1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

SSTTQ.DLL file in System 32 folder

Discussion in 'Virus & Other Malware Removal' started by bratin_g, Nov 12, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. bratin_g

    bratin_g Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    2
    Hello,

    I have the SSTTQ.DLL in my system32 folder.
    I installed the Spyware doctor and it is continuously giving popup saying that "Malicious Action Blocked -- Spyware doctor has blockde an application Explorer.EXE attempting to access a file: P C:\Windows\System32\SSTTQ.DLL
    THREAT: Trojan. Virtumonde
    Risk Level: Elevated"


    I then installed Hijackthis and below is the hijackthis log.

    Can you please let me know what should I do?

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:57:37 AM, on 11/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Drivers\trcboot.exe
    C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\C4ebreg\c4ebreg.exe
    c:\sdwork\issimsvc.exe
    C:\notes\ntmulti.exe
    C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
    c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\WINDOWS\system32\Drivers\ldlcserv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\C4ebreg\isamtray.exe
    C:\Program Files\IBM\Personal Communications\tpam.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.2.25\pmonmh.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\IBM\My Help\MyHelp.exe
    C:\Program Files\IBM\My Help\jre\bin\myhelpw.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\AT&T Network Client\NetClient.exe
    C:\Program Files\Lotus\Sametime Client\Connect.exe
    C:\notes\NLNOTES.EXE
    C:\notes\ntaskldr.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/download/standardsoftware/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hanesbi.net:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *w3*; *.ibm.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {01CD0B31-9154-45F2-9414-F5D64B74EAF6} - C:\WINDOWS\system32\byxxyyx.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: {131d3f9f-9036-7afb-09a4-74b97b26c8ee} - {ee8c62b7-9b47-4a90-bfa7-6309f9f3d131} - C:\WINDOWS\system32\cywjofwe.dll
    O2 - BHO: (no name) - {F9953122-DF4E-4D78-92A4-49F8F335B732} - C:\WINDOWS\system32\ssttq.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
    O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
    O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
    O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
    O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
    O4 - HKLM\..\Run: [RescueRecoverySetPW] c:\sdwork\Rescue&RecoverySetPW.lnk
    O4 - HKLM\..\Run: [defergui] c:\sdwork\defergui.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [8017f807] rundll32.exe "C:\WINDOWS\system32\aopshsim.dll",b
    O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.2.25/pmonmh.exe
    O4 - HKLM\..\RunOnce: [NetVC - restore VNIC] "C:\PROGRA~1\AT&TNE~1\\NetVC.exe" -reset att_avpnnic
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\RunOnce: [NetSP - restore database] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Lotus QuickStart.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.anandabazar.com/wfplayer/tdserver.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://portal.hanesbi.net/dana-cached/setup/JuniperSetup.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DE84D8A4-0E12-4392-94BB-FC9BD3F5B4C0}: NameServer = 9.0.6.11,9.0.7.1
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBM.COM
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = IBM.COM
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBM.COM
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O20 - Winlogon Notify: byxxyyx - C:\WINDOWS\SYSTEM32\byxxyyx.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
    O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe
    O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
    O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
    O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
    
    --
    End of file - 15363 bytes
    
    
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    --------------------------------------------------------------------
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • ...
    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
  3. bratin_g

    bratin_g Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    2
    Thank You for your response,

    Please find the combofix and Hijackthis logs attached:


    COMBOFIX

    Code:
    ComboFix 07-11-08.1 - IBM 2007-11-14 10:19:43.1 - NTFSx86 
    Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.334 [GMT -5:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
     * Created a new restore point
    .
    
    	Unable to gain System Privileges
    
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\qttss.bak1
    C:\WINDOWS\system32\qttss.bak2
    C:\WINDOWS\system32\qttss.ini
    C:\WINDOWS\system32\qttss.ini2
    C:\WINDOWS\system32\qttss.tmp
    C:\WINDOWS\system32\ssttq.dll
    
    .
    (((((((((((((((((((((((((   Files Created from 2007-10-14 to 2007-11-14  )))))))))))))))))))))))))))))))
    .
    
    2007-11-14 10:18	51,200	--a------	C:\WINDOWS\NirCmd.exe
    2007-11-14 10:15	141,400	--a------	C:\WINDOWS\system32\qnlygqms.dll
    2007-11-14 10:15	79,424	--a------	C:\WINDOWS\system32\mutuhjlk.dll
    2007-11-12 10:57	<DIR>	d--------	C:\Program Files\Trend Micro
    2007-11-12 10:56	<DIR>	d--------	C:\Hijackthis
    2007-11-11 14:22	358,780	--a------	C:\WINDOWS\system32\launchmyhelp.exe
    2007-11-11 14:20	<DIR>	d--------	C:\MyHelp Upgrade Backup
    2007-11-11 13:52	143,552	--a------	C:\WINDOWS\system32\edvykwbx.dll
    2007-11-11 13:10	<DIR>	d--------	C:\Program Files\Spyware Doctor
    2007-11-11 13:10	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-11 13:10	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\PC Tools
    2007-11-11 13:10	15,597,096	--a------	C:\sdsetup.exe
    2007-11-11 13:10	626,688	--a------	C:\WINDOWS\system32\msvcr80.dll
    2007-11-11 13:10	79,936	--a------	C:\WINDOWS\system32\xjtjjlpj.dll
    2007-11-11 13:10	79,688	--a------	C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-11-11 13:10	62,280	--a------	C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-11-11 13:10	41,288	--a------	C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-11-11 13:10	29,000	--a------	C:\WINDOWS\system32\drivers\kcom.sys
    2007-11-11 13:07	143,522	--a------	C:\WINDOWS\system32\acayxuqr.dll
    2007-11-11 11:32	<DIR>	d--------	C:\Program Files\Lavasoft
    2007-11-11 11:32	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-11 11:32	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-11-11 11:29	79,936	--a------	C:\WINDOWS\system32\jeqneafc.dll
    2007-11-11 11:23	142,100	--a------	C:\WINDOWS\system32\dqdbnusu.dll
    2007-11-11 08:02	79,936	--a------	C:\WINDOWS\system32\gmxapfcv.dll
    2007-11-11 07:59	142,070	--a------	C:\WINDOWS\system32\dviirlmv.dll
    2007-11-10 22:56	81,472	--a------	C:\WINDOWS\system32\uxpbnuct.dll
    2007-11-10 22:53	143,522	--a------	C:\WINDOWS\system32\tfxfsyun.dll
    2007-11-10 22:45	140,648	--a------	C:\WINDOWS\system32\hysrnhqn.dll
    2007-11-10 18:10	81,472	--a------	C:\WINDOWS\system32\wbiwmrbp.dll
    2007-11-10 18:07	143,522	--a------	C:\WINDOWS\system32\vlkcnywe.dll
    2007-11-10 13:54	81,472	--a------	C:\WINDOWS\system32\syldvvpc.dll
    2007-11-10 13:48	143,522	--a------	C:\WINDOWS\system32\qexouyif.dll
    2007-11-10 13:41	142,100	--a------	C:\WINDOWS\system32\fkloypsa.dll
    2007-11-10 13:20	81,472	--a------	C:\WINDOWS\system32\bpyqbyyu.dll
    2007-11-10 13:17	143,522	--a------	C:\WINDOWS\system32\pyqbudje.dll
    2007-11-09 23:07	<DIR>	d--------	C:\WINDOWS\system32\rMa01yy
    2007-11-09 23:07	<DIR>	d--------	C:\temp\abW9
    2007-11-09 23:07	36,352	--a------	C:\WINDOWS\system32\ssqrrqq.dll
    2007-11-09 23:07	36,352	--a------	C:\WINDOWS\system32\byxxyyx.dll
    2007-11-01 10:47	<DIR>	d--------	C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-11-01 10:18	<DIR>	d--------	C:\Documents and Settings\Administrator\IBM
    2007-11-01 10:13	<DIR>	d--------	C:\Documents and Settings\LocalService\Application Data\Yahoo!
    
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-14 15:26	---------	d-----w	C:\Program Files\C4ebreg
    2007-11-14 14:41	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
    2007-11-13 19:31	---------	d-----w	C:\Program Files\WST
    2007-11-11 19:22	---------	d-----w	C:\Program Files\IBM
    2007-11-11 19:22	---------	d-----w	C:\Program Files\Common Files\My Help
    2007-11-09 15:04	---------	d-----w	C:\Program Files\AT&T Network Client
    2007-10-28 13:51	53,704	----a-w	C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-10 19:35	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\Juniper Networks
    2007-09-29 13:49	---------	d-----w	C:\Program Files\Symantec
    2007-09-29 13:48	---------	d-----w	C:\Program Files\Symantec Client Security
    2007-09-29 13:48	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
    2007-09-29 13:43	---------	d-----w	C:\Program Files\CheckPoint
    2007-09-29 13:42	---------	d-----w	C:\Program Files\Symantec AntiVirus
    2007-09-23 12:57	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\Yahoo!
    2007-09-22 16:44	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2007-09-22 16:37	---------	d-----w	C:\Program Files\Yahoo!
    2007-09-22 16:37	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Yahoo!
    2007-09-21 02:03	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\InterVideo
    2007-09-19 22:12	---------	d--h--w	C:\Program Files\InstallShield Installation Information
    2007-09-19 22:12	---------	d-----w	C:\Program Files\Lenovo
    2007-09-17 16:48	36,528	------w	C:\WINDOWS\system32\drivers\pxhelp20.sys
    2007-09-17 16:48	2,336,424	----a-w	C:\WINDOWS\system32\AS_Storage.dll
    2007-09-17 16:48	115,880	----a-w	C:\WINDOWS\system32\pxinsi64.exe
    2007-09-17 16:48	114,856	----a-w	C:\WINDOWS\system32\pxcpyi64.exe
    2007-09-15 14:08	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\Talkback
    2007-09-15 14:07	---------	d-----w	C:\Program Files\DivX
    2007-09-07 18:23	57,344	----a-w	C:\WINDOWS\isamunin.exe
    .
    
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
    2007-11-09 23:07	36352	--a------	C:\WINDOWS\system32\byxxyyx.dll
    
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3f765ed9-4e57-4999-a1e0-f20737419d12}]
    2007-11-14 10:16	79424	--a------	C:\WINDOWS\system32\mutuhjlk.dll
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 00:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 00:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 00:00]
    "ISAM SMT Service"="C:\Program Files\C4ebreg\isamsmt.exe" []
    "ISAMTray"="C:\Program Files\C4ebreg\isamtray.exe" [2007-09-07 13:23]
    "stgclean"="c:\sdwork\w32main2.exe" [2007-10-24 06:41]
    "Tpam.exe"="C:\Program Files\IBM\Personal Communications\tpam.exe" [2005-09-06 04:07]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-08-25 19:54]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-08-25 19:53]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-08-25 19:54]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-08-25 19:54]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-08-25 20:42]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-25 20:42]
    "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-08-25 20:43]
    "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-08-25 20:47]
    "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-08-25 20:46]
    "TpShocks"="TpShocks.exe" [2005-11-07 06:14 C:\WINDOWS\system32\TpShocks.exe]
    "TP4EX"="tp4ex.exe" [2005-10-16 20:11 C:\WINDOWS\system32\TP4EX.exe]
    "ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 08:09]
    "ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 07:59]
    "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 14:04]
    "MyHelpService"="C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe" [2006-12-19 13:44]
    "PSQLLauncher"="C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" []
    "ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [2007-10-10 05:58]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-11-15 20:05]
    "C4EBReg"="C:\Program Files\C4ebreg\c4ebreg.exe" [2007-09-07 13:23]
    "RescueRecoverySetPW"="c:\sdwork\Rescue&RecoverySetPW.lnk" []
    "defergui"="c:\sdwork\defergui.exe" [2007-07-09 08:14]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-04 14:49]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 18:26]
    "vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 19:33]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-11 13:46]
    "pmonmh"="C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.2.25/pmonmh.exe" [2007-09-17 11:48]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
    
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2006-04-24 18:02:56]
    Lotus QuickStart.lnk - C:\lotus\wordpro\ltsstart.exe [2003-04-07 19:00:00]
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDevMgrUpdate"=1 (0x1)
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\byxxyyx.dll [2007-11-09 23:07 36352]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 
    ACNotify.dll 
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok] 
    atmgrtok.dll 
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxyyx] 
    byxxyyx.dll 2007-11-09 23:07 36352 C:\WINDOWS\system32\byxxyyx.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst] 
    pcsinst.dll 2005-09-06 13:43 49152 C:\WINDOWS\system32\pcsinst.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 
    notifyf2.dll 2006-08-25 20:43 28672 C:\WINDOWS\system32\notifyf2.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 
    tphklock.dll 2006-08-25 20:43 24576 C:\WINDOWS\system32\tphklock.dll
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttq.dll
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
    
    R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
    R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
    R1 IBMTPCHK;IBMTPCHK;\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
    R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
    R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys
    R2 AppnApi;AppnApi;C:\WINDOWS\system32\drivers\appnapi.sys
    R2 IBM_LLC2;IBM Personal Communications LLC2 Driver;C:\WINDOWS\system32\DRIVERS\llc2.sys
    R2 ISAMSvc;IBM Standard Asset Manager Service;"C:\Program Files\C4ebreg\c4ebreg.exe"
    R2 MyHelp;My Help;C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
    R2 NsTrcNT;NsTrcNT;C:\WINDOWS\system32\drivers\nstrcnt.sys
    R2 pdlnctdl;Twinax CUT Adapter;C:\WINDOWS\system32\drivers\pdlnctdl.sys
    R2 pdlndldl;IBM Enterprise Extender (HPR/IP);C:\WINDOWS\system32\drivers\pdlndldl.sys
    R3 ABVPN2K;Net Firewall Miniport Interface;C:\WINDOWS\system32\DRIVERS\abvpn2k.sys
    R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
    R3 Anydlc;Anydlc;C:\WINDOWS\system32\drivers\anydlc.sys
    R3 Appn;Appn;C:\WINDOWS\system32\drivers\appn.sys
    R3 AppnBase;AppnBase;C:\WINDOWS\system32\drivers\AppnBase.sys
    R3 atmeltpm;atmeltpm;C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
    R3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys
    R3 KLOGNT;KLOGNT;C:\WINDOWS\system32\drivers\klognt.sys
    R3 pdlnacom;PDLC Adapter -- COM;C:\WINDOWS\system32\drivers\pdlnacom.sys
    R3 pdlnafac;PDLC Adapter Factory;C:\WINDOWS\system32\drivers\pdlnafac.sys
    R3 pdlnatcm;Twinax Adapter Common;C:\WINDOWS\system32\drivers\pdlnatcm.sys
    R3 pdlnatdl;Twinax Adapter;C:\WINDOWS\system32\drivers\pdlnatdl.sys
    R3 pdlncbas;PDLC CxM Classes;C:\WINDOWS\system32\drivers\pdlncbas.sys
    R3 pdlncfwk;PDLC Connection Manager;C:\WINDOWS\system32\drivers\pdlncfwk.sys
    R3 pdlndint;PDLC DLC Classes;C:\WINDOWS\system32\drivers\pdlndint.sys
    R3 pdlndlpb;PDLC LAPB;C:\WINDOWS\system32\drivers\pdlndlpb.sys
    R3 pdlndoem;PDLC OEM Interface;C:\WINDOWS\system32\drivers\pdlndoem.sys
    R3 pdlndqll;PDLC QLLC;C:\WINDOWS\system32\drivers\pdlndqll.sys
    R3 pdlndsdl;PDLC SDLC;C:\WINDOWS\system32\drivers\pdlndsdl.sys
    R3 pdlndtdl;Twinax DLC;C:\WINDOWS\system32\drivers\pdlndtdl.sys
    R3 pdlnebas;PDLC Environment;C:\WINDOWS\system32\drivers\pdlnebas.sys
    R3 pdlnecfg;PDLC Configuration;C:\WINDOWS\system32\drivers\pdlnecfg.sys
    R3 pdlnemap;PDLC Mapper;C:\WINDOWS\system32\drivers\pdlnemap.sys
    R3 pdlnemsg;PDLC Message Driver;C:\WINDOWS\system32\drivers\pdlnemsg.sys
    R3 pdlnepkt;PDLC Buffer Manager;C:\WINDOWS\system32\drivers\pdlnepkt.sys
    R3 pdlnshay;PDLC Hayes At signalling;C:\WINDOWS\system32\drivers\pdlnshay.sys
    R3 pdlnslea;PDLC SDLC Leased;C:\WINDOWS\system32\drivers\pdlnslea.sys
    R3 pdlnsv25;PDLC V25bis signalling;C:\WINDOWS\system32\drivers\pdlnsv25.sys
    R3 pdlnsx25;PDLC X.25;C:\WINDOWS\system32\drivers\pdlnsx25.sys
    S3 gwiopm;gwiopm;\??\C:\Program Files\wst\gwiopm.sys
    
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-14 15:28:10 C:\WINDOWS\Tasks\PMTask.job"
    .
    **************************************************************************
    
    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-14 10:27:13
    Windows 5.1.2600 Service Pack 2 NTFS
    
    detected NTDLL code modification:
    ZwClose
    
    scanning hidden processes ... 
    
    scanning hidden autostart entries ...
    
    scanning hidden files ... 
    
    scan completed successfully 
    hidden files: 0 
    
    **************************************************************************
    .
    Completion time: 2007-11-14 10:29:24 - machine was rebooted 
    .
    	--- E O F ---
    
    

    HIJACKTHIS


    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:31:01 AM, on 11/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Drivers\trcboot.exe
    C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\C4ebreg\c4ebreg.exe
    c:\sdwork\issimsvc.exe
    C:\notes\ntmulti.exe
    C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
    C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
    c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\system32\Drivers\ldlcserv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\C4ebreg\isamtray.exe
    C:\Program Files\IBM\Personal Communications\tpam.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.2.25\pmonmh.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/download/standardsoftware/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hanesbi.net:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *w3*; *.ibm.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {01CD0B31-9154-45F2-9414-F5D64B74EAF6} - C:\WINDOWS\system32\byxxyyx.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: {21d91473-702f-0e1a-9994-75e49de567f3} - {3f765ed9-4e57-4999-a1e0-f20737419d12} - C:\WINDOWS\system32\mutuhjlk.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
    O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
    O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
    O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
    O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
    O4 - HKLM\..\Run: [RescueRecoverySetPW] c:\sdwork\Rescue&RecoverySetPW.lnk
    O4 - HKLM\..\Run: [defergui] c:\sdwork\defergui.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.2.25/pmonmh.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Lotus QuickStart.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.anandabazar.com/wfplayer/tdserver.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://portal.hanesbi.net/dana-cached/setup/JuniperSetup.cab
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBM.COM
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = IBM.COM
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBM.COM
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O20 - Winlogon Notify: byxxyyx - C:\WINDOWS\SYSTEM32\byxxyyx.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
    O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe
    O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
    O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
    O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
    
    --
    End of file - 14363 bytes
    
    
    
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    If you could post the results without the code box, that would be much better.
    The code boxes make it so much harder to read.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/650929

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice