honey_sucker7814
-
Content Count
12 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by honey_sucker7814
-
-
i ran MAMB and deleted the spyware in safemode.Used CCCLeaner to clean the registry. In safe mode i restored my pc to a week before and the virus is gone.
I ran MAMB to clean up the System Volume Information drive as the spyware is still showing up in the system restores. Used AVG and MAMB to clean up everything.
This spyware comes back when started in normal mode along with the Windows Security center. Windows security center doesnt start in safe mode. I can access the System restore in safe mode.
Now my system is spyware free.
Thaanks for your help my friend.
Much appreciated.
-
It doesnt tell the dll name.
There are weird characters like @#$bxo....dll in the "Unable to Locate Component" box.
-
Hi,
I cannot run KillBox on the infected PC. The application failed to start because !@#$%^&*(.dll was not found.Re-installation the app will fix the problem.
-
Looks like it is stuck at the Registry. Looks like it is not able to unregister the vmreg.dll.
If it helps - I tried to unregister the vmreg.dll earlier.But i could not. Maybe your application is also not able to uninstall.
I am comfortable with unregistering dll's,playing with regedit etc. Let me know
-
When i pasted into the yellow box and clickde on MoveIt button. I am waiting for the past 10 mins and nothing seems to be happening. I saw the Process explorer.exe killed successfully.
After that there is REGISTRY and it is staying there for the past 10 mins.
Should this be taking so long.
-
Here you go my friend....
task.txt
Export SharedTaskScheduler key
------------------------------
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:39, on 12/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\ODI\OStore\BIN\OSCMGR6.EXE
C:\ODI\OStore\BIN\OSSERVER.EXE
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe
C:\SiebelAnalytics\Bin\NQSComGateway.exe
C:\SiebelAnalytics\Bin\nqsserver.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\AccessManager\Client\sygman.exe
C:\WINDOWS\system32\kktools\userdump.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\SiebelAnalytics\SQLAnywhere\dbeng8.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\LANDesk\LDClient\LDISCN32.EXE
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\winscenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.merck.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.21.1.117:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [MerckPrivateDataCheck] cachedos C:\Windows\System32\MyLocalDataShorcutcheck.vbs
O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [LANDeskInventoryClient] "C:\Program Files\LANDesk\LDClient\LDISCN32.EXE" /NTT=USSE1LDMSNA01.na.merckgroup.com:5007 /S="USSE1LDMSNA01.na.merckgroup.com" /I=HTTP://USSE1LDMSNA01.na.merckgroup.com/ldlogon/ldappl3.ldz /NOUI /W=900
O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /to=30
O4 - HKLM\..\Run: [LANDeskVulscanClient] "C:\Program Files\LANDesk\LDClient\vulScan.exe" /noreboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.merckgroup.com (HKLM)
O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://activex.microsoft.com/activex/contr...ce/outlctlx.CAB
O16 - DPF: {00D9C306-6B11-492A-9AFC-C53CE30849CF} (Siebel SmartScript) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Smartscript.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://quickr02.merck.de/qp2.cab
O16 - DPF: {06314967-EECF-11D2-9D64-0000949887BE} (Siebel ERM eBriefings Offline Content Synchronization Control) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_ERM_ContentSync.cab
O16 - DPF: {0D68687A-A2A3-46EB-9ED9-956C83875A6C} (Siebel Marketing HTML Editor) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_HTML_Editor.cab
O16 - DPF: {169ADD4B-EE8B-4B27-B332-2941A82DA7E2} (Siebel Microsite Layout Designer) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Microsite_Layout.cab
O16 - DPF: {16C7BBB7-738A-47D7-956E-52DD9A166A9A} (Siebel Event Calendar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_Calendar.cab
O16 - DPF: {1D922C61-16AB-4179-8302-6B8A688C88D0} (CSSAxContainerCtrl Class) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Container_Control.cab
O16 - DPF: {332bd5a0-8000-11d7-b657-00c04faedb18} (Oracle JInitiator 1.1.8.22) -
O16 - DPF: {353F130D-72DB-4F14-B750-625F90D75D1B} (Siebel Test Automation) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Test_Automation.cab
O16 - DPF: {3E8C4740-70C5-439E-AE2F-16234083E248} (Siebel High Interactivity Framework) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_HI_Client.cab
O16 - DPF: {4514F46B-308B-401B-969D-B62E288158ED} (CSSFlexAxContainerCtrl Class) - http://localhost/19238/applets/SiebelAx_Co...ner_Control.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/42.20/uploader2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab
O16 - DPF: {48CE1C1F-092D-461C-A385-A0C3D19FE052} (Siebel iHelp) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_iHelp.cab
O16 - DPF: {5FCAD8CF-85C1-4FD9-BD04-995CBEBA5BEB} (Siebel Hospitality Gantt Chart) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Hospitality_Gantt.cab
O16 - DPF: {73EF83D1-DA75-4F58-8DB6-1CD6D8F9C8A1} (Siebel Calendar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Calendar.cab
O16 - DPF: {756E01C3-2CF9-4364-8724-B8C850CB0D50} (UInboxDynBtn Class) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_UInbox.cab
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Desktop_Integration.cab
O16 - DPF: {96A3E5AB-C228-4D1D-B31F-712BA35EE470} (Siebel Gantt Chart) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Gantt_Chart.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {C5FEEC93-506D-4B41-A38B-3A59BF5B41AB} (Siebel Callcenter Communications Toolbar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_CTI_Toolbar.cab
O16 - DPF: {C657D5D2-D725-4F0E-91A9-EA74647DCF84} (Siebel Marketing Allocation) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_Allocation.cab
O16 - DPF: {D6CC2526-859B-40C0-8515-1A47946478B6} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_OutBound_mail.cab
O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} (Siebel High Interactivity Framework) - http://uscallcenter.us-siebel.us-bos01.ser...x_HI_Client.cab
O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://ch1tt031.ch-gva01.serono.com/pam_us...x_HI_Client.cab
O16 - DPF: {E1E65027-5BB8-4186-A619-81E219274CC8} (ExecuteViewer2 Class) - http://usse1ldmsna01/common/ENUrcviewer.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ch2.serono.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {EFA4D912-2A19-4E6F-B681-4DC0C796FBD8} (Siebel SmartScript) - http://us1tt063/epharma_enu/19230/applets/...Smartscript.cab
O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} (CIC Ink Control) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\iTools.cab
O16 - DPF: {FB8A6B20-09DD-43D5-BF33-676DF96767F3} (Siebel High Interactivity Framework) - http://localhost/19238/applets/SiebelAx_HI_Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.merckgroup.com
O17 - HKLM\Software\..\Telephony: DomainName = na.merckgroup.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.merckgroup.com
O21 - SSODL: ieModule - {3A530F59-69CF-46B0-A6F9-AC1CBCB631A1} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {73E4214D-5483-4D82-AEFA-611C2EAB914A} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\rledtcblog.dll
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: DB2 Management Service (TAEVAL20) (DB2MGMTSVC_TAEVAL20) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe
O23 - Service: DB2 Security Server (TAEVAL20) (DB2NTSECSERVER_TAEVAL20) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2sec.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: ObjectStore Cache Manager R6.0 - eXcelon Corp. - C:\ODI\OStore\BIN\OSCMGR6.EXE
O23 - Service: ObjectStore Server R6.0 - eXcelon Corp. - C:\ODI\OStore\BIN\OSSERVER.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Siebel Analytics Java Host (sawjavahostsvc) - Unknown owner - C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe
O23 - Service: Siebel Analytics Server - Siebel Systems, Inc. - C:\SiebelAnalytics\Bin\NQSComGateway.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 17093 bytes
FYI:::The spyware keeps coming up...
-
I cannot find BFU.exe in the link that you provided me.
-
Thanks a lot for your help...
SmitFraudFix v2.387
Scan done at 23:16:16.89, Sun 12/28/2008
Run from C:\Documents and Settings\M157236.DNNA\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\reged.exe Deleted
C:\WINDOWS\spoolsystem.exe Deleted
C:\WINDOWS\sys.com Deleted
C:\WINDOWS\syscert.exe Deleted
C:\WINDOWS\sysexplorer.exe Deleted
C:\WINDOWS\vmreg.dll Deleted
C:\DOCUME~1\M15723~1.DNN\STARTM~1\Programs\Spyware Guard 2008 Deleted
C:\DOCUME~1\M15723~1.DNN\Desktop\Spyware Guard 2008.lnk Deleted
C:\Program Files\Spyware Guard 2008\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
DNS Server Search Order: 68.87.71.226
DNS Server Search Order: 68.87.73.242
DNS Server Search Order: 68.87.64.146
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Once i rebooted, the Spyware guard came right away. Once i reboot, i get the Windows Security center window and then comes the spyware guard stuff.
Really appreciate your help...
-
Here is the output from Smitfraudfix
SmitFraudFix v2.387
Scan done at 15:38:17.23, Sat 12/27/2008
Run from C:\Documents and Settings\M157236.DNNA\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\ODI\OStore\BIN\OSCMGR6.EXE
C:\ODI\OStore\BIN\OSSERVER.EXE
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe
C:\SiebelAnalytics\Bin\NQSComGateway.exe
C:\SiebelAnalytics\Bin\nqsserver.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\AccessManager\Client\sygman.exe
C:\WINDOWS\system32\kktools\userdump.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\SiebelAnalytics\SQLAnywhere\dbeng8.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\winscenter.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\LANDesk\LDClient\LDISCN32.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cidaemon.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» H:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\reged.exe FOUND !
C:\WINDOWS\spoolsystem.exe FOUND !
C:\WINDOWS\sys.com FOUND !
C:\WINDOWS\syscert.exe FOUND !
C:\WINDOWS\sysexplorer.exe FOUND !
C:\WINDOWS\vmreg.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\M157236.DNNA
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\M15723~1.DNN\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\M157236.DNNA\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\M15723~1.DNN\STARTM~1\Programs\Spyware Guard 2008 FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\M15723~1.DNN\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\M15723~1.DNN\Desktop\Spyware Guard 2008.lnk FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Spyware Guard 2008\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
DNS Server Search Order: 68.87.71.226
DNS Server Search Order: 68.87.73.242
DNS Server Search Order: 68.87.64.146
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
-
Here is the requested log..
********************************************************************************
* *
* FixIEDef Log *
* Version 1.7.20.7201 *
* *
********************************************************************************
Created at 13:30:22 on Saturday, December 27, 2008
Time Zone : (GMT-05:00) Eastern Time (US & Canada)
Logged On User : m157236
Operating System : Microsoft Windows XP Professional Service Pack 2
OS Version : 5.1.2600
System Langauge : English (United States)
Keyboard Layout : English (United States)
Processor : X86 Intel® Core2 Duo CPU T7250 @ 2.00GHz
System Drive : H:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32
System Drive Type : Network
System Drive Status : READY
System Drive Label : Offline
System Drive Size : 76.31 GB
System Drive Free : 16.39 GB
Total Physical Memory: 3062 MB
Free Physical Memory : 2216 MB
Total Page File : 3062 MB
Free Page File : 3608 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory : 1970 MB
Boot State : Normal boot
--------------------------------------------------------------------------------
!!! userinit.exe is Clean !!!
--------------------------------------------------------------------------------
!!! Files that have been deleted !!!
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\tmp.txt
--------------------------------------------------------------------------------
!!! Directories that have been removed !!!
No malicious directories to be removed
--------------------------------------------------------------------------------
!!! Registry entries that have been removed !!!
No malicious Registry entries found
================================================================================
All Done
ShadowPuterDude
Safe Surfing!!!
-
I installed MAMB..Ran full scan...rebooted...no luck. Tried in safe mode...deleted the reg entries given in other forums...no luck. I am posting my hizackthis log...Please help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:33, on 12/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\ODI\OStore\BIN\OSCMGR6.EXE
C:\ODI\OStore\BIN\OSSERVER.EXE
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe
C:\SiebelAnalytics\Bin\NQSComGateway.exe
C:\SiebelAnalytics\Bin\nqsserver.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\AccessManager\Client\sygman.exe
C:\WINDOWS\system32\kktools\userdump.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\SiebelAnalytics\SQLAnywhere\dbeng8.exe
C:\WINDOWS\system32\winscenter.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Sun\SDK\jdk\bin\javaw.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.merck.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.21.1.117:8080
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [MerckPrivateDataCheck] cachedos C:\Windows\System32\MyLocalDataShorcutcheck.vbs
O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [LANDeskInventoryClient] "C:\Program Files\LANDesk\LDClient\LDISCN32.EXE" /NTT=USSE1LDMSNA01.na.merckgroup.com:5007 /S="USSE1LDMSNA01.na.merckgroup.com" /I=HTTP://USSE1LDMSNA01.na.merckgroup.com/ldlogon/ldappl3.ldz /NOUI /W=900
O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /to=30
O4 - HKLM\..\Run: [LANDeskVulscanClient] "C:\Program Files\LANDesk\LDClient\vulScan.exe" /noreboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SDK Tray Menu.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.merckgroup.com (HKLM)
O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://activex.microsoft.com/activex/contr...ce/outlctlx.CAB
O16 - DPF: {00D9C306-6B11-492A-9AFC-C53CE30849CF} (Siebel SmartScript) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Smartscript.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://quickr02.merck.de/qp2.cab
O16 - DPF: {06314967-EECF-11D2-9D64-0000949887BE} (Siebel ERM eBriefings Offline Content Synchronization Control) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_ERM_ContentSync.cab
O16 - DPF: {0D68687A-A2A3-46EB-9ED9-956C83875A6C} (Siebel Marketing HTML Editor) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_HTML_Editor.cab
O16 - DPF: {169ADD4B-EE8B-4B27-B332-2941A82DA7E2} (Siebel Microsite Layout Designer) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Microsite_Layout.cab
O16 - DPF: {16C7BBB7-738A-47D7-956E-52DD9A166A9A} (Siebel Event Calendar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_Calendar.cab
O16 - DPF: {1D922C61-16AB-4179-8302-6B8A688C88D0} (CSSAxContainerCtrl Class) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Container_Control.cab
O16 - DPF: {332bd5a0-8000-11d7-b657-00c04faedb18} (Oracle JInitiator 1.1.8.22) -
O16 - DPF: {353F130D-72DB-4F14-B750-625F90D75D1B} (Siebel Test Automation) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Test_Automation.cab
O16 - DPF: {3E8C4740-70C5-439E-AE2F-16234083E248} (Siebel High Interactivity Framework) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_HI_Client.cab
O16 - DPF: {4514F46B-308B-401B-969D-B62E288158ED} (CSSFlexAxContainerCtrl Class) - http://localhost/19238/applets/SiebelAx_Co...ner_Control.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/42.20/uploader2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab
O16 - DPF: {48CE1C1F-092D-461C-A385-A0C3D19FE052} (Siebel iHelp) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_iHelp.cab
O16 - DPF: {5FCAD8CF-85C1-4FD9-BD04-995CBEBA5BEB} (Siebel Hospitality Gantt Chart) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Hospitality_Gantt.cab
O16 - DPF: {73EF83D1-DA75-4F58-8DB6-1CD6D8F9C8A1} (Siebel Calendar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Calendar.cab
O16 - DPF: {756E01C3-2CF9-4364-8724-B8C850CB0D50} (UInboxDynBtn Class) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_UInbox.cab
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Desktop_Integration.cab
O16 - DPF: {96A3E5AB-C228-4D1D-B31F-712BA35EE470} (Siebel Gantt Chart) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Gantt_Chart.cab
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {C5FEEC93-506D-4B41-A38B-3A59BF5B41AB} (Siebel Callcenter Communications Toolbar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_CTI_Toolbar.cab
O16 - DPF: {C657D5D2-D725-4F0E-91A9-EA74647DCF84} (Siebel Marketing Allocation) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_Allocation.cab
O16 - DPF: {D6CC2526-859B-40C0-8515-1A47946478B6} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_OutBound_mail.cab
O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} (Siebel High Interactivity Framework) - http://uscallcenter.us-siebel.us-bos01.ser...x_HI_Client.cab
O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://ch1tt031.ch-gva01.serono.com/pam_us...x_HI_Client.cab
O16 - DPF: {E1E65027-5BB8-4186-A619-81E219274CC8} (ExecuteViewer2 Class) - http://usse1ldmsna01/common/ENUrcviewer.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ch2.serono.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {EFA4D912-2A19-4E6F-B681-4DC0C796FBD8} (Siebel SmartScript) - http://us1tt063/epharma_enu/19230/applets/...Smartscript.cab
O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} (CIC Ink Control) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\iTools.cab
O16 - DPF: {FB8A6B20-09DD-43D5-BF33-676DF96767F3} (Siebel High Interactivity Framework) - http://localhost/19238/applets/SiebelAx_HI_Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.merckgroup.com
O17 - HKLM\Software\..\Telephony: DomainName = na.merckgroup.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.merckgroup.com
O21 - SSODL: ieModule - {3A530F59-69CF-46B0-A6F9-AC1CBCB631A1} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {73E4214D-5483-4D82-AEFA-611C2EAB914A} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\rledtcblog.dll
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: DB2 Management Service (TAEVAL20) (DB2MGMTSVC_TAEVAL20) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe
O23 - Service: DB2 Security Server (TAEVAL20) (DB2NTSECSERVER_TAEVAL20) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2sec.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: ObjectStore Cache Manager R6.0 - eXcelon Corp. - C:\ODI\OStore\BIN\OSCMGR6.EXE
O23 - Service: ObjectStore Server R6.0 - eXcelon Corp. - C:\ODI\OStore\BIN\OSSERVER.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Siebel Analytics Java Host (sawjavahostsvc) - Unknown owner - C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Siebel Analytics Server - Siebel Systems, Inc. - C:\SiebelAnalytics\Bin\NQSComGateway.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 18127 bytes
Spyware 2008 Giving Me Hardtime[RESOLVED]
in Malware Removal
Posted
Can someone change the title topic - with Resolved word.