|
|
vane
new user
Reg'd: Tue
Posts: 8
|
|
hello,
issues:
-iexplore.exe runs on startup or starts itself up; just one, not multiple instances.
-msiexec.exe subsequently runs (if i don't kill iexplore.exe) and creats a pop-up looking for windows office 2000 disk (i've only ever run 2002)
-after install of latest hjt, v2.0, access is denied when trying to read/delete/move .log file (permissions are set to access all)
i followed tip on this page and downloaded v1.98 and was able to save/read log file (step 2)...i still can't remove 2.0 log files http://www.webuser.co.uk/forums/showflat...amp;Search=true
here's the log file:
Logfile of HijackThis v1.98.2
Scan saved at 12:41:09 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\ebrinkma\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [PD6000StatusMonitor] C:\WINDOWS\System32\PD6000SM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KeyAccess.lnk = C:\WINDOWS\keyacc32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/2004...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152862782906
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - ms-its:mhtml:file://C:\ss.MHT!http://www.traffichog.com/chm.chm::/files/initial.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = design.harvard.edu
O17 - HKLM\Software\..\Telephony: DomainName = design.harvard.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = design.harvard.edu
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
I see now the 'traffichog', but maybe there are others? Thanks!
|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28272
Loc: belfast
|
|
Please download ComboFix from either of these two locations
BleepingComputerComboFix
geeks to go combofix
And save it to your DESKTOP.
* Double click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Post back with the log from ComboFix and a new HJT log please.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
 
A computer once beat me at chess, but it was no match for me at kick boxing. 
|
vane
new user
Reg'd: Tue
Posts: 8
|
|
Here's the combofix log:
ComboFix 08-04-02.1 - ebrinkma 2008-04-03 9:03:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.735 [GMT -4:00]
Running from: C:\Documents and Settings\ebrinkma\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\ebrinkma\Application Data\install.dat
C:\Program Files\WinBudget
C:\WINDOWS\ghttk.dat
.
((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.
2008-03-22 21:11 . 2008-03-22 21:26 <DIR> d-------- C:\Program Files\CCleaner
2008-03-22 21:08 . 2008-03-22 21:08 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-22 20:49 . 2008-03-22 20:49 <DIR> d-------- C:\Documents and Settings\ebrinkma\Application Data\Talkback
2008-03-22 20:47 . 2008-03-22 20:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-17 21:21 . 2008-03-17 21:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-17 21:21 . 2008-03-17 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-04 22:04 . 2008-03-28 12:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 22:04 . 2008-03-04 22:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-04 21:59 . 2008-03-04 21:59 40,960 --a------ C:\WINDOWS\_ds42.tmp
2008-03-04 18:39 . 2008-03-04 22:08 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 18:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-18 01:46 --------- d-----w C:\Program Files\Lavasoft
2008-03-07 23:48 --------- d-----w C:\Documents and Settings\ebrinkma\Application Data\AdobeUM
2008-03-05 01:55 --------- d-----w C:\Program Files\SolidWorks
2008-02-10 02:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-09 23:14 691,545 ----a-w C:\WINDOWS\unins000.exe
2007-01-08 05:36 134,264 ----a-w C:\Documents and Settings\ebrinkma\Application Data\GDIPFONTCACHEV1.DAT
2005-05-12 10:14 35,577 ----a-w C:\Program Files\uninstal.log
2005-05-12 10:14 33,653 ----a-w C:\Program Files\setuplog.txt
2004-05-28 01:32 8,628 ---ha-w C:\Program Files\WRPVIEW.GID
2004-03-03 16:59 927 ----a-w C:\Program Files\3dsmaxad.err
2003-03-27 21:38 193,034 ----a-w C:\Program Files\3dsmax51sp1readme.rtf
2003-02-25 01:54 2,374 ----a-w C:\Program Files\DeIsL1.isu
2003-02-25 01:54 147 ----a-w C:\Program Files\_DEISREG.ISR
2003-01-14 20:15 4 ----a-w C:\Program Files\update51.txt
2003-01-14 19:58 366,479 ----a-w C:\Program Files\readme_3dsmax_51.rtf
2003-01-08 03:45 10,735,616 ----a-w C:\Program Files\formZ_RR.exe
2002-10-31 22:04 4,784,128 ----a-w C:\Program Files\3dsmaxexe.bak
2001-09-24 18:35 3,882 ----a-w C:\Program Files\cadisireg.reg
2001-08-13 12:45 577 ----a-w C:\Program Files\freehand10.reg
2001-01-09 15:57 1,960,448 ----a-w C:\Program Files\Wrplot.exe
2000-08-18 18:51 1,443,055 ----a-w C:\Program Files\WRPVIEW.HLP
2000-03-22 18:47 49,152 ----a-w C:\Program Files\_ISREG32.DLL
1996-06-06 00:23 21,014 ----a-w C:\Program Files\Stations.wr_
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 58,992 2005-07-15 05:16:00 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 69,632 2006-12-13 01:48:54 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
----a-w 218,240 2004-11-02 21:59:52 C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe
----a-w 69,632 2006-12-13 01:48:54 C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
----a-w 294,998 2003-06-25 15:29:08 C:\Program Files\Dell AIO Printer A940\bak\dlbabmgr.exe
----a-w 69,632 2006-12-13 01:48:54 C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
----a-w 36,975 2005-11-10 20:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe
----a-w 69,632 2006-12-13 01:48:54 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
----a-w 282,624 2006-07-12 05:36:08 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 69,632 2006-12-13 01:48:54 C:\Program Files\QuickTime\qttask.exe
----a-w 679,936 2002-04-10 21:44:04 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe
----a-w 69,632 2006-12-13 01:48:54 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
----a-w 100,056 2005-12-04 05:36:08 C:\Program Files\SymNetDrv\bak\SNDMon.exe
----a-w 69,632 2006-12-13 01:48:54 C:\Program Files\SymNetDrv\SNDMon.exe
----a-w 286,720 2003-09-25 17:00:00 C:\WINDOWS\bak\keyacc32.exe
----a-w 69,632 2006-12-13 01:48:54 C:\WINDOWS\keyacc32.exe
----a-w 163,840 2001-09-05 18:28:40 C:\WINDOWS\bak\MMKeybd.exe
----a-w 69,632 2006-12-13 01:48:54 C:\WINDOWS\MMKeybd.exe
----a-w 266,240 2003-06-16 19:14:52 C:\WINDOWS\SYSTEM32\bak\PD6000SM.EXE
----a-w 69,632 2006-12-13 01:48:54 C:\WINDOWS\SYSTEM32\PD6000SM.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2006-12-12 21:48 69632]
"DellTouch"="C:\WINDOWS\MMKeybd.exe" [2006-12-12 21:48 69632]
"KeyAccess"="C:\WINDOWS\keyacc32.exe" [2006-12-12 21:48 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2006-12-12 21:48 69632]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-03 11:29 2904064]
"nwiz"="nwiz.exe" [2004-03-03 11:29 782336 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-03 11:29 46080]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2006-12-12 21:48 69632]
"PD6000StatusMonitor"="C:\WINDOWS\System32\PD6000SM.EXE" [2006-12-12 21:48 69632]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-12-12 21:48 69632]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2006-12-12 21:48 69632]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-12-12 21:48 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-12 21:48 69632]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 00:37:56 217194]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-05 19:31:44 110592]
KeyAccess.lnk - C:\WINDOWS\keyacc32.exe [2003-09-25 13:00:00 69632]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 18:06:54 24633]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\CoreFTP\\coreftp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
S3 AWHelpServer;Alias Wavefront Help Server;"C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya5.0\docs/Wrapper.conf" []
S3 FLEXlm License Manager;FLEXlm License Manager;c:\FlexLm\lmgrd.exe [2003-03-16 14:05]
S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-05-03 12:30]
S3 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 12:29]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 14:52]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 00:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - ebrinkma.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-02 22:52:27 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 09:08:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-03 9:09:28
ComboFix-quarantined-files.txt 2008-04-03 13:09:08
Pre-Run: 8,366,866,432 bytes free
Post-Run: 8,351,653,888 bytes free
And here's the HJT log:
Logfile of HijackThis v1.98.2
Scan saved at 09:15, on 2008-04-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\PD6000SM.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPRV10.EXE
C:\Documents and Settings\ebrinkma\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [PD6000StatusMonitor] C:\WINDOWS\System32\PD6000SM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KeyAccess.lnk = C:\WINDOWS\keyacc32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/2004...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152862782906
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - ms-its:mhtml:file://C:\ss.MHT!http://www.traffichog.com/chm.chm::/files/initial.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = design.harvard.edu
O17 - HKLM\Software\..\Telephony: DomainName = design.harvard.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = design.harvard.edu
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
Thanks!
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28272
Loc: belfast
|
|
Go to add/remove programs in the control panel and remove Netcom3 Cleaner <----It is a rogue spyware scanner
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Quote:
Killall::
File::
C:\WINDOWS\_ds42.tmp
C:\Program Files\cadisireg.reg
Folder::
C:\Documents and Settings\ebrinkma\Application Data\Talkback
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please and
let me know how it is running.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
Then try the latest version of Hijackthis.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
vane
new user
Reg'd: Tue
Posts: 8
|
|
I believe I already removed Netcom3 - it doesn't appear in the add/remove programs list, but I will delete the folder. Also, it didn't seem to work for me, but is it really rogue? http://www.google.com/search?q=netcom3&a...lient=firefox-a
Cadisi is an engineering program - really necessary to kill? http://www.technet-gmbh.de/english/Frame...ucts_cadisi.htm
This "killall" won't remove, just disable for rescan? Thx.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28272
Loc: belfast
|
|
leave the :-
C:\Program Files\cadisireg.reg line out of the fix,
i could find no info on it at all.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
vane
new user
Reg'd: Tue
Posts: 8
|
|
Ok, I thought I had disabled Norton, but it still came up. I think I was able to kill it without causing any problem, but let me know if I need to rerun the CFScript.txt. You'll notice that iexplore.exe was open on restart. Thanks!
Combolog:
ComboFix 08-04-02.1 - ebrinkma 2008-04-04 8:57:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.744 [GMT -4:00]
Running from: C:\Documents and Settings\ebrinkma\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ebrinkma\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\_ds42.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\ebrinkma\Application Data\Talkback
C:\Documents and Settings\ebrinkma\Application Data\Talkback\MozillaOrg\Firefox2\Win32\2008020121\manifest.ini
C:\Documents and Settings\ebrinkma\Application Data\Talkback\MozillaOrg\Firefox2\Win32\2008020121\permdata.box
C:\Documents and Settings\ebrinkma\Application Data\Talkback\MozillaOrg\Firefox2\Win32\2008031114\manifest.ini
C:\Documents and Settings\ebrinkma\Application Data\Talkback\MozillaOrg\Firefox2\Win32\2008031114\permdata.box
C:\WINDOWS\_ds42.tmp
.
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.
2008-03-22 21:11 . 2008-03-22 21:26 <DIR> d-------- C:\Program Files\CCleaner
2008-03-22 21:08 . 2008-03-22 21:08 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-22 20:47 . 2008-03-22 20:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-17 21:21 . 2008-03-17 21:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-17 21:21 . 2008-03-17 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-04 22:04 . 2008-03-28 12:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 22:04 . 2008-03-04 22:04 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 18:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-18 01:46 --------- d-----w C:\Program Files\Lavasoft
2008-03-07 23:48 --------- d-----w C:\Documents and Settings\ebrinkma\Application Data\AdobeUM
2008-03-05 01:55 --------- d-----w C:\Program Files\SolidWorks
2008-02-10 02:27 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-09 23:14 691,545 ----a-w C:\WINDOWS\unins000.exe
2007-01-08 05:36 134,264 ----a-w C:\Documents and Settings\ebrinkma\Application Data\GDIPFONTCACHEV1.DAT
2005-05-12 10:14 35,577 ----a-w C:\Program Files\uninstal.log
2005-05-12 10:14 33,653 ----a-w C:\Program Files\setuplog.txt
2004-05-28 01:32 8,628 ---ha-w C:\Program Files\WRPVIEW.GID
2004-03-03 16:59 927 ----a-w C:\Program Files\3dsmaxad.err
2003-03-27 21:38 193,034 ----a-w C:\Program Files\3dsmax51sp1readme.rtf
2003-02-25 01:54 2,374 ----a-w C:\Program Files\DeIsL1.isu
2003-02-25 01:54 147 ----a-w C:\Program Files\_DEISREG.ISR
2003-01-14 20:15 4 ----a-w C:\Program Files\update51.txt
2003-01-14 19:58 366,479 ----a-w C:\Program Files\readme_3dsmax_51.rtf
2003-01-08 03:45 10,735,616 ----a-w C:\Program Files\formZ_RR.exe
2002-10-31 22:04 4,784,128 ----a-w C:\Program Files\3dsmaxexe.bak
2001-09-24 18:35 3,882 ----a-w C:\Program Files\cadisireg.reg
2001-08-13 12:45 577 ----a-w C:\Program Files\freehand10.reg
2001-01-09 15:57 1,960,448 ----a-w C:\Program Files\Wrplot.exe
2000-08-18 18:51 1,443,055 ----a-w C:\Program Files\WRPVIEW.HLP
2000-03-22 18:47 49,152 ----a-w C:\Program Files\_ISREG32.DLL
1996-06-06 00:23 21,014 ----a-w C:\Program Files\Stations.wr_
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 58,992 2005-07-15 05:16:00 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 69,632 2006-12-13 01:48:54 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
----a-w 218,240 2004-11-02 21:59:52 C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe
----a-w 69,632 2006-12-13 01:48:54 C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
----a-w 294,998 2003-06-25 15:29:08 C:\Program Files\Dell AIO Printer A940\bak\dlbabmgr.exe
----a-w 69,632 2006-12-13 01:48:54 C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
----a-w 36,975 2005-11-10 20:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe
----a-w 69,632 2006-12-13 01:48:54 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
----a-w 282,624 2006-07-12 05:36:08 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 69,632 2006-12-13 01:48:54 C:\Program Files\QuickTime\qttask.exe
----a-w 679,936 2002-04-10 21:44:04 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe
----a-w 69,632 2006-12-13 01:48:54 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
----a-w 100,056 2005-12-04 05:36:08 C:\Program Files\SymNetDrv\bak\SNDMon.exe
----a-w 69,632 2006-12-13 01:48:54 C:\Program Files\SymNetDrv\SNDMon.exe
----a-w 286,720 2003-09-25 17:00:00 C:\WINDOWS\bak\keyacc32.exe
----a-w 69,632 2006-12-13 01:48:54 C:\WINDOWS\keyacc32.exe
----a-w 163,840 2001-09-05 18:28:40 C:\WINDOWS\bak\MMKeybd.exe
----a-w 69,632 2006-12-13 01:48:54 C:\WINDOWS\MMKeybd.exe
----a-w 266,240 2003-06-16 19:14:52 C:\WINDOWS\SYSTEM32\bak\PD6000SM.EXE
----a-w 69,632 2006-12-13 01:48:54 C:\WINDOWS\SYSTEM32\PD6000SM.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2006-12-12 21:48 69632]
"DellTouch"="C:\WINDOWS\MMKeybd.exe" [2006-12-12 21:48 69632]
"KeyAccess"="C:\WINDOWS\keyacc32.exe" [2006-12-12 21:48 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2006-12-12 21:48 69632]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-03-03 11:29 2904064]
"nwiz"="nwiz.exe" [2004-03-03 11:29 782336 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-03-03 11:29 46080]
"Dell AIO Printer A940"="C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" [2006-12-12 21:48 69632]
"PD6000StatusMonitor"="C:\WINDOWS\System32\PD6000SM.EXE" [2006-12-12 21:48 69632]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-12-12 21:48 69632]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2006-12-12 21:48 69632]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-12-12 21:48 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-12 21:48 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\CoreFTP\\coreftp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
S3 AWHelpServer;Alias Wavefront Help Server;"C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya5.0\docs/Wrapper.conf" []
S3 FLEXlm License Manager;FLEXlm License Manager;c:\FlexLm\lmgrd.exe [2003-03-16 14:05]
S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-05-03 12:30]
S3 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 12:29]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 14:52]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 00:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - ebrinkma.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-04-03 22:52:34 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 09:05:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
c:\program files\internet explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2008-04-04 9:15:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-04 13:15:06
ComboFix2.txt 2008-04-03 13:09:29
Pre-Run: 8,455,143,424 bytes free
Post-Run: 8,441,393,152 bytes free
HJT Log:
Logfile of HijackThis v1.98.2
Scan saved at 09:19, on 2008-04-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\explorer.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ebrinkma\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [PD6000StatusMonitor] C:\WINDOWS\System32\PD6000SM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KeyAccess.lnk = C:\WINDOWS\keyacc32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/2004...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152862782906
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - ms-its:mhtml:file://C:\ss.MHT!http://www.traffichog.com/chm.chm::/files/initial.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = design.harvard.edu
O17 - HKLM\Software\..\Telephony: DomainName = design.harvard.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = design.harvard.edu
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28272
Loc: belfast
|
|
You need to update your java.
Please go to the add/remove utility in the control panel and uninstall the following:
J2SE Runtime Environment 5.0 Update 06 (and any other java updates that are there)
Reboot the Computer.
Then update your Sun java from here:
http://java.sun.com/javase/downloads/index.jsp
Rerun HJT,and put a checkmark beside these :-
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/2004...meInstaller.exe
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - ms-its:mhtml:file://C:\ss.MHT!http://www.traffichog.com/chm.chm::/files/initial.cab
now close all windows and browsers and click FIX CHECKED
delete your old version of HJT and download the latest version from :-
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
then post a fresh HJT log.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
vane
new user
Reg'd: Tue
Posts: 8
|
|
Here's the latest HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16, on 2008-04-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\ebrinkma\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [KeyAccess] C:\WINDOWS\keyacc32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [PD6000StatusMonitor] C:\WINDOWS\System32\PD6000SM.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KeyAccess.lnk = C:\WINDOWS\keyacc32.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152862782906
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = design.harvard.edu
O17 - HKLM\Software\..\Telephony: DomainName = design.harvard.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = design.harvard.edu
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXlm License Manager - GLOBEtrotter Software Inc. - c:\FlexLm\lmgrd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SolidNetWork License Manager - Rainbow Technologies Inc. - (no file)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 8424 bytes
|
vane
new user
Reg'd: Tue
Posts: 8
|
|
Just so you know, after all of the above, the issues remain -
-iexplore.exe runs on startup or starts itself up; just one, not multiple instances.
-msiexec.exe subsequently runs (if i don't kill iexplore.exe) and creats a pop-up looking for windows office 2000 disk (i've only ever run 2002)
thanks.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28272
Loc: belfast
|
|
Something is obviously trying to access the internet, but i don't think it is malware. possibly a program trying to update.
I think you would be better posting in the XP help forum, someone there would have a better idea as to what it was.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
vane
new user
Reg'd: Tue
Posts: 8
|
|
Thanks. Do you have a suggestion for deleting the original HJT 2.0 files? The logs that were automatically saved before I tried 1.98 can't be deleted.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28272
Loc: belfast
|
|
Boot up in SAFE MODE and you should be able to delete them.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
vane
new user
Reg'd: Tue
Posts: 8
|
|
Just to complete the circle: after getting myself in a safemode boot loop that I had to use a floppy boot disk to get out of, I downloaded all the latest msft security updates/etc and it told me that I had a backdoor trojan - zonebac.gen!a (!?). Things seem to be better now (no iexplore.exe running, etc.) Thanks for your time.
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28272
Loc: belfast
|
|
glad you're sorted.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
| |
Previous
Index
Next
Threaded
Edit
Reply
Quote
