Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP!! Malware attack


  • Please log in to reply
1 reply to this topic

#1 jay_mnit

jay_mnit

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 12 July 2010 - 04:20 PM

Hi.

It all started with the AV Security suite pop up ...then it went to the google redirect virus..Now i have removed them but my computer gets stuck up in normal mode and works only in safe mode...Please help..i am desperate... sad.gif


please find my hikackthis log attahced below..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:49:46, on 13/07/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra73.exe,
O1 - Hosts: 130.103.196.17 au02uap001btox2 au02uap001 au02uap001btox2.ibm.com au02uap001.ibm.com
O1 - Hosts: 130.103.196.42 au02uap002btox2 au02uap002 au02uap002btox2.ibm.com au02uap002.ibm.com
O1 - Hosts: 130.103.196.43 au02uap003btox2 au02uap003 au02uap003btox2.ibm.com au02uap003.ibm.com au02uap003btox2.ap.umi.ibm.com
O1 - Hosts: 130.103.196.44 au02uap004btox2 au02uap004 au02uap004btox2.ibm.com au02uap004.ibm.com
O1 - Hosts: 130.103.196.36 au02udb001btox2 au02udb001 au02udb001btox2.ibm.com au02udb001.ibm.com
O1 - Hosts: 130.103.196.41 au02udb002btox2 au02udb002 au02udb002btox2.ibm.com au02udb002.ibm.com
O1 - Hosts: 130.103.242.67 au05uap001btox2 au05uap001btox2.ap.umi.ibm.com
O1 - Hosts: 202.81.19.65 sctprxd01 sctmailhost sctprxd01.supplychain.telstra.com sctmailhost.supplychain.telstra.com
O1 - Hosts: 203.37.164.235 sctprxd01.tunnel sctmailhost.tunnel
O1 - Hosts: 130.103.242.70 au05uap002btox2 au05uap002btox2.ap.umi.ibm.com
O1 - Hosts: 202.81.19.67 sctrptd01 sctldap sctsecd01 sctrptd01.supplychain.telstra.com sctldap.supplychain.telstra.com
O1 - Hosts: 172.31.242.139 sctrptd01.tunnel sctldap.tunnel sctsecd01.tunnel
O1 - Hosts: 130.103.242.76 au05uap010btox2 au05uap010btox2.ap.umi.ibm.com
O1 - Hosts: 202.81.19.76 sctappd01 sctappd01.supplychain.telstra.com
O1 - Hosts: 172.31.242.141 sctappd01.tunnel sctdmd01
O1 - Hosts: 130.103.242.71 au05uap003btox2 au05uap003btox2.ap.umi.ibm.com
O1 - Hosts: 202.81.19.68 sctappd02 sctappd02.supplychain.telstra.com
O1 - Hosts: 172.31.242.140 sctappd02.tunnel
O1 - Hosts: 130.103.242.78 au05uap011btox2 au05uap011btox2.ap.umi.ibm.com
O1 - Hosts: 202.81.19.78 sctappd03 sctappd03.supplychain.telstra.com
O1 - Hosts: 172.31.242.143 sctappd03.tunnel
O1 - Hosts: 130.103.242.68 au05udb001btox2 au05udb001btox2.ap.umi.ibm.com
O1 - Hosts: 202.81.19.66 sctdbd01 sctdbhost1 sctdbd01.supplychain.telstra.com sctdbhost1.supplychain.telstra.com
O1 - Hosts: 172.31.242.138 sctdbd01.tunnel sctdbhost1.tunnel
O1 - Hosts: 130.103.242.77 au05udb002btox2 au05udb002btox2.ap.umi.ibm.com
O1 - Hosts: 202.81.19.77 sctdbd02 sctdbhost2 sctdbd02.supplychain.telstra.com sctdbhost2.supplychain.telstra.com
O1 - Hosts: 172.31.242.142 sctdbd02.tunnel sctdbhost2.tunnel
O1 - Hosts: 130.103.242.82 au05uap001bto32 au05uap001bto32.ap.umi.ibm.com
O1 - Hosts: 202.81.19.83 sctwind04 sctsvn01 sctwind04.supplychain.telstra.com sctsvn01.supplychain.telstra.com
O1 - Hosts: 172.31.242.136 sctwind04.tunnel sctsvn01.tunnel
O1 - Hosts: 130.103.242.83 au05uap002bto32 au05uap002bto32.ap.umi.ibm.com
O1 - Hosts: 202.81.19.82 sctwind03 sctbld01 sctwind03.supplychain.telstra.com sctbld01.supplychain.telstra.com
O1 - Hosts: 172.31.242.135 sctwind03.tunnel sctbld01.tunnel
O1 - Hosts: 130.103.242.91 au05uap003bto32
O1 - Hosts: 202.81.19.86 sctwind05 sctsvt01 sctwind05.supplychain.telstra.com sctsvt01.supplychain.telstra.com
O1 - Hosts: 172.31.242.144 sctwind05.tunnel sctsvn01.tunnel
O1 - Hosts: 130.103.242.92 au05uap004bto32
O1 - Hosts: 202.81.19.87 sctwind06 sctsvt02 sctwind04.supplychain.telstra.com sctsvt02.supplychain.telstra.com
O1 - Hosts: 172.31.242.145 sctwind06.tunnel sctsvt02.tunnel
O1 - Hosts: 130.103.197.88 au02uap009telx2 au02uap009telx2.ap.umi.ibm.com
O1 - Hosts: 202.81.17.111 sctbsd01 sctbsd01.supplychain.telstra.com
O1 - Hosts: 172.31.241.111 sctbsd01.tunnel sctdsd01 au02uap009telx2
O1 - Hosts: 202.81.17.107 sctbsd03 sctbsd03.supplychain.telstra.com
O1 - Hosts: 146.132.75.55 nui040p01
O1 - Hosts: 146.132.75.56 nui040p02
O1 - Hosts: 202.81.17.109 sctscd01
O1 - Hosts: 172.31.241.109 sctscd01.tunnel
O1 - Hosts: 130.103.199.20 au02uap011btox2
O1 - Hosts: 203.184.72.77 sctprxp01.tunnel www.supplychain.telstra.com
O1 - Hosts: 202.81.17.105 sctprxp01 sctprxp01.supplychain.telstra.com
O1 - Hosts: 130.103.199.26 au02uap016btox2
O1 - Hosts: 172.31.241.211 sctsecp01.tunnel
O1 - Hosts: 202.81.17.118 sctsecp01 sctsecp01.supplychain.telstra.com
O1 - Hosts: 130.103.199.23 au02uap013btox2
O1 - Hosts: 172.31.241.209 sctrptp01.tunnel
O1 - Hosts: 202.81.17.116 sctrptp01 sctrptp01.supplychain.telstra.com
O1 - Hosts: 130.103.199.21 au02uap012btox2
O1 - Hosts: 172.31.241.207 sctappp02.tunnel
O1 - Hosts: 202.81.17.114 sctappp02 sctappp02.supplychain.telstra.com
O1 - Hosts: 130.103.199.25 au02uap015btox2
O1 - Hosts: 172.31.241.210 sctappp03.tunnel
O1 - Hosts: 202.81.17.117 sctappp03 sctappp03.supplychain.telstra.com
O1 - Hosts: 130.103.199.22 au02udb003btox2
O1 - Hosts: 172.31.241.208 sctdbp01.tunnel
O1 - Hosts: 202.81.17.115 sctdbp01 sctdbp01.supplychain.telstra.com
O1 - Hosts: 130.103.199.24 SCTAPPP01(au02uap014btox2) sctappp01 au02uap014btox2
O1 - Hosts: 172.31.241.113 sctappp01.tunnel
O1 - Hosts: 202.81.17.108 sctbsp01 sctbsp01.supplychain.telstra.com
O1 - Hosts: 192.74.156.68 vui040p02
O1 - Hosts: 130.103.196.247 TDBPSC01(au02uap001telx2) tdbpsc01 au02uap001telx2
O1 - Hosts: 130.103.196.250 TPBPSC01(au02uap002telx2) tpbpsc01 au02uap002telx2
O1 - Hosts: 130.103.196.249 TSBPSC01(au02uap003telx2) tsbpsc01 au02uap003telx2
O1 - Hosts: 130.103.196.248 TUBPSC01(au02uap004telx2) tubpsc01 au02uap004telx2
O1 - Hosts: 130.103.197.88 SCTBSD01(au02uap009telx2) sctbsd01 au02uap009telx2
O1 - Hosts: 130.103.197.89 SCTBSD02(au02uap010telx2) sctbsd02 au02uap010telx2
O1 - Hosts: 130.103.196.17 au02uap001btox2 au02uap001 au02uap001btox2.ibm.com au02uap001.ibm.com
O1 - Hosts: 130.103.196.42 au02uap002btox2 au02uap002 au02uap002btox2.ibm.com au02uap002.ibm.com
O1 - Hosts: 130.103.196.43 au02uap003btox2 au02uap003 au02uap003btox2.ibm.com au02uap003.ibm.com au02uap003btox2.ap.umi.ibm.com
O1 - Hosts: 130.103.196.44 au02uap004btox2 au02uap004 au02uap004btox2.ibm.com au02uap004.ibm.com
O1 - Hosts: 130.103.196.36 au02udb001btox2 au02udb001 au02udb001btox2.ibm.com au02udb001.ibm.com
O1 - Hosts: 130.103.196.41 au02udb002btox2 au02udb002 au02udb002btox2.ibm.com au02udb002.ibm.com
O1 - Hosts: 130.103.196.249 au02uap003telx2 au02uap003 au02uap003telx2.ibm.com au02uap003.ibm.com
O1 - Hosts: 130.103.242.67 au05uap001btox2 au05uap001btox2.ap.umi.ibm.com
O1 - Hosts: 202.81.19.65 sctprxd01 sctmailhost sctprxd01.supplychain.telstra.com sctmailhost.supplychain.telstra.com
O1 - Hosts: 203.37.164.235 sctprxd01.tunnel sctmailhost.tunnel
O1 - Hosts: 130.103.242.70 au05uap002btox2 au05uap002btox2.ap.umi.ibm.com
O1 - Hosts: 202.81.19.67 sctrptd01 sctldap sctrptd01.supplychain.telstra.com sctldap.supplychain.telstra.com
O1 - Hosts: 172.31.242.139 sctrptd01.tunnel sctldap.tunnel
O1 - Hosts: 202.81.19.76 sctappd01 sctappd01.supplychain.telstra.com
O1 - Hosts: 172.31.242.141 sctappd01.tunnel sctdmd01 au05uap010btox2
O1 - Hosts: 130.103.242.71 au05uap003btox2 au05uap003btox2.ap.umi.ibm.com
O1 - Hosts: 202.81.19.68 sctappd02 sctappd02.supplychain.telstra.com
O1 - Hosts: 172.31.242.140 sctappd02.tunnel
O1 - Hosts: 130.103.242.78 au05uap011btox2 au05uap011btox2.ap.umi.ibm.com
O1 - Hosts: 202.81.19.78 sctappd03 sctappd03.supplychain.telstra.com
O1 - Hosts: 172.31.242.143 sctappd03.tunnel
O1 - Hosts: 130.103.242.68 au05udb001btox2 au05udb001btox2.ap.umi.ibm.com
O1 - Hosts: 202.81.19.66 sctdbd01 sctdbhost1 sctdbd01.supplychain.telstra.com sctdbhost1.supplychain.telstra.com
O1 - Hosts: 172.31.242.138 sctdbd01.tunnel sctdbhost1.tunnel
O1 - Hosts: 130.103.242.77 au05udb002btox2 au05udb002btox2.ap.umi.ibm.com
O1 - Hosts: 202.81.19.77 sctdbd02 sctdbhost2 sctdbd02.supplychain.telstra.com sctdbhost2.supplychain.telstra.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O2 - BHO: eSnipBHO - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - (no file)
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32maing.exe /cleanup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [ISSI Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MyHelpService] C:\Program Files\IBM\My Help\workspace\service\delayStart.exe
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.19/pmonmh.exe
O4 - HKLM\..\Run: [DB2COPY1 - db2systray.exe DB2] C:\PROGRA~1\IBM\SQLLIB\BIN\db2systray.exe DB2
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090417-1727\preload.exe C:\DOCUME~1\ADMINI~1\IBM\Lotus\Symphony\.sodc\
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = in.ibm.com
O17 - HKLM\Software\..\Telephony: DomainName = in.ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = in.ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = in.ibm.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = in.ibm.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: IBM Mobility Client Start Utility (artstartsvc) - Unknown owner - C:\Program Files\IBM\Mobility Client\artstartsvc.exe (file missing)
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DB2 - DB2COPY1 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2COPY1) (DB2GOVERNOR_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 License Server (DB2COPY1) (DB2LICD_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
O23 - Service: DB2 Security Server (DB2COPY1) (DB2NTSECSERVER_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2COPY1) (DB2REMOTECMD_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: IBM HTTP Administration 6.0 (IBMHTTPAdministration6.0) - Apache Software Foundation - C:\IBMHTTPServer\bin\apache.exe
O23 - Service: IBM HTTP Server 6.0 (IBMHTTPServer6.0) - Apache Software Foundation - C:\IBMHTTPServer\bin\apache.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\c4ebreg\c4ebreg.exe
O23 - Service: ISSI (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: OracleDBConsoleMAXPROD - Oracle Corporation - C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe
O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - C:\oracle\product\10.2.0\db_1\bin\isqlplussvc.exe
O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCL - Unknown owner - c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 18746 bytes


thanks
jay_mnit

Edited by Orange Blossom, 12 July 2010 - 07:03 PM.
Move to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:24 PM

Posted 17 July 2010 - 03:30 PM

Hello jay_mnit

Welcome to BleepingComputer smile.gif
==========================
You have 2 antivirus programs running.
If you are up to date with Norton and plan on paying for the subscription then try to uninstall Avast in Safe mode.
If it does not work run the removal utility found here > http://www.avast.com/uninstall-utility
Or alternatively if you want to remove Norton it may or may not let you uninstall in Safe Mode then run it's removal utility found here > http://service1.symantec.com/support/tsgen...005033108162039

The removal tools should work in Safe Mode.
=======================
One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you still want to clean it please do the following

===================
Download TDSSKiller and save it to your Desktop.
  • Right click on the file and choose extract all extract the file to your desktop then run it.
  • If prompted to restart the computer type in Y then it will restart.
  • Or if you are prompted with a hidden service warning do go ahead and delete it.
  • Once completed it will create a log in your C:\ drive
  • Please post the contents of that log
========

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users