sys [2008-3-3 2816]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 LoggingService;Proficy Log Server;c:\program files\ge fanuc\proficy machine edition\proficy event

logger\LoggingService.exe [2008-4-1 143360]
R2 MSSQL$CIMPLICITY;SQL Server (CIMPLICITY);c:\program files\ge fanuc\proficy cimplicity\mssql.1\mssql\binn\sqlservr.exe

[2006-4-14 28933976]
R2 TrapiServer;Trapi File Server;c:\program files\ge fanuc\proficy machine edition\common\components\nt\TrapiServer.exe

[2008-4-8 102400]
R2 TSISER;TSISER;c:\windows\system32\drivers\tsiser.sys [2008-3-3 43040]
R2 TSISTRMX;Traveling Software Stream Driver;c:\windows\system32\drivers\TSISTRMX.SYS [2008-3-3 5120]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 ikbf5;GE Fanuc Keyboard Class Upper Filter Driver;c:\windows\system32\drivers\ikbf5.sys [2009-3-24 11688]
R3 TSIKBF5;Traveling Software Keyboard Filter Driver;c:\windows\system32\drivers\TSIKBF5.sys [2008-3-3 9728]
R3 TSIMSF5;Traveling Software Mouse Filter Driver;c:\windows\system32\drivers\TSIMSF5.sys [2008-3-3 5632]
S1 TSIRCINK;Traveling Software Install Driver;c:\windows\system32\drivers\TSIRCINK.SYS [2008-3-3 9216]
S3 CIMPLICITY Advanced Viewer;CIMPLICITY Advanced Viewer;c:\program files\ge fanuc\proficy cimplicity\exe\ptopc.exe

[2009-3-24 249856]
S3 CIMPLICITY;CIMPLICITY HMI Service;c:\windows\system32\cimplicity.exe [2009-3-24 21504]
S3 CimplicityViewConnectionService;CimplicityViewConnectionService;c:\program files\ge fanuc\proficy

cimplicity\exe\CimplicityViewConnectionService.exe [2009-3-24 151552]
S3 EGD Service;EGD Service;c:\windows\egdservice.exe [2009-3-24 47616]
S3 GefVCRService;GefVCRService;c:\program files\ge fanuc\proficy cimplicity\exe\GefVCRService.exe [2009-3-24 241664]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\google\google desktop

search\GoogleDesktop.exe [2008-1-4 29744]
S3 OPCAECOLLECTOR1;Proficy Historian OPC AE Collector CIMPLICITY.HMI.AESvr.1;c:\program files\ge fanuc\proficy

server\historian\server\ihOPCAECollector.exe [2009-3-24 528384]
S3 OPCCOLLECTOR1;Proficy Historian OPC Collector CIMPLICITY.HMI.OPCServer;c:\program files\ge fanuc\proficy

server\historian\server\ihOPCCollector.exe [2009-3-24 544768]
S3 Proficy Driver Runtime;Proficy Driver Runtime;c:\program files\ge fanuc\proficy machine

edition\fxview\runtime\proficydrivers\win32\GefPdfOpc.exe [2006-11-24 192512]
S3 WEBVIEW;CIMPLICITY WebView/ThinView Service;c:\windows\system32\CIMWebViewService.exe [2009-3-24 18944]

=============== Created Last 30 ================

2009-08-01 17:58 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-08-01 17:58 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-01 17:58 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-01 17:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 17:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-29 20:36 40,960 a------- c:\windows\system32\VPN.dll
2009-07-29 20:36 <DIR> --d----- c:\program files\Linksys

==================== Find3M ====================

2009-05-12 11:20 100,800 a------- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 17:41:54.54 ===============

Attached Files



#9 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:06:47 AM

Posted 15 August 2009 - 12:04 AM

Hello LisaNY,

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Please reply with an updated DDS log.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#10 LissaNY

LissaNY
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 16 August 2009 - 07:33 PM

I am sorry - I was away for the weekend, and have not gotten a chance to follow the next step of the instructions. I will try to update the Java & repost DDS sometime tomorrow. Just wanted to let you know so that you didn't think the thread had been dropped. Thank you again for your help.

#11 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:06:47 AM

Posted 17 August 2009 - 01:00 AM

No worries.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#12 LissaNY

LissaNY
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:47 AM

Posted 23 August 2009 - 04:30 PM

Hi there. I have been busy with family issues, and happened to remember this ongoing post. I have not had much time to be on the computer, and probably won't for a little while.

Other than the updated Java issue, did you see anything else of note that I should be aware of from previous scans/posts?

Thank you for your help.

-Melissa


DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 17:28:15.59 on Sun 08/23/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2014.1350 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TSI32\tsircusr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\MSTMON_S.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\ArchestrA\aaLogger.exe
C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\GE Fanuc\Proficy Common\Proficy Common Licensing\CCFLIC0.exe
C:\Program Files\Common Files\ArchestrA\NTServApp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\Intellution\iLicenseSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\GE Fanuc\Proficy Machine Edition\Proficy Event Logger\LoggingService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\ArchestrA\slssvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\GE Fanuc\Proficy Machine Edition\Common\Components\NT\trapiserver.exe
C:\WINDOWS\System32\TSIRCSRV.EXE
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\msmoney.exe
D:\Lockett Family\MELISSA\Virus Protection\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lockettandassociates.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080104
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=oI_DjAM2Uinz2e3f10FL137_y6w
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\tsi32\tsircusr.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [UIUCU] c:\docume~1\admini~1\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [KONICA MINOLTA magicolor 2400W STD] c:\windows\system32\MSTMON_S.EXE STARTUP
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CimSync] "c:\program files\ge fanuc\proficy cimplicity\exe\cimsync.exe" /autostart
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat

5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat

7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk

shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft

office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common

files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql

server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: amica.com
Trusted Zone: mycheckfree.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/54.13/uploader2.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.laplink.com/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {9FD0B466-9971-4D62-9100-FBBCB5A59066} = 10.0.0.2
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks

2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 tsircmir;LapLink Mirror Driver Miniport;c:\windows\system32\drivers\tsircmir.sys [2008-3-3 2816]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 LoggingService;Proficy Log Server;c:\program files\ge fanuc\proficy machine edition\proficy event

logger\LoggingService.exe [2008-4-1 143360]
R2 MSSQL$CIMPLICITY;SQL Server (CIMPLICITY);c:\program files\ge fanuc\proficy cimplicity\mssql.1\mssql\binn\sqlservr.exe

[2006-4-14 28933976]
R2 TrapiServer;Trapi File Server;c:\program files\ge fanuc\proficy machine edition\common\components\nt\TrapiServer.exe

[2008-4-8 102400]
R2 TSISER;TSISER;c:\windows\system32\drivers\tsiser.sys [2008-3-3 43040]
R2 TSISTRMX;Traveling Software Stream Driver;c:\windows\system32\drivers\TSISTRMX.SYS [2008-3-3 5120]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 ikbf5;GE Fanuc Keyboard Class Upper Filter Driver;c:\windows\system32\drivers\ikbf5.sys [2009-3-24 11688]
R3 TSIKBF5;Traveling Software Keyboard Filter Driver;c:\windows\system32\drivers\TSIKBF5.sys [2008-3-3 9728]
R3 TSIMSF5;Traveling Software Mouse Filter Driver;c:\windows\system32\drivers\TSIMSF5.sys [2008-3-3 5632]
S1 TSIRCINK;Traveling Software Install Driver;c:\windows\system32\drivers\TSIRCINK.SYS [2008-3-3 9216]
S3 CIMPLICITY Advanced Viewer;CIMPLICITY Advanced Viewer;c:\program files\ge fanuc\proficy cimplicity\exe\ptopc.exe

[2009-3-24 249856]
S3 CIMPLICITY;CIMPLICITY HMI Service;c:\windows\system32\cimplicity.exe [2009-3-24 21504]
S3 CimplicityViewConnectionService;CimplicityViewConnectionService;c:\program files\ge fanuc\proficy

cimplicity\exe\CimplicityViewConnectionService.exe [2009-3-24 151552]
S3 EGD Service;EGD Service;c:\windows\egdservice.exe [2009-3-24 47616]
S3 GefVCRService;GefVCRService;c:\program files\ge fanuc\proficy cimplicity\exe\GefVCRService.exe [2009-3-24 241664]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\google\google desktop

search\GoogleDesktop.exe [2008-1-4 29744]
S3 OPCAECOLLECTOR1;Proficy Historian OPC AE Collector CIMPLICITY.HMI.AESvr.1;c:\program files\ge fanuc\proficy

server\historian\server\ihOPCAECollector.exe [2009-3-24 528384]
S3 OPCCOLLECTOR1;Proficy Historian OPC Collector CIMPLICITY.HMI.OPCServer;c:\program files\ge fanuc\proficy

server\historian\server\ihOPCCollector.exe [2009-3-24 544768]
S3 Proficy Driver Runtime;Proficy Driver Runtime;c:\program files\ge fanuc\proficy machine

edition\fxview\runtime\proficydrivers\win32\GefPdfOpc.exe [2006-11-24 192512]
S3 WEBVIEW;CIMPLICITY WebView/ThinView Service;c:\windows\system32\CIMWebViewService.exe [2009-3-24 18944]

=============== Created Last 30 ================

2009-08-01 17:58 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-08-01 17:58 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-01 17:58 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-01 17:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 17:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-29 20:36 40,960 a------- c:\windows\system32\VPN.dll
2009-07-29 20:36 <DIR> --d----- c:\program files\Linksys

==================== Find3M ====================

2009-05-12 11:20 100,800 a------- c:\docume~1\admini~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 17:28:27.39 ===============

Attached Files



#13 Tokek

Tokek

    Bleepin' Gecko


  • Members
  • 1,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jakarta, Indonesia
  • Local time:06:47 AM

Posted 23 August 2009 - 07:58 PM

I also don't see an anti virus running on your system, please correct me if I'm wrong on that one.
If I have not replied back to your post in 3 days, please send me a PM.

Posted Image

#14 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:47 PM

Posted 04 September 2009 - 04:33 PM

As there has been no reply for over a week, this topic is now closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users