1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My Disk has taken over/HijackThis & all other requested logs included

Discussion in 'Virus & Other Malware Removal' started by holkob01, Jan 9, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. holkob01

    holkob01 Thread Starter

    Joined:
    Dec 15, 2008
    Messages:
    41
    :(Hello all,

    Thank you for your help in the past, and thanks in advance with your help with this. I appreciate all of you IMMENSELY! This is my husband's work computer............ouch!

    HiJack This:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:30:08 PM, on 1/9/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\StacSV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    C:\Documents and Settings\sholko\Desktop\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://swebi.schneider-electric.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files\NBget\InternetDownload\IDTB.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll

    DDS.txt:


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by sholko at 12:38:09.25 on Sun 01/09/2011
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.5.0_17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1316 [GMT -6:00]
    AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\StacSV.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\TEMP\Temporary Internet Files\Content.IE5\5OW31H4L\dds[1].scr
    ============== Pseudo HJT Report ===============


    Attack.txt:


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by sholko at 12:38:09.25 on Sun 01/09/2011
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.5.0_17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1316 [GMT -6:00]
    AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\StacSV.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    D:\TEMP\Temporary Internet Files\Content.IE5\5OW31H4L\dds[1].scr
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.Google.com/
    uSearch Page = hxxp://www.Google.com/
    uWindow Title = Microsoft Internet Explorer
    mDefault_Page_URL = hxxp://swebi.schneider-electric.com/
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
    BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: InternetDownloadToolBar: {376ca00c-3f95-46f7-8f04-e69906e52a1f} - c:\program files\nbget\internetdownload\IDTB.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_17\bin\ssv.dll
    TB: InternetDownloadToolBar: {376ca00c-3f95-46f7-8f04-e69906e52a1f} - c:\program files\nbget\internetdownload\IDTB.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_17\bin\jusched.exe"
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IMSCMig] c:\progra~1\common~1\micros~1\ime\imsc40a\IMSCMIG.EXE /Preload
    mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [InternetDownload_upgrade] "c:\program files\nbget\internetdownload\InternetDownload.exe" /upgrade
    mRun: [<NO NAME>]
    mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
    dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
    dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    uPolicies-explorer: DisallowRun = 1 (0x1)
    uPolicies-disallowrun: 1 = badblue.exe
    uPolicies-disallowrun: 2 = BearShare.exe
    uPolicies-disallowrun: 3 = BitTorrent-3.4.2.exe
    uPolicies-disallowrun: 4 = blubster.exe
    uPolicies-disallowrun: 5 = BonziBDY.exe
    uPolicies-disallowrun: 6 = Direct Connect.exe
    uPolicies-disallowrun: 7 = DirectConnect.exe
    uPolicies-disallowrun: 8 = djnap.exe
    uPolicies-disallowrun: 9 = filetopia.exe
    uPolicies-disallowrun: 10 = furhter.bat
    uPolicies-disallowrun: 11 = hpSplooge.exe
    uPolicies-disallowrun: 12 = IE7-WindowsXP-x86-enu.exe
    uPolicies-disallowrun: 13 = iMeshClient.exe
    uPolicies-disallowrun: 14 = inoize.exe
    uPolicies-disallowrun: 15 = kast.exe
    uPolicies-disallowrun: 16 = kazaa.exe
    uPolicies-disallowrun: 17 = LimeWire.exe
    uPolicies-disallowrun: 18 = mirc.exe
    uPolicies-disallowrun: 19 = morpheus.exe
    uPolicies-disallowrun: 20 = overnet.exe
    uPolicies-disallowrun: 21 = PinPost.exe
    uPolicies-disallowrun: 22 = piolet.exe
    uPolicies-disallowrun: 23 = runGrokster.exe
    uPolicies-disallowrun: 24 = Shareaza.exe
    uPolicies-disallowrun: 25 = slsk.exe
    uPolicies-disallowrun: 26 = winmx.exe
    uPolicies-disallowrun: 27 = wippit.exe
    uPolicies-disallowrun: 28 = xolox.exe
    mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
    IE: Download by NBget Internet Download - c:\program files\nbget\internetdownload\adddownload.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_17\bin\ssv.dll
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: bmnet.dll
    Trusted Zone: apc.com\configurator
    Trusted Zone: apc.com\emea2
    Trusted Zone: apc.com\emeasametime
    Trusted Zone: apc.com\emeasametime.emea
    Trusted Zone: apc.com\intouch
    Trusted Zone: apc.com\jpaa-en
    Trusted Zone: apc.com\jupiter
    Trusted Zone: apc.com\jupiter1
    Trusted Zone: apc.com\jupiter2
    Trusted Zone: apc.com\jupiter4
    Trusted Zone: apc.com\lam-en
    Trusted Zone: apc.com\lam-es
    Trusted Zone: apc.com\namsametime
    Trusted Zone: apc.com\namsametime.ams
    Trusted Zone: apc.com\order1
    Trusted Zone: apc.com\USCMF2F2HVG1.ams
    Trusted Zone: apc.com\uscmfcpk8qh1.ams
    Trusted Zone: apcc.com\configurator
    Trusted Zone: apcc.com\emea2
    Trusted Zone: apcc.com\emeasametime
    Trusted Zone: apcc.com\intouch
    Trusted Zone: apcc.com\jupiter
    Trusted Zone: apcc.com\jupiter1
    Trusted Zone: apcc.com\jupiter2
    Trusted Zone: apcc.com\jupiter4
    Trusted Zone: apcc.com\namsametime
    Trusted Zone: apcc.com\order1
    Trusted Zone: custhelp.com\conextproducts
    Trusted Zone: download.com
    Trusted Zone: emeasametime
    Trusted Zone: namsametime
    Trusted Zone: apc.com\emea-cs
    Trusted Zone: apc.com\emea-de
    Trusted Zone: apc.com\emea-en
    Trusted Zone: apc.com\emea-es
    Trusted Zone: apc.com\emea-fr
    Trusted Zone: apc.com\emea-it
    Trusted Zone: apc.com\emea-pl
    Trusted Zone: apc.com\emea2
    Trusted Zone: apc.com\emeasametime.emea
    Trusted Zone: apc.com\intouch
    Trusted Zone: apc.com\jpaa-en
    Trusted Zone: apc.com\jupiter
    Trusted Zone: apc.com\jupiter1
    Trusted Zone: apc.com\jupiter2
    Trusted Zone: apc.com\jupiter4
    Trusted Zone: apc.com\lam-en
    Trusted Zone: apc.com\lam-es
    Trusted Zone: apc.com\nam-en
    Trusted Zone: apc.com\namsametime.ams
    Trusted Zone: apc.com\order1
    Trusted Zone: apc.com\siebel78.ams
    Trusted Zone: apc.com\trojan
    Trusted Zone: apc.com\trojan3
    Trusted Zone: apcc.com\emea2
    Trusted Zone: apcc.com\intouch
    Trusted Zone: apcc.com\jupiter
    Trusted Zone: apcc.com\jupiter1
    Trusted Zone: apcc.com\jupiter2
    Trusted Zone: apcc.com\jupiter4
    Trusted Zone: apcc.com\order1
    Trusted Zone: apcc.com\trojan
    Trusted Zone: apcc.com\trojan3
    Trusted Zone: custhelp.com\conextproducts
    Trusted Zone: emeasametime
    Trusted Zone: namsametime
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    DPF: {54ACA3E0-63F2-4B76-9709-A32581F93FA8} - hxxp://siebel78.ams.apc.com/nam_enu/19230/applets/SiebelAx_HI_Client.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {85615D08-3D5B-4045-976D-231011156A6D} - hxxp://siebel78.ams.apc.com/nam_enu/19230/applets/SiebelAx_OutBound_mail.cab
    DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18}
    DPF: {C3FB013F-6E58-4B7B-A164-26035E15F5DB} - hxxp://uscmfcpk8qh1.ams.apc.com/19230/applets/SiebelAx_Calendar.cab
    DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
    DPF: {DA22A626-F199-47F1-BB8E-87BE3C2F59B0} - hxxp://siebel78.ams.apc.com/nam_enu/19230/applets/SiebelAx_Calendar.cab
    DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} - hxxp://uscmfcpk8qh1.ams.apc.com/19230/applets/SiebelAx_HI_Client.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxdev.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    Notify: PCANotify - PCANotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    ================= FIREFOX ===================
    FF - ProfilePath - c:\docume~1\sholko\applic~1\mozilla\firefox\profiles\mttgzb4z.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava11.dll
    FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava12.dll
    FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava13.dll
    FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava14.dll
    FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava32.dll
    FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJPI150_17.dll
    FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPOJI610.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
    ============= SERVICES / DRIVERS ===============
    R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-5-5 16984]
    R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
    R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-5-19 370872]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-3 102448]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110109.003\naveng.sys [2011-1-9 86008]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110109.003\navex15.sys [2011-1-9 1360760]
    S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2010-7-15 121416]
    S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2003-5-19 106496]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2006-11-7 99200]
    S3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [2003-2-14 96256]
    S3 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [2003-11-7 36676]
    S3 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [2003-11-7 24344]
    S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2009-8-12 197504]
    S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2009-7-22 148992]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
    =============== Created Last 30 ================
    2011-01-09 03:17:09 -------- d-----w- c:\docume~1\sholko\applic~1\Malwarebytes
    2011-01-09 03:17:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-09 03:17:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-01-09 03:17:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-09 03:17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-08 19:52:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\fNcNi09000
    2010-12-31 22:40:03 -------- d-----w- c:\docume~1\sholko\locals~1\applic~1\Mozilla
    2010-12-28 02:43:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\pCaAk09000
    ==================== Find3M ====================
    2003-04-29 22:38:34 153088 ----a-w- c:\program files\UNWISE.EXE
    ============= FINISH: 12:39:24.26 ===============


    ark.txt

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-09 14:44:55
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD800BEVT-75ZCT1 rev.11.01A11
    Running: 5lq94spt.exe; Driver: D:\TEMP\kwddquog.sys

    ---- System - GMER 1.0.15 ----
    SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA8AD8A20]
    SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA8AD9350]
    SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xA8AD9110]
    SSDT 8AA45C78 ZwQueryValueKey
    SSDT 8A912FD0 ZwResumeThread
    SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA8AD9580]
    ---- Kernel code sections - GMER 1.0.15 ----
    page C:\WINDOWS\System32\Drivers\oz776.sys entry point in "page" section [0xB98AEE34]
    ? D:\TEMP\mbr.sys The system cannot find the file specified. !
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.sys (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0020e0495cf1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0020e0495cf1 (not active ControlSet)
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e0495cf1
    ---- EOF - GMER 1.0.15 ----
     
  2. holkob01

    holkob01 Thread Starter

    Joined:
    Dec 15, 2008
    Messages:
    41
    Just bumping
     
  3. holkob01

    holkob01 Thread Starter

    Joined:
    Dec 15, 2008
    Messages:
    41
    Still need help :(
     
  4. holkob01

    holkob01 Thread Starter

    Joined:
    Dec 15, 2008
    Messages:
    41
    still need someone to take a look at this please :)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/973655

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice