Spyware Removal Ads

Question

tutonk 0 Light Poster

16 Years Ago

I recently started receiving the annoying 'Your Computer is Infected' popups again. This time it is on my company laptop (A Dell Latitude D620). It happened while I was working at home, connected through my wireless network. I have seen no signs of problems on my home PC, just this laptop. The Symantec anti-virus caught a few things that I tried to clean, but I'm not sure that it isn't deeper than the Symantec can handle. The HJT log is copied below. Help is greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:21 AM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NA_Service.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\system32\UsbConnect.exe
C:\MSSQL7\binn\sqlagent.exe
C:\WINDOWS\system32\usbconsole.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\cjones\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grantindustrial.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Ultra Ping] C:\Program Files\Ultra Ping\silent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchPS.lnk = C:\Program Files\Pro-face\Pro-Server EX\PSEXTool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Cake Mania 2\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145374838981
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145374825749
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grantindustrial.com
O17 - HKLM\Software\..\Telephony: DomainName = grantindustrial.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grantindustrial.com
O21 - SSODL: zip - {aa5e4c93-e73c-4f6b-a3a6-df65be2ec346} - C:\WINDOWS\Installer\{aa5e4c93-e73c-4f6b-a3a6-df65be2ec346}\zip.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ICONICS License Server (GenRegistrar) (GenRegistrar) - Unknown owner - C:\Program Files\ICONICS\GENESIS-32\Bin\GenRegistrarServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pro-Server EX - Digital Electronics Corporation - C:\Program Files\Pro-face\Pro-Server EX\ProServr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\system32\UsbConnect.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9781 bytes

windows-virus

2 Contributors
20 Replies
441 Views
2 Weeks Discussion Span
Latest Post 16 Years Ago Latest Post by crunchie

All 20 Replies

crunchie 990 Most Valuable Poster

16 Years Ago

Please download ComboFix by sUBs from HERE or HERE Save it to your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

"%userprofile%\desktop\ComboFix.exe" /KillAll

ClickOK and this will start ComboFix.
When finished, it will produce a log. Please save that log to a Notepad File and include it in your next reply along with a fresh HJT log.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* Re-enable all the programs that were disabled prior to the running of ComboFix.

* Post the following logs/Reports: ComboFix.txt
Fresh HijackThis log run after all the other tools have performed their cleanup.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

crunchie 990 Most Valuable Poster

16 Years Ago

Do not do that. When we are finished, combofix will do it during it's cleanup.

Can you please do the following.

===============

Scan with HijackThis and then place a check next to all the following, if present:

O2 - BHO: (no name) - {182C7ED7-E56D-4509-9D9B-AC49318D9895} - C:\WINDOWS\system32\mljhiih.dll (file missing)

O4 - HKCU\..\Run: [Tair] "C:\PROGRA~1\ICROSO~1.NET\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [Mvhv] "C:\Program Files\Common Files\?ystem\m?hta.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?

O20 - Winlogon Notify: hgghhhi - hgghhhi.dll (file missing)
O20 - Winlogon Notify: mljhiih - mljhiih.dll (file missing)
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

crunchie 990 Most Valuable Poster

16 Years Ago

Not sure about the following entry, so if you know what it is, leave it.

===============

Scan with HijackThis and then place a check next to all the following, if present:

O21 - SSODL: zip - {aa5e4c93-e73c-4f6b-a3a6-df65be2ec346} - C:\WINDOWS\Installer\{aa5e4c93-e73c-4f6b-a3a6-df65be2ec346}\zip.dll

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\WINDOWS\Installer

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

crunchie 990 Most Valuable Poster

16 Years Ago

Run hijackthis and hit the Open the Misc Tools Section and then the Open Uninstall Manager.

Then hit the Save List button. Save to the desktop for easy access. Open the log file and copy the entire list and paste it here please.

===========

Copy the bold text below and paste it into notepad. Save it to your desktop as find.bat and make sure type is set to All Files.

cd\
cd Program Files
DIR /AD /B /P > ProgramFiles.txt
start ProgramFiles.txt
cls
exit

Double click find.bat and let it run for a minute. It will open up a report in notepad. Please copy that text and post it here in your next reply.

crunchie 990 Most Valuable Poster

16 Years Ago

Uninstall the following;

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 3

Download the latest Java from Sun. http://www.java.com/en/download/index.jsp

==

Delete the following folder from Program Files folder;

TryMedia

==

Please download and install AVG antispyware tool

Close all other Applications Select language click Ok
Click I Agree
Click next
Click Install
Click Finish
Wait and AVG antispyware will open to the main screen automatically.
Wait again a few minutes and AVG antispyware Should Auto update itself. If it doesn't click update at top of screen.
It is very important that you get updated
When updating has finished. Close AVG antispyware.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

Next, please reboot your computer in Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear use arrow up to highlight
Select the first option, to run Windows in Safe Mode hit enter.
For additional help in booting into Safe Mode, see the following site: HERE
You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while AVG antispyware performs its scan!

Run AVG antispyware.
Click on scanner at top of AVG antispyware screen.
Click on Settings.
Under How to Act click on Recommended Action and choose Quarantine.
Under How to scan all boxes should be selected.
Under Possibly unwanted software all boxes should be selected.
On right side under Reports: click on Do not automatically generate report after every scan.
Under What to scan select scan every file.
Click On scan Tab.
Click on Complete system scan.
Let the program scan the machine It can take awhile give it time.
When scan has finished at bottom of screen click Apply all Actions.
Click Save report
Click Save Report as (Save as window's screen should pop up.)
Click desktop.
Click Save.
Exit AVG antispyware.

Reboot back to normal mode.
Post the log here.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

tutonk 0 Light Poster · Answer 1 · 2008-03-15T19:35:33+00:00

It's been about a week and still no help on this problem. It continues to pop up, pretty much anytime I start IE. A few additional things I've noted is that my Symantec Anti-virus is frequently finding two files infected with Adware.Puritysys. Those files are wuaclt.exe and m?hta.exe. It also found a Trojan.Vundo risk, associated with hgghhhi.dll. The problem is that even when I let Symantec remove the risk, they keep coming back up, so obviously it's not completely cleaning the risk. I have re-run HJT and the new log is below. Please someone help. The laptop's performance is getting slower. I can't afford to let IT have it for a day or two, because I use this laptop for everything.

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:00 AM, on 3/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\system32\NA_Service.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\system32\UsbConnect.exe
C:\MSSQL7\binn\sqlagent.exe
C:\WINDOWS\system32\usbconsole.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\cjones\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grantindustrial.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Ultra Ping] C:\Program Files\Ultra Ping\silent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6
O4 - HKLM\..\Run: [BM87db34cf] Rundll32.exe "C:\WINDOWS\system32\dpicmlot.dll",s
O4 - HKLM\..\Run: [84e80753] rundll32.exe "C:\WINDOWS\system32\ueawralu.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tair] "C:\PROGRA~1\ICROSO~1.NET\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [Mvhv] "C:\Program Files\Common Files\?ystem\m?hta.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchPS.lnk = C:\Program Files\Pro-face\Pro-Server EX\PSEXTool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Cake Mania 2\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145374838981
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145374825749
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grantindustrial.com
O17 - HKLM\Software\..\Telephony: DomainName = grantindustrial.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grantindustrial.com
O21 - SSODL: zip - {aa5e4c93-e73c-4f6b-a3a6-df65be2ec346} - C:\WINDOWS\Installer\{aa5e4c93-e73c-4f6b-a3a6-df65be2ec346}\zip.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ICONICS License Server (GenRegistrar) (GenRegistrar) - Unknown owner - C:\Program Files\ICONICS\GENESIS-32\Bin\GenRegistrarServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pro-Server EX - Digital Electronics Corporation - C:\Program Files\Pro-face\Pro-Server EX\ProServr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\system32\UsbConnect.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10247 bytes

tutonk 0 Light Poster · Answer 2 · 2008-03-16T18:15:50+00:00

Done as requestd. The ComboFix log is copied below, with a fresh HJT posted below that. Please advise.

ComboFix 08-03-14.4 - cjones 2008-03-16  7:51:14.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.145 [GMT -5:00]
Running from: C:\Documents and Settings\cjones\desktop\ComboFix.exe
Command switches used :: /KillAll
* Created a new restore point


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.


C:\Program Files\icroso~1.net
C:\Program Files\icroso~1.net\?icrosoft.NET\
C:\Program Files\icroso~1.net\wuaclt.exe
C:\Temp\sanR24
C:\WINDOWS\BM87db34cf.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dipejewj.dll
C:\WINDOWS\system32\dpicmlot.dll
C:\WINDOWS\system32\hgghhhi.dll
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\jifyovrc.dll
C:\WINDOWS\system32\ljjgghh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\prqss.ini
C:\WINDOWS\system32\prqss.ini2
C:\WINDOWS\system32\qxgkicjy.ini
C:\WINDOWS\system32\ssqrp.dll
C:\WINDOWS\system32\ueawralu.dll
C:\WINDOWS\system32\ularwaeu.ini
C:\WINDOWS\system32\yiybbbnt.dll
C:\WINDOWS\system32\yjcikgxq.dll


.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.


-------\LEGACY_SFSYNC02
-------\sfsync02



(((((((((((((((((((((((((   Files Created from 2008-02-16 to 2008-03-16  )))))))))))))))))))))))))))))))
.


2008-03-11 08:54 . 2008-03-11 08:54 100 --a------   C:\WINDOWS\b104.exe.bin
2008-03-11 08:49 . 2008-03-11 08:49 100 --a------   C:\WINDOWS\b116.exe.bin
2008-03-11 08:44 . 2008-03-11 08:44 100 --a------   C:\WINDOWS\b138.exe.bin
2008-03-11 08:39 . 2008-03-11 08:39 100 --a------   C:\WINDOWS\b154.exe.bin
2008-03-11 08:34 . 2008-03-11 08:34 100 --a------   C:\WINDOWS\b152.exe.bin
2008-03-11 08:29 . 2008-03-11 08:29 100 --a------   C:\WINDOWS\b153.exe.bin
2008-03-09 22:19 . 2008-03-10 12:45 37,376  -ra------   C:\WINDOWS\mrofinu572.exe
2008-03-09 22:18 . 2008-03-16 07:52 <DIR>    d--------   C:\Temp
2008-03-05 10:40 . 2008-03-13 08:53 <DIR>    d--------   C:\Program Files\Common Files\Pro-face Shared
2008-03-04 11:32 . 2008-03-04 11:32 <DIR>    d--------   C:\WINDOWS\11784B13BB664EA9B4BC123E4773E145.TMP
2008-03-01 14:57 . 2008-03-01 14:57 <DIR>    d--------   C:\Documents and Settings\cjones\Application Data\iWinArcade
2008-02-28 12:23 . 2008-02-28 12:23 <DIR>    d--------   C:\Documents and Settings\cjones\Application Data\Viewpoint
2008-02-28 01:56 . 2008-02-28 01:56 <DIR>    d--------   C:\Documents and Settings\cjones\Saved Games
2008-02-25 09:28 . 2008-02-25 09:28 <DIR>    d--------   C:\Program Files\Common Files\Blizzard Entertainment
2008-02-24 12:31 . 2007-09-24 23:31 69,632  --a------   C:\WINDOWS\system32\javacpl.cpl
2008-02-22 21:49 . 2008-02-23 10:04 <DIR>    d--------   C:\Program Files\iWin.com
2008-02-22 18:33 . 2008-03-01 14:56 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\iWin Games
2008-02-22 18:24 . 2008-02-22 18:24 <DIR>    d--------   C:\Documents and Settings\cjones\Application Data\Media Center Programs
2008-02-22 18:22 . 2008-03-06 20:54 <DIR>    d--------   C:\Program Files\iWin.com Games
2008-02-21 14:31 . 2008-02-21 14:31 <DIR>    d--------   C:\Documents and Settings\cjones\Application Data\HP
2008-02-21 14:31 . 2008-02-21 14:31 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\HP
2008-02-21 14:31 . 2008-02-21 14:31 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-02-21 14:20 . 2008-02-21 14:22 <DIR>    d--------   C:\Program Files\Hewlett-Packard
2008-02-21 14:20 . 2008-02-21 14:20 <DIR>    d--------   C:\Program Files\Common Files\Hewlett-Packard
2008-02-21 14:19 . 2006-05-12 13:04 814,592 -ra------   C:\WINDOWS\system32\hpxp1017.dll
2008-02-21 14:19 . 2006-06-01 14:52 579,072 -ra------   C:\WINDOWS\system32\hpptsp01.dll
2008-02-21 14:19 . 2006-06-06 20:31 450,560 -ra------   C:\WINDOWS\system32\hppasc05.dll
2008-02-21 14:19 . 2004-08-03 22:58 15,104  --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-21 14:19 . 2004-08-03 22:58 15,104  --a------   C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-21 14:18 . 2006-06-06 20:30 323,584 -ra------   C:\WINDOWS\system32\hppcpr05.dll
2008-02-21 14:18 . 2006-04-03 19:22 668 -ra------   C:\WINDOWS\system32\hppapr05.dat
2008-02-21 14:18 . 2008-02-21 14:18 143 --a------   C:\WINDOWS\system32\AddPort.ini
2008-02-21 14:17 . 2008-02-21 14:18 705 --a------   C:\WINDOWS\hpntwksetup.ini
2008-02-21 14:14 . 2004-08-03 23:01 25,856  --a------   C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-21 14:14 . 2004-08-03 23:01 25,856  --a------   C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-21 14:13 . 2008-02-21 14:23 <DIR>    d--------   C:\Program Files\HP
2008-02-21 14:11 . 2008-02-21 14:11 <DIR>    d--------   C:\Program Files\Common Files\SWF Studio
2008-02-21 14:11 . 2008-02-21 14:32 110,011 --a------   C:\WINDOWS\hppins06.dat
2008-02-21 14:11 . 2006-06-23 13:12 1,320   ---------   C:\WINDOWS\hppmdl06.dat
2008-02-17 17:25 . 2008-03-06 09:08 <DIR>    d--------   C:\Program Files\BFG
2008-02-16 19:56 . 2008-03-07 09:55 <DIR>    d--------   C:\Documents and Settings\cjones\Application Data\Microsoft Games


.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-16 13:02    ---------   d-----w C:\Program Files\Symantec AntiVirus
2008-03-14 14:03    ---------   d-----w C:\Documents and Settings\cjones\Application Data\AdobeUM
2008-03-07 14:57    ---------   d--h--w C:\Program Files\InstallShield Installation Information
2008-03-05 15:34    ---------   d-----w C:\Program Files\Pro-face
2008-03-01 21:31    ---------   d-----w C:\Documents and Settings\cjones\Application Data\iWin
2008-02-28 17:23    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-24 17:31    ---------   d-----w C:\Program Files\Java
2008-02-23 14:37    ---------   d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 14:51    ---------   d-----w C:\Documents and Settings\cjones\Application Data\webex
2008-02-06 21:16    ---------   d-----w C:\Documents and Settings\cjones\Application Data\PlayFirst
2008-02-06 21:16    ---------   d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-02-06 16:14    6   ---h--w C:\WINTAY.DAT
2008-02-05 21:29    ---------   d-----w C:\Program Files\TechSmith
2008-02-05 21:29    ---------   d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-02-05 21:25    ---------   d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-05 21:03    ---------   d-----w C:\Program Files\NetWaiting
2008-02-05 21:03    ---------   d-----w C:\Program Files\Modem Helper
2008-02-05 21:03    ---------   d-----w C:\Program Files\bfgclient
2008-02-05 21:03    ---------   d-----w C:\Program Files\Apoint
2008-01-25 19:53    ---------   d-----w C:\Program Files\Aveyond
2008-01-25 19:48    65,536  ----a-w C:\Breflect.dat
2008-01-25 19:48    65,536  ----a-w C:\Bmix.dat
2008-01-25 17:42    ---------   d-----w C:\Program Files\TryMedia
2008-01-16 20:10    ---------   d-----w C:\Program Files\Schneider
2007-09-05 14:27    56,912  ----a-w C:\Documents and Settings\cjones\g2mdlhlpx.exe
2007-06-20 15:46    152 --sh--r C:\WINDOWS\system32\3DCBD18488.dll
.


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{182C7ED7-E56D-4509-9D9B-AC49318D9895}]
C:\WINDOWS\system32\mljhiih.dll


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"Tair"="C:\PROGRA~1\ICROSO~1.NET\wuaclt.exe" [ ]
"Mvhv"="C:\Program Files\Common Files\?ystem\m?hta.exe" [ ]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 19:13 176128]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 23:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 23:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 23:45 118784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 15:08 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 397312 C:\WINDOWS\stsystra.exe]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 11:26 98304]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29 49152]
"ShowLOMControl"="1 (0x1)" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 14:52 48752]
"Ultra Ping"="C:\Program Files\Ultra Ping\silent.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 08:43 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]


C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1996-11-16 23:00:00 51984]


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-12 19:00:03 24576]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 08:39:02 192512]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
LaunchPS.lnk - C:\Program Files\Pro-face\Pro-Server EX\PSEXTool.exe [2007-02-08 12:07:58 159744]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuPinnedList"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoToolbarCustomize"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)


[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{182C7ED7-E56D-4509-9D9B-AC49318D9895}"= C:\WINDOWS\system32\mljhiih.dll [ ]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"zip"= {aa5e4c93-e73c-4f6b-a3a6-df65be2ec346} - C:\WINDOWS\Installer\{aa5e4c93-e73c-4f6b-a3a6-df65be2ec346}\zip.dll [2008-03-06 09:11 38438]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgghhhi]
hgghhhi.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhiih]
mljhiih.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winowl32]
winowl32.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wxvault.dll


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=


R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys [2005-12-09 15:35]
R2 NA_Service;NetAccess Service;C:\WINDOWS\system32\NA_Service.exe [2005-09-13 15:22]
R2 UsbConnect;Usb PLC;C:\WINDOWS\system32\UsbConnect.exe [2004-03-26 22:10]
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 12:22]
R3 duntlw;UNTLW device;C:\WINDOWS\system32\Drivers\DuntlwNT.sys [2006-02-24 15:42]
R3 vrcombus;Virtual COM Ports Bus Enumerator;C:\WINDOWS\system32\DRIVERS\vrcombus.sys [2006-11-23 18:33]
R3 vrcomgdrv;%vrcomgdrv.SVCDESC%;C:\WINDOWS\system32\DRIVERS\vrcomgdrv.sys [2006-05-10 20:47]
S2 Machnm32;Machnm32 Driver;C:\WINDOWS\System32\Machnm32.sys []
S2 MLPTDR_B;MLPTDR_B;C:\WINDOWS\system32\MLPTDR_B.sys [2003-09-02 16:06]
S3 IPCTYPE;IPCTYPE;C:\Program Files\Pro-face\GP-Pro EX 2.00 E\IPCType.sys []
S3 plcusb;usb Cable for PLC;C:\WINDOWS\system32\DRIVERS\plcusb.sys [2005-03-29 15:57]
S3 Pro-Server EX;Pro-Server EX;C:\Program Files\Pro-face\Pro-Server EX\ProServr.exe [2007-03-26 12:02]
S3 vrcomudrv;%vrcomudrv.SVCDESC%;C:\WINDOWS\system32\DRIVERS\vrcomudrv.sys [2006-05-10 20:47]


.
**************************************************************************


catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 08:03:49
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...


scan completed successfully
hidden files: 0


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------


PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\WINDOWS\Installer\{aa5e4c93-e73c-4f6b-a3a6-df65be2ec346}\zip.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\system32\usbconsole.exe
C:\MSSQL7\binn\sqlagent.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
.
**************************************************************************
.
Completion time: 2008-03-16  8:07:20 - machine was rebooted
ComboFix-quarantined-files.txt  2008-03-16 13:07:15



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:10, on 2008-03-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\system32\NA_Service.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\system32\UsbConnect.exe
C:\WINDOWS\system32\usbconsole.exe
C:\MSSQL7\binn\sqlagent.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Documents and Settings\cjones\Desktop\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grantindustrial.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {182C7ED7-E56D-4509-9D9B-AC49318D9895} - C:\WINDOWS\system32\mljhiih.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ultra Ping] C:\Program Files\Ultra Ping\silent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tair] "C:\PROGRA~1\ICROSO~1.NET\wuaclt.exe" -vt yazb
O4 - HKCU\..\Run: [Mvhv] "C:\Program Files\Common Files\?ystem\m?hta.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchPS.lnk = C:\Program Files\Pro-face\Pro-Server EX\PSEXTool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Cake Mania 2\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145374838981
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145374825749
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grantindustrial.com
O17 - HKLM\Software\..\Telephony: DomainName = grantindustrial.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grantindustrial.com
O20 - Winlogon Notify: hgghhhi - hgghhhi.dll (file missing)
O20 - Winlogon Notify: mljhiih - mljhiih.dll (file missing)
O20 - Winlogon Notify: winowl32 - winowl32.dll (file missing)
O21 - SSODL: zip - {aa5e4c93-e73c-4f6b-a3a6-df65be2ec346} - C:\WINDOWS\Installer\{aa5e4c93-e73c-4f6b-a3a6-df65be2ec346}\zip.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ICONICS License Server (GenRegistrar) (GenRegistrar) - Unknown owner - C:\Program Files\ICONICS\GENESIS-32\Bin\GenRegistrarServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pro-Server EX - Digital Electronics Corporation - C:\Program Files\Pro-face\Pro-Server EX\ProServr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\system32\UsbConnect.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


--
End of file - 10090 bytes

tutonk 0 Light Poster · Answer 3 · 2008-03-16T20:46:16+00:00

Just noticed an additional problem, not sure if it's serious or not, but ComboFix set my PC clock to a 24-hr format (13:00 for 1:00 PM, etc), but did not reset it back. I am going to re-run ComboFix again to see if it was just a mini glitch, but figured I'd put it out here just in case.

tutonk 0 Light Poster · Answer 4 · 2008-03-17T04:30:42+00:00

The PC seems to be running more like normal. Not seeing HD activity light for very long during boot up. My Symantec Anti-Virus however, is not coming up at Start-up, but that is probably something very simple.

The new HJT log is copied below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23, on 2008-03-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\system32\NA_Service.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\system32\UsbConnect.exe
C:\WINDOWS\system32\usbconsole.exe
C:\MSSQL7\binn\sqlagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\cjones\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grantindustrial.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ultra Ping] C:\Program Files\Ultra Ping\silent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchPS.lnk = C:\Program Files\Pro-face\Pro-Server EX\PSEXTool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Cake Mania 2\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145374838981
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145374825749
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grantindustrial.com
O17 - HKLM\Software\..\Telephony: DomainName = grantindustrial.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grantindustrial.com
O21 - SSODL: zip - {aa5e4c93-e73c-4f6b-a3a6-df65be2ec346} - C:\WINDOWS\Installer\{aa5e4c93-e73c-4f6b-a3a6-df65be2ec346}\zip.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ICONICS License Server (GenRegistrar) (GenRegistrar) - Unknown owner - C:\Program Files\ICONICS\GENESIS-32\Bin\GenRegistrarServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pro-Server EX - Digital Electronics Corporation - C:\Program Files\Pro-face\Pro-Server EX\ProServr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\system32\UsbConnect.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10388 bytes

tutonk 0 Light Poster · Answer 5 · 2008-03-18T06:41:35+00:00

Cleaned as requested. Sorry it took so long to get this posted, but I just received the email that there was a post here just before I left for work this morning. Anyway. That said, I ran the scan this morning. My Symantec Anti-Virus still finds a few Adware.Puritysys entries. My apologies, however, that I did not write down the offending files. They did have A00 at the beginning of them all.

Here is the latest HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43, on 2008-03-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\system32\NA_Service.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\system32\UsbConnect.exe
C:\WINDOWS\system32\usbconsole.exe
C:\MSSQL7\binn\sqlagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Documents and Settings\cjones\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grantindustrial.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ultra Ping] C:\Program Files\Ultra Ping\silent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchPS.lnk = C:\Program Files\Pro-face\Pro-Server EX\PSEXTool.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Cake Mania 2\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145374838981
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145374825749
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grantindustrial.com
O17 - HKLM\Software\..\Telephony: DomainName = grantindustrial.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grantindustrial.com
O21 - SSODL: zip - {aa5e4c93-e73c-4f6b-a3a6-df65be2ec346} - C:\WINDOWS\Installer\{aa5e4c93-e73c-4f6b-a3a6-df65be2ec346}\zip.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ICONICS License Server (GenRegistrar) (GenRegistrar) - Unknown owner - C:\Program Files\ICONICS\GENESIS-32\Bin\GenRegistrarServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pro-Server EX - Digital Electronics Corporation - C:\Program Files\Pro-face\Pro-Server EX\ProServr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\system32\UsbConnect.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10467 bytes

tutonk 0 Light Poster · Answer 6 · 2008-03-18T16:55:00+00:00

Here is the HJT Uninstall List:

Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Standard
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
Advantys Configuration Software
AllyCAD 3.5 Freeware
ALPS Touch Pad Driver
Apple Software Update
Aveyond
Aveyond (remove only)
Big Fish Games Client
Broadcom Advanced Control Suite
Broadcom TPM Driver Installer
Concept V2.6 XL EN SR3
Conexant HDA D110 MDC V.92 Modem
ConneXview
Crown Print Monitor+
Dell Embassy Trust Suite by Wave Systems
Dell Wireless WLAN Card
Digital Line Detect
Direct Show Ogg Vorbis Filter (remove only)
DirectX Media Runtime 5.1
Document Manager Lite
eDrawings 2007
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
ETS Launch Pad
Extra M.A.M.E. version 4.8
GP-Pro EX 1.9 TransferTool
GP-Pro EX 2.01 E Project Converter
GP-Pro EX 2.01 E TransferTool
GP-Pro EX 2.1 Project Converter
GP-Pro EX 2.1 TransferTool
GP-Pro EX MovieConverter
GP-PRO/PBIII C-Package03
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HP Color LaserJet CM1015/CM1017 MFP 1.0
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Software Update
HP Solution Center 7.0
ICONICS Software Licensing
Inspection Builder
Intel(R) Graphics Media Accelerator Driver
Internal Network Card Power Management
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 3
KONICA MINOLTA magicolor 2300 DL Printer Driver Software
LiveUpdate 2.6 (Symantec Corporation)
LT EditorV2.0
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Macromedia FreeHand MXa
magicolor 2300 DL
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office 97, Professional Edition
Microsoft Office Basic Edition 2003
Microsoft Office Live Meeting 2005
Microsoft Visio Professional 2002 SR-1 [English]
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Media Video 9 VCM
Modem Helper
Modicon M340 design
MSDE
NetWaiting
NevoSoft MagicRings (remove only)
NTRU Hybrid TSS v2.0.7
OCR Software by I.R.I.S 7.0
Office Animation Runtime
Package Premium design
Pass-Through Configuration Tool
PCS 5.5
PowerDVD 5.7
PowerSuite
Preboot Manager
Premium design
Private Information Manager
Pro-Designer
Pro-Designer
Pro-Designer Runtime
Pro-Server EX Developer
Pro-Server EX Runtime
ProWORX 32
ProWORX NxT
Quick Designer Advanced v3.70
QuickSet
QuickTime
SA Drivers Manager
SA MODBUS Driver
SA PLC USB Driver
SA UNITELWAY WDM Driver
Schneider Electric\ATV68Soft
Secure Update
Security Wizards
SnagIt 8
Symantec AntiVirus
TwidoSoft
Ultra Ping Pro 2.1
UltraVNC v1.0.2
Unity Loader 1.0
Unity Pro XL V3.0-SP2
Update for Windows XP (KB898461)
URL Assistant
Venture
Wave Infrastructure Installer
Wave Support Software
WebEx
XBT-L1000 V4.48
Yahoo! Messenger
Zelio Soft 2 v2.0.7
ZelioSoft PC
ZelioSoft PPC

Here are the results of the Find.bat code.

Adobe
Alawar
Allen-Bradley
Apoint
Apple Software Update
Aveyond
BAE
BestOn
BFG
bfgclient
Broadcom
Citrix
Colasoft MAC Scanner 1.1
Common Files
ComPlus Applications
CONEXANT
CyberLink
Dell
Digital Line Detect
Google
Hewlett-Packard
HP
InstallShield Installation Information
Internet Explorer
iWin.com
iWin.com Games
Java
KONICA MINOLTA
Macromedia
Messenger
Microsoft ActiveSync
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
MINOLTA-QMS
Modem Helper
Movie Maker
MSN
MSN Gaming Zone
NetMeeting
NetWaiting
NTRU Cryptosystems
OfficeUpdate11
Online Services
Outlook Express
PowerPanel
Pro-face
ProSoft Technology Inc
QuickTime
Real
Schneider
Schneider Electric
Seagate Software
SearchAssist
Sigmatel
Square D Company
Symantec
Symantec AntiVirus
TechSmith
TryMedia
UltraVNC
Uninstall Information
Viewpoint
Wave Systems Corp
Web Publish
Windows Media Player
Windows NT
WindowsUpdate
WMV9_VCM
xerox
Yahoo!
Zero G Registry

tutonk 0 Light Poster · Answer 7 · 2008-03-19T09:40:21+00:00

Programs uninstalled, Folder Deleted. Scan completed. The log is copied below. I did not re-download and install the most recent Java yet, but will finish that at work tomorrow.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:28 2008-03-18

+ Scan result:

C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP418\A0058657.dll -> Adware.BHO : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP420\A0058827.exe -> Downloader.Agent.krh : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP421\A0058870.exe -> Downloader.Agent.krh : Cleaned.
C:\QooBox\Quarantine\C\Program Files\ICROSO~1.NET\wuaclt.exe.vir -> Downloader.PurityScan.fj : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@capitalone.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@electronicarts.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@firstpremierbankcard.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@k12.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@dealtime[2].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wakyclcpigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wbkykgdjahq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wblooodpigo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wck4shc5aho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wclokgajkhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wclokgdpigp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wcmiondzsgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wcmiuhdjeao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wcmyundjofp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfk4emd5clo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfk4wmczaep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfkichdjmfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfkiendzoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfkogmcpmhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfkosldpscq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfkyolcpihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfl4ahczwfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfl4elc5mkp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfl4giczafp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wflospczoho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wflysicjmep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfmieoc5aap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfmiohdjmco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfmiwodpceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfmykocjmhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wfmywpdzekq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wgkoeidzifo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wgkoopdpchq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wgkyeoczmlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wgmiajcpkep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6whligic5gap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6whligidzako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjk4alcpokq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjk4eidzwfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjk4wgd5elp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjk4whczclo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjk4wlajafo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjk4wldpedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjkocmazihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjkogiazokp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjkoogajchq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjkykod5gdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjl4apdjmap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjl4ggazkfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjl4ojdjsbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjliaid5ceq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjloonc5mep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjlouodpwco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjlycpazahp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjlyumajolo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjmicmcpgdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjny-1jdzil.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjnyaoc5igo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjnycidpabp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjnyqjdjglp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjnyqoazoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@e-2dj6wjnyumajago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ehg-darksideprod.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ehg-kodak.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ehg-reddoorinteractive.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ehg-viacom.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@search.msn[2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@counter10.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Administrator.GRANTINDUSTRIAL\Cookies\administrator@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\cjones\Cookies\cjones@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.

::Report end

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 8 · 2008-03-19T14:29:21+00:00

Let me know if Symantec alerts you still. It looks like AVG got rid of soe entries related to Purityscan.

tutonk 0 Light Poster · Answer 9 · 2008-03-21T00:59:37+00:00

I'm not getting the Spyware Removal ads and Symantec did a full scan and found no threats. At this point, I see a couple of minor things that may or may not be related to the original infection.

1. The system clock is still running in 24-hour format.

2. The Symantec Anti-Virus software is still not starting up with the PC.

3. I've noticed that anytime a web page opens, there is a short delay (maybe up to 5-10 seconds), from where the page loads to the point where I can scroll around the page.

Anything that can be done about these?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 10 · 2008-03-21T06:11:15+00:00

Symantec will probably have to be reinstalled, but if your subscription is nearly finished, I would consider dumping it for Avast (free) or AVG (free) or if you want to purchase one the, NOD32 or Kaspersky.

==

Let's get rid of Combofix now that we are finished with it. Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

When shown the disclaimer, Select "2"

The above procedure will: Delete the following: ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

tutonk 0 Light Poster · Answer 11 · 2008-03-22T07:34:08+00:00

I've tried running the Combofix /u several times. Each time it runs, and pops up a message the Combofix is uninstalled. I've had to re-download ComboFix at least 3 times. the system clock is still showing a 24-hour format, so the Combofix /u is not working. Anything else to try?

tutonk 0 Light Poster · Answer 12 · 2008-03-24T03:43:10+00:00

The computer has been running ok, not great, but it is pretty loaded down being a work lapto and all. This afternoon, the "Your Computer is Infected" stuff started again. My Symantec AV picked up a bunch of stuff on it's AutoProtect. I decided to run HJT again, since apparently the cleaning procedure didn't get everything.

The log is below, but first I've tried to copy the risks and associated files that Symantec found.

Risk: Downloader; Files: bskl428.exe, krab[1].exe, 1103[1].exe
Risk: Trojan.Pandex; Files: TOR_1_~.exe, tor[1].exe
Risk: Trojan:Peacomm; Files: ldig0031242[1].exe
Risk: Trojan.Srizbi; Files: bskl452.exe, igor[2].exe

Newest HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31, on 2008-03-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\winlast.exe
C:\WINDOWS\system32\wnslogan.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\system32\NA_Service.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\system32\UsbConnect.exe
C:\WINDOWS\system32\usbconsole.exe
C:\MSSQL7\binn\sqlagent.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\wind32.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\cjones\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ultra Ping] C:\Program Files\Ultra Ping\silent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchPS.lnk = C:\Program Files\Pro-face\Pro-Server EX\PSEXTool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Cake Mania 2\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145374838981
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145374825749
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://w1.webex.com/client/T26L10NSP49/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grantindustrial.com
O17 - HKLM\Software\..\Telephony: DomainName = grantindustrial.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grantindustrial.com
O21 - SSODL: zip - {aa5e4c93-e73c-4f6b-a3a6-df65be2ec346} - C:\WINDOWS\Installer\{aa5e4c93-e73c-4f6b-a3a6-df65be2ec346}\zip.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ICONICS License Server (GenRegistrar) (GenRegistrar) - Unknown owner - C:\Program Files\ICONICS\GENESIS-32\Bin\GenRegistrarServer.exe (file missing)
O23 - Service: Google Online Search Service - 2nd - Unknown owner - C:\WINDOWS\system32\winlast.exe
O23 - Service: Googles Onlines Search Services - Unknown owner - C:\WINDOWS\system32\wnslogan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pro-Server EX - Digital Electronics Corporation - C:\Program Files\Pro-face\Pro-Server EX\ProServr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\system32\UsbConnect.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10483 bytes

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 13 · 2008-03-24T14:02:06+00:00

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

Restart your computer
After hearing your computer beep once during startup, but before the
Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract
All,
Open the extracted folder and double click RunThis.bat to
start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the
registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool
will be running and removing files.
When the desktop loads the Fixtool will complete the removal and
display Finished, then press any key to end the script and load
your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the
contents of the results file Report.txt back onto the forum with
a new HijackThis log

tutonk 0 Light Poster · Answer 14 · 2008-03-25T07:10:55+00:00

No Symantec warnings for a while after running SDFix. However, the system clock is still in 24 hour format.

SDFix Log:


SDFix: Version 1.160 


Run by cjones on 2008-03-24 at 20:48


Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\cjones\Desktop\SDFix\SDFix


Checking Services :


Name:
Google Online Search Service - 2nd
Googles Online Search Services
yeyqase


Path:
C:\WINDOWS\system32\winlast.exe -A
C:\WINDOWS\system32\wnslogan.exe -A
\??\C:\WINDOWS\system32\ras\yeyqase.mis


Google Online Search Service - 2nd - Deleted
Googles Onlines Search Services - Deleted
yeyqase - Deleted


Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting


Checking Files :


Trojan Files Found:


C:\WINDOWS\Installer\{aa5e4c93-e73c-4f6b-a3a6-df65be2ec346}\zip.dll - Deleted
C:\4A.TMP - Deleted
C:\4B.TMP - Deleted
C:\4C.TMP - Deleted
C:\4D.TMP - Deleted
C:\45.TMP - Deleted
C:\WINDOWS\system32\bskl230.exe - Deleted
C:\WINDOWS\system32\bskl374.exe - Deleted
C:\WINDOWS\system32\bskl428.exe - Deleted
C:\WINDOWS\system32\bskl888.exe - Deleted
C:\WINDOWS\system32\svchost.t__  - Deleted
C:\WINDOWS\system32\winlast.exe  - Deleted
C:\WINDOWS\system32\winlast.tmp  - Deleted
C:\WINDOWS\system32\winlogans.tmp  - Deleted
C:\WINDOWS\system32\wnslogan.exe  - Deleted
C:\WINDOWS\winlogon.exe  - Deleted
C:\WINDOWS\system32\ras\yeyqase.mis  - Deleted


Folder C:\WINDOWS\Installer\{aa5e4c93-e73c-4f6b-a3a6-df65be2ec346} - Removed
Folder C:\Program Files\Helper - Removed



Removing Temp Files


ADS Check :


Final Check :


catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 20:54:34
Windows 5.1.2600 Service Pack 2 NTFS


scanning hidden processes ...


scanning hidden services & system hive ...


scanning hidden registry entries ...


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wxvault.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710


scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :


Authorized Application Key Export:


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"c:\\48.tmp"="c:\\48.tmp:*:Enabled:Windows Update"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files :



File Backups: - C:\DOCUME~1\cjones\Desktop\SDFix\SDFix\backups\backups.zip


Files with Hidden Attributes :


Thu  6 Dec 2007        79,872 A..H. --- "C:\Customer Files\Severn Trent\~WRL3786.tmp"
Wed 18 Jul 2007       791,880 ...H. --- "C:\Program Files\Aveyond\Aveyond.exe"
Wed 20 Jun 2007           152 ..SHR --- "C:\WINDOWS\system32\3DCBD18488.dll"
Fri  6 Apr 2007       389,592 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.00 E\OP\Setup.exe"
Tue  6 Mar 2007    34,313,066 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.00 E\OP\STMAE.exe"
Tue  6 Mar 2007    29,355,573 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.00 E\OP\STMAJ.exe"
Tue  9 Oct 2007       369,640 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.1\OP\AGPESetup.exe"
Mon 20 Aug 2007       370,355 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.1\OP\ASTSetup.exe"
Fri 12 Oct 2007    41,458,539 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.1\OP\STMAE.exe"
Fri 12 Oct 2007    44,799,457 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.1\OP\STMAJ.exe"
Thu 31 Jan 2008       369,694 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.19\OP\AGPESetup.exe"
Thu 31 Jan 2008       369,923 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.19\OP\ASTSetup.exe"
Thu 28 Feb 2008       376,719 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.19\OP\OSPSetup.exe"
Mon 28 Jan 2008    41,458,542 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.19\OP\STMAE.exe"
Mon 28 Jan 2008    44,799,462 A..H. --- "C:\Program Files\Pro-face\GP-Pro EX 2.19\OP\STMAJ.exe"
Thu 20 Mar 2008        40,960 A..H. --- "C:\Program Files\Schneider Electric\Unity Pro 3.1\Security\SERVER.DLL"
Thu  6 Dec 2007        79,872 A..H. --- "C:\RECYCLER\S-1-5-21-3427813109-3177332317-1261852390-1007\Dc37\Severn Trent\~WRL3786.tmp"
Fri 24 Aug 2007       369,645 A..HR --- "C:\WINDOWS\Installer\$PatchCache$\Managed\3D20C2F2C33E7FA4F8BF0E979BCE992E\2.10.0\agpesetup.exe"
Mon 27 Aug 2007    41,525,379 A..HR --- "C:\WINDOWS\Installer\$PatchCache$\Managed\3D20C2F2C33E7FA4F8BF0E979BCE992E\2.10.0\stmae.exe"
Mon 27 Aug 2007    45,060,161 A..HR --- "C:\WINDOWS\Installer\$PatchCache$\Managed\3D20C2F2C33E7FA4F8BF0E979BCE992E\2.10.0\stmaj.exe"
Tue  6 Mar 2007       389,288 A..HR --- "C:\WINDOWS\Installer\$PatchCache$\Managed\5A73B16BF4E04E54CB0DD7CA1286AD3F\2.0.100\setup.exe"


Finished!



HJT Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05, on 2008-03-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\system32\NA_Service.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\system32\UsbConnect.exe
C:\WINDOWS\system32\usbconsole.exe
C:\MSSQL7\binn\sqlagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\cjones\Desktop\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grantindustrial.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ultra Ping] C:\Program Files\Ultra Ping\silent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchPS.lnk = C:\Program Files\Pro-face\Pro-Server EX\PSEXTool.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Cake Mania 2\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145374838981
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145374825749
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://w1.webex.com/client/T26L10NSP49/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grantindustrial.com
O17 - HKLM\Software\..\Telephony: DomainName = grantindustrial.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grantindustrial.com
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ICONICS License Server (GenRegistrar) (GenRegistrar) - Unknown owner - C:\Program Files\ICONICS\GENESIS-32\Bin\GenRegistrarServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pro-Server EX - Digital Electronics Corporation - C:\Program Files\Pro-face\Pro-Server EX\ProServr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\system32\UsbConnect.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE


--
End of file - 9713 bytes

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 15 · 2008-03-25T15:13:27+00:00

Looks good. For the time, go to Control Panel, Regional and Language Options and click Customize next to the displayed language. Select the time tab and alter the format. HH for 24 hour, hh for 12 hour.

Spyware Removal Ads

Recommended Answers Collapse Answers

All 20 Replies

Recommended Answers