Web pages not well displayed by explorer and Win anti spyware opens I explorer window

Posted 7/24/2008 7:30 PM
#63939
User avatar

Potestatem_Deorum Valued member

Date Joined Nov 2016
Total Posts: 22
Hijackthis log file:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:28, on 2008-07-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BMCIT\BMCCM\Target\Tuner.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DKabcoms.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\BMCIT\BMCCM\Target\lib\minituner.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bmc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [YTK Lite.exe] C:\Program Files\YTK Lite\YTK Lite.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: mail.lnk = C:\I386\~Configs\email.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.adprod.com
O15 - Trusted Zone: *.bmc.com
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - https://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206637629031
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} -
O16 - DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF} (JInitiator 1.3.1.26) - https://ncai.bmc.com:9440/jinitiator/oajinit.exe
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://sgate.bmc.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = adprod.bmc.com
O17 - HKLM\Software\..\Telephony: DomainName = adprod.bmc.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6CD3CAE-B929-450C-BBAA-F2470453B836}: NameServer = 207.249.166.97
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = adprod.bmc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = adprod.bmc.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BMCCM_Target (BMCCMTarget) - BMC Software, Inc. - C:\Program Files\BMCIT\BMCCM\Target\Tuner.exe
O23 - Service: dkab_device - - C:\WINDOWS\system32\DKabcoms.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe

--
End of file - 12470 bytes
Posted 7/25/2008 4:28 AM
#63945
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :cool:





Please download Combofix:

[color=#222222][2]https://download.bleepingcomputer.com/sUBs/ComboFix.exe[/2][/color]

[2] [/2]

[2] [/2]

And save to the desktop.


[2]Close all other browser windows.[/2]

[2] [/2]

[2] [/2]

[2] [/2]

[2] [/2]

[2]Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".[/2]

[2] [/2]

[2] [/2]

[2]Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.[/2]

[2] [/2]

[2]Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.[/2]


When finished, it will produce a logfile located at C:\combofix.txt.




Post the contents of that log in your next reply with a new hijackthis log.



[2]Please copy and paste your log files. DO NOT add it as an attachment[/2]






[2]NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.[/2]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/25/2008 6:12 AM
#63952
User avatar

Potestatem_Deorum Valued member

Date Joined Nov 2016
Total Posts: 22
[color=red]WARNING].[/color]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology\ADSTechnology.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology\Uninstall.lnk
C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\ActivationManager.dll
C:\Program Files\ActivationManager\Uninstall.exe
C:\Program Files\ADSTechnology
C:\Program Files\ADSTechnology\ADSTechnology.dll
C:\Program Files\ADSTechnology\ADSTechnology.exe
C:\Program Files\ADSTechnology\Uninstall.exe
C:\WINDOWS\system32\kmd.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-24 23:57 . 2008-07-24 23:57 2,661,969 --a------ C:\ComboFix.exe
2008-07-24 12:56 . 2008-07-08 13:15 192,512 --a------ C:\WINDOWS\system32\KevlarSigs.dll
2008-07-24 12:56 . 2007-06-13 11:41 182,784 --a------ C:\WINDOWS\system32\drivers\HidSys.sys
2008-07-24 12:56 . 2007-06-13 11:41 176,128 --a------ C:\WINDOWS\system32\hidapi.dll
2008-07-24 12:56 . 2007-01-26 17:19 53,248 --a------ C:\WINDOWS\system32\hidapistub.dll
2008-07-24 12:56 . 2008-06-12 16:22 34,327 --a------ C:\WINDOWS\system32\kevlar_api_hook_list.dat
2008-07-23 17:09 . 2007-11-27 16:32 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-07-21 14:23 . 2008-07-21 14:49 <DIR> d-------- C:\Program Files\Coding Workshop Ringtone Converter
2008-07-21 14:23 . 2004-02-19 05:11 511,488 --a------ C:\WINDOWS\system32\cwmdtl50a.dll
2008-07-21 14:23 . 2001-02-15 15:45 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-07-21 14:23 . 1998-10-07 05:53 305,432 --a------ C:\WINDOWS\system32\Threed20.ocx
2008-07-21 14:23 . 2003-06-30 16:39 102,400 --a------ C:\WINDOWS\system32\cwsmaf40.dll
2008-07-21 14:13 . 1997-11-19 15:49 303,616 --a------ C:\WINDOWS\IsUninst.exe
2008-07-21 14:13 . 2008-07-21 14:13 63 --a------ C:\WINDOWS\mmpro.ini
2008-07-17 13:19 . 2008-07-17 13:19 <DIR> d-------- C:\Program Files\Ashampoo
2008-07-17 13:19 . 2008-07-17 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-07-17 13:11 . 2008-07-17 13:11 <DIR> d-------- C:\Documents and Settings\mexqa\Application Data\Publish Providers
2008-07-17 12:36 . 2008-07-17 12:36 <DIR> d-------- C:\Program Files\Vstplugins
2008-07-14 10:09 . 2008-07-14 10:09 <DIR> d-------- C:\Program Files\Musicmatch
2008-07-14 10:09 . 2008-07-14 10:09 <DIR> d-------- C:\Documents and Settings\mexqa\Application Data\Musicmatch
2008-07-14 10:09 . 2006-01-19 12:05 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-07-14 10:09 . 2006-01-19 12:05 104,960 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-07-09 14:24 . 2008-07-24 12:25 <DIR> d-------- C:\Program Files\Google
2008-07-09 14:24 . 2008-07-24 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-08 14:25 . 2008-07-08 14:25 268 --ah----- C:\sqmdata14.sqm
2008-07-08 14:25 . 2008-07-08 14:25 244 --ah----- C:\sqmnoopt14.sqm
2008-06-26 17:43 . 2004-08-04 00:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-06-26 17:43 . 2004-08-04 00:58 5,504 --a------ C:\WINDOWS\system32\dllcache\mstee.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 05:01 --------- d-----w C:\Program Files\LogMeIn
2008-07-25 04:56 --------- d-----w C:\Documents and Settings\mexqa\Application Data\Skype
2008-07-24 17:55 --------- d-----w C:\Program Files\Yahoo!
2008-07-23 19:58 --------- d-----w C:\Program Files\Intelore
2008-07-23 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 17:36 --------- d-----w C:\Program Files\Sony
2008-06-19 14:47 --------- d-----w C:\Program Files\Traduce Gratis
2008-06-18 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-10 23:04 --------- d-----w C:\Program Files\Passware
2008-06-10 17:09 --------- d-----w C:\Documents and Settings\mexqa\Application Data\Yahoo!
2008-06-10 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-04 18:36 --------- d-----w C:\Documents and Settings\mexqa\Application Data\YTK Lite
2008-05-28 17:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-28 17:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2008-05-28 17:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll
2008-05-28 17:32 23,736 ----a-w C:\WINDOWS\system32\LMImirr.dll
2008-05-28 17:32 10,040 ----a-w C:\WINDOWS\system32\LMImirr2.dll
2008-02-25 15:17 144 ----a-w C:\Program Files\burnqpxk.txt
2007-09-06 14:07 13,824 ----a-w C:\Documents and Settings\mexqa\atwbxdet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-31 17:40 22879528]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"COMMUNICATOR"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-09 14:24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tpam.exe"="C:\Program Files\IBM\Personal Communications\tpam.exe" [2004-09-02 06:08 28672]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-08-13 20:50 111952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe" [2005-02-24 13:09 147514]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 10:20 63048]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11:06 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 11:06 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok]
2004-09-02 06:08 53248 C:\Program Files\IBM\Personal Communications\atmgrtok.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2004-09-02 23:49 49152 C:\WINDOWS\system32\pcsinst.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\DKabcoms.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 NEOFLTR_550_11965;Juniper Networks TDI Filter Driver (NEOFLTR_550_11965);C:\WINDOWS\system32\Drivers\NEOFLTR_550_11965.SYS [2007-07-16 17:27]
R2 AppnApi;AppnApi;C:\WINDOWS\system32\drivers\appnapi.sys [2004-09-02 06:08]
R2 BMCCMTarget;BMCCM_Target;C:\Program Files\BMCIT\BMCCM\Target\Tuner.exe [2007-08-06 07:34]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [2007-06-13 11:47]
R2 IBM_LLC2;IBM Personal Communications LLC2 Driver;C:\WINDOWS\system32\DRIVERS\llc2.sys [2004-09-02 06:08]
R2 iPCAgent;iPCAgent;C:\Program Files\iPass\iPassConnect\iPCAgent.exe [2004-10-19 10:23]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;C:\WINDOWS\system32\DRIVERS\mdc80211.sys [2007-02-06 13:32]
R2 NsTrcNT;NsTrcNT;C:\WINDOWS\system32\drivers\nstrcnt.sys [2004-09-02 06:08]
R2 pdlnctdl;Twinax CUT Adapter;C:\WINDOWS\system32\drivers\pdlnctdl.sys [2004-09-02 06:08]
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);C:\WINDOWS\system32\drivers\pdlndldl.sys [2004-09-02 06:08]
R3 Anydlc;Anydlc;C:\WINDOWS\system32\drivers\anydlc.sys [2004-09-02 06:08]
R3 Appn;Appn;C:\WINDOWS\system32\drivers\appn.sys [2004-09-02 06:08]
R3 AppnBase;AppnBase;C:\WINDOWS\system32\drivers\AppnBase.sys [2004-09-02 06:08]
R3 dkab_device;dkab_device;C:\WINDOWS\system32\DKabcoms.exe [2006-10-21 12:38]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2005-04-04 19:21]
R3 hidsys;hidsys;C:\WINDOWS\system32\Drivers\hidsys.sys [2007-06-13 11:41]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2005-04-04 19:20]
R3 KLOGNT;KLOGNT;C:\WINDOWS\system32\drivers\klognt.sys [2004-09-02 06:08]
R3 pdlnacom;PDLC Adapter -- COM;C:\WINDOWS\system32\drivers\pdlnacom.sys [2004-09-02 06:08]
R3 pdlnafac;PDLC Adapter Factory;C:\WINDOWS\system32\drivers\pdlnafac.sys [2004-09-02 06:08]
R3 pdlnatcm;Twinax Adapter Common;C:\WINDOWS\system32\drivers\pdlnatcm.sys [2004-09-02 06:08]
R3 pdlnatdl;Twinax Adapter;C:\WINDOWS\system32\drivers\pdlnatdl.sys [2004-09-02 06:08]
R3 pdlncbas;PDLC CxM Classes;C:\WINDOWS\system32\drivers\pdlncbas.sys [2004-09-02 06:08]
R3 pdlncfwk;PDLC Connection Manager;C:\WINDOWS\system32\drivers\pdlncfwk.sys [2004-09-02 06:08]
R3 pdlndint;PDLC DLC Classes;C:\WINDOWS\system32\drivers\pdlndint.sys [2004-09-02 06:08]
R3 pdlndlpb;PDLC LAPB;C:\WINDOWS\system32\drivers\pdlndlpb.sys [2004-09-02 06:08]
R3 pdlndoem;PDLC OEM Interface;C:\WINDOWS\system32\drivers\pdlndoem.sys [2004-09-02 06:08]
R3 pdlndqll;PDLC QLLC;C:\WINDOWS\system32\drivers\pdlndqll.sys [2004-09-02 06:08]
R3 pdlndsdl;PDLC SDLC;C:\WINDOWS\system32\drivers\pdlndsdl.sys [2004-09-02 06:08]
R3 pdlndtdl;Twinax DLC;C:\WINDOWS\system32\drivers\pdlndtdl.sys [2004-09-02 06:08]
R3 pdlnebas;PDLC Environment;C:\WINDOWS\system32\drivers\pdlnebas.sys [2004-09-02 06:08]
R3 pdlnecfg;PDLC Configuration;C:\WINDOWS\system32\drivers\pdlnecfg.sys [2004-09-02 06:08]
R3 pdlnemap;PDLC Mapper;C:\WINDOWS\system32\drivers\pdlnemap.sys [2004-09-02 06:08]
R3 pdlnemsg;PDLC Message Driver;C:\WINDOWS\system32\drivers\pdlnemsg.sys [2004-09-02 06:08]
R3 pdlnepkt;PDLC Buffer Manager;C:\WINDOWS\system32\drivers\pdlnepkt.sys [2004-09-02 06:08]
R3 pdlnshay;PDLC Hayes At signalling;C:\WINDOWS\system32\drivers\pdlnshay.sys [2004-09-02 06:08]
R3 pdlnslea;PDLC SDLC Leased;C:\WINDOWS\system32\drivers\pdlnslea.sys [2004-09-02 06:08]
R3 pdlnsv25;PDLC V25bis signalling;C:\WINDOWS\system32\drivers\pdlnsv25.sys [2004-09-02 06:08]
R3 pdlnsx25;PDLC X.25;C:\WINDOWS\system32\drivers\pdlnsx25.sys [2004-09-02 06:08]
S3 ExtranetAccess;Contivity VPN Service;C:\Program Files\Nortel Networks\Extranet_serv.exe [2005-04-04 19:09]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2005-04-04 19:20]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 13:13:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-YTK Lite.exe - C:\Program Files\YTK Lite\YTK Lite.exe
HKU-Default-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.bmc.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{D6CD3CAE-B929-450C-BBAA-F2470453B836}: NameServer = 207.249.166.97

O16 -: DirectAnimation Java Classes - https://www.gmer.net
Rootkit scan 2008-07-25 00:02:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-25 0:04:51
ComboFix-quarantined-files.txt 2008-07-25 05:04:32
ComboFix2.txt 2008-02-20 19:34:54
ComboFix3.txt 2008-02-20 19:31:54
ComboFix4.txt 2008-02-20 18:19:17

Pre-Run: 141,767,094,272 bytes free
Post-Run: 141,784,207,360 bytes free

216
Posted 7/25/2008 8:16 AM
#63960
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Please download Malwarebytes' Anti-Malware:

https://www.besttechie.net/tools/mbam-setup.exe



to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch



Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Once the program has loaded, select Perform full scan, then click Scan.



When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click Remove Selected.



When completed, a log will open in Notepad. Please save it to a convenient location.



Copy and Paste that log into your next reply, along with new combofix log.





NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.







Kindly do not annotate or format the log with color or font changes.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/28/2008 4:05 PM
#64081
User avatar

Potestatem_Deorum Valued member

Date Joined Nov 2016
Total Posts: 22
Touch:


Here is the Log from Malware log:



Malwarebytes' Anti-Malware 1.23
Database version: 990
Windows 5.1.2600 Service Pack 2

10:08:45 AM 7/25/2008
mbam-log-7-25-2008 (10-08-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 90403
Time elapsed: 47 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\cmm\Data\spyware -setup_239_509_.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\WindowsUpdate.ini (Trojan.Spammer) -> Quarantined and deleted successfully.




And the ComboFix after Malware:



ComboFix 08-07-24.1 - mexqa 2008-07-25 0:01:32.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1305 [GMT -5:00]
Running from: C:\ComboFix.exe
Command switches used :: /snapshot
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology\ADSTechnology.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology\Uninstall.lnk
C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\ActivationManager.dll
C:\Program Files\ActivationManager\Uninstall.exe
C:\Program Files\ADSTechnology
C:\Program Files\ADSTechnology\ADSTechnology.dll
C:\Program Files\ADSTechnology\ADSTechnology.exe
C:\Program Files\ADSTechnology\Uninstall.exe
C:\WINDOWS\system32\kmd.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-24 23:57 . 2008-07-24 23:57 2,661,969 --a------ C:\ComboFix.exe
2008-07-24 12:56 . 2008-07-08 13:15 192,512 --a------ C:\WINDOWS\system32\KevlarSigs.dll
2008-07-24 12:56 . 2007-06-13 11:41 182,784 --a------ C:\WINDOWS\system32\drivers\HidSys.sys
2008-07-24 12:56 . 2007-06-13 11:41 176,128 --a------ C:\WINDOWS\system32\hidapi.dll
2008-07-24 12:56 . 2007-01-26 17:19 53,248 --a------ C:\WINDOWS\system32\hidapistub.dll
2008-07-24 12:56 . 2008-06-12 16:22 34,327 --a------ C:\WINDOWS\system32\kevlar_api_hook_list.dat
2008-07-23 17:09 . 2007-11-27 16:32 108,336 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-07-21 14:23 . 2008-07-21 14:49 <DIR> d-------- C:\Program Files\Coding Workshop Ringtone Converter
2008-07-21 14:23 . 2004-02-19 05:11 511,488 --a------ C:\WINDOWS\system32\cwmdtl50a.dll
2008-07-21 14:23 . 2001-02-15 15:45 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-07-21 14:23 . 1998-10-07 05:53 305,432 --a------ C:\WINDOWS\system32\Threed20.ocx
2008-07-21 14:23 . 2003-06-30 16:39 102,400 --a------ C:\WINDOWS\system32\cwsmaf40.dll
2008-07-21 14:13 . 1997-11-19 15:49 303,616 --a------ C:\WINDOWS\IsUninst.exe
2008-07-21 14:13 . 2008-07-21 14:13 63 --a------ C:\WINDOWS\mmpro.ini
2008-07-17 13:19 . 2008-07-17 13:19 <DIR> d-------- C:\Program Files\Ashampoo
2008-07-17 13:19 . 2008-07-17 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-07-17 13:11 . 2008-07-17 13:11 <DIR> d-------- C:\Documents and Settings\mexqa\Application Data\Publish Providers
2008-07-17 12:36 . 2008-07-17 12:36 <DIR> d-------- C:\Program Files\Vstplugins
2008-07-14 10:09 . 2008-07-14 10:09 <DIR> d-------- C:\Program Files\Musicmatch
2008-07-14 10:09 . 2008-07-14 10:09 <DIR> d-------- C:\Documents and Settings\mexqa\Application Data\Musicmatch
2008-07-14 10:09 . 2006-01-19 12:05 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-07-14 10:09 . 2006-01-19 12:05 104,960 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-07-09 14:24 . 2008-07-24 12:25 <DIR> d-------- C:\Program Files\Google
2008-07-09 14:24 . 2008-07-24 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-08 14:25 . 2008-07-08 14:25 268 --ah----- C:\sqmdata14.sqm
2008-07-08 14:25 . 2008-07-08 14:25 244 --ah----- C:\sqmnoopt14.sqm
2008-06-26 17:43 . 2004-08-04 00:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-06-26 17:43 . 2004-08-04 00:58 5,504 --a------ C:\WINDOWS\system32\dllcache\mstee.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 05:01 --------- d-----w C:\Program Files\LogMeIn
2008-07-25 04:56 --------- d-----w C:\Documents and Settings\mexqa\Application Data\Skype
2008-07-24 17:55 --------- d-----w C:\Program Files\Yahoo!
2008-07-23 19:58 --------- d-----w C:\Program Files\Intelore
2008-07-23 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-17 17:36 --------- d-----w C:\Program Files\Sony
2008-06-19 14:47 --------- d-----w C:\Program Files\Traduce Gratis
2008-06-18 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-10 23:04 --------- d-----w C:\Program Files\Passware
2008-06-10 17:09 --------- d-----w C:\Documents and Settings\mexqa\Application Data\Yahoo!
2008-06-10 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-04 18:36 --------- d-----w C:\Documents and Settings\mexqa\Application Data\YTK Lite
2008-05-28 17:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-28 17:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2008-05-28 17:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll
2008-05-28 17:32 23,736 ----a-w C:\WINDOWS\system32\LMImirr.dll
2008-05-28 17:32 10,040 ----a-w C:\WINDOWS\system32\LMImirr2.dll
2008-02-25 15:17 144 ----a-w C:\Program Files\burnqpxk.txt
2007-09-06 14:07 13,824 ----a-w C:\Documents and Settings\mexqa\atwbxdet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-31 17:40 22879528]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"COMMUNICATOR"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-09 14:24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tpam.exe"="C:\Program Files\IBM\Personal Communications\tpam.exe" [2004-09-02 06:08 28672]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-08-13 20:50 111952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\McAfee Inc\TalkBack\TBMon.exe" [2005-02-24 13:09 147514]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 10:20 63048]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11:06 11776]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 11:06 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 12:40 4167376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok]
2004-09-02 06:08 53248 C:\Program Files\IBM\Personal Communications\atmgrtok.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2004-09-02 23:49 49152 C:\WINDOWS\system32\pcsinst.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\DKabcoms.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 NEOFLTR_550_11965;Juniper Networks TDI Filter Driver (NEOFLTR_550_11965);C:\WINDOWS\system32\Drivers\NEOFLTR_550_11965.SYS [2007-07-16 17:27]
R2 AppnApi;AppnApi;C:\WINDOWS\system32\drivers\appnapi.sys [2004-09-02 06:08]
R2 BMCCMTarget;BMCCM_Target;C:\Program Files\BMCIT\BMCCM\Target\Tuner.exe [2007-08-06 07:34]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [2007-06-13 11:47]
R2 IBM_LLC2;IBM Personal Communications LLC2 Driver;C:\WINDOWS\system32\DRIVERS\llc2.sys [2004-09-02 06:08]
R2 iPCAgent;iPCAgent;C:\Program Files\iPass\iPassConnect\iPCAgent.exe [2004-10-19 10:23]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9;C:\WINDOWS\system32\DRIVERS\mdc80211.sys [2007-02-06 13:32]
R2 NsTrcNT;NsTrcNT;C:\WINDOWS\system32\drivers\nstrcnt.sys [2004-09-02 06:08]
R2 pdlnctdl;Twinax CUT Adapter;C:\WINDOWS\system32\drivers\pdlnctdl.sys [2004-09-02 06:08]
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);C:\WINDOWS\system32\drivers\pdlndldl.sys [2004-09-02 06:08]
R3 Anydlc;Anydlc;C:\WINDOWS\system32\drivers\anydlc.sys [2004-09-02 06:08]
R3 Appn;Appn;C:\WINDOWS\system32\drivers\appn.sys [2004-09-02 06:08]
R3 AppnBase;AppnBase;C:\WINDOWS\system32\drivers\AppnBase.sys [2004-09-02 06:08]
R3 dkab_device;dkab_device;C:\WINDOWS\system32\DKabcoms.exe [2006-10-21 12:38]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2005-04-04 19:21]
R3 hidsys;hidsys;C:\WINDOWS\system32\Drivers\hidsys.sys [2007-06-13 11:41]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2005-04-04 19:20]
R3 KLOGNT;KLOGNT;C:\WINDOWS\system32\drivers\klognt.sys [2004-09-02 06:08]
R3 pdlnacom;PDLC Adapter -- COM;C:\WINDOWS\system32\drivers\pdlnacom.sys [2004-09-02 06:08]
R3 pdlnafac;PDLC Adapter Factory;C:\WINDOWS\system32\drivers\pdlnafac.sys [2004-09-02 06:08]
R3 pdlnatcm;Twinax Adapter Common;C:\WINDOWS\system32\drivers\pdlnatcm.sys [2004-09-02 06:08]
R3 pdlnatdl;Twinax Adapter;C:\WINDOWS\system32\drivers\pdlnatdl.sys [2004-09-02 06:08]
R3 pdlncbas;PDLC CxM Classes;C:\WINDOWS\system32\drivers\pdlncbas.sys [2004-09-02 06:08]
R3 pdlncfwk;PDLC Connection Manager;C:\WINDOWS\system32\drivers\pdlncfwk.sys [2004-09-02 06:08]
R3 pdlndint;PDLC DLC Classes;C:\WINDOWS\system32\drivers\pdlndint.sys [2004-09-02 06:08]
R3 pdlndlpb;PDLC LAPB;C:\WINDOWS\system32\drivers\pdlndlpb.sys [2004-09-02 06:08]
R3 pdlndoem;PDLC OEM Interface;C:\WINDOWS\system32\drivers\pdlndoem.sys [2004-09-02 06:08]
R3 pdlndqll;PDLC QLLC;C:\WINDOWS\system32\drivers\pdlndqll.sys [2004-09-02 06:08]
R3 pdlndsdl;PDLC SDLC;C:\WINDOWS\system32\drivers\pdlndsdl.sys [2004-09-02 06:08]
R3 pdlndtdl;Twinax DLC;C:\WINDOWS\system32\drivers\pdlndtdl.sys [2004-09-02 06:08]
R3 pdlnebas;PDLC Environment;C:\WINDOWS\system32\drivers\pdlnebas.sys [2004-09-02 06:08]
R3 pdlnecfg;PDLC Configuration;C:\WINDOWS\system32\drivers\pdlnecfg.sys [2004-09-02 06:08]
R3 pdlnemap;PDLC Mapper;C:\WINDOWS\system32\drivers\pdlnemap.sys [2004-09-02 06:08]
R3 pdlnemsg;PDLC Message Driver;C:\WINDOWS\system32\drivers\pdlnemsg.sys [2004-09-02 06:08]
R3 pdlnepkt;PDLC Buffer Manager;C:\WINDOWS\system32\drivers\pdlnepkt.sys [2004-09-02 06:08]
R3 pdlnshay;PDLC Hayes At signalling;C:\WINDOWS\system32\drivers\pdlnshay.sys [2004-09-02 06:08]
R3 pdlnslea;PDLC SDLC Leased;C:\WINDOWS\system32\drivers\pdlnslea.sys [2004-09-02 06:08]
R3 pdlnsv25;PDLC V25bis signalling;C:\WINDOWS\system32\drivers\pdlnsv25.sys [2004-09-02 06:08]
R3 pdlnsx25;PDLC X.25;C:\WINDOWS\system32\drivers\pdlnsx25.sys [2004-09-02 06:08]
S3 ExtranetAccess;Contivity VPN Service;C:\Program Files\Nortel Networks\Extranet_serv.exe [2005-04-04 19:09]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2005-04-04 19:20]
.
Contents of the 'Scheduled Tasks' folder
"2008-07-22 13:13:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-YTK Lite.exe - C:\Program Files\YTK Lite\YTK Lite.exe
HKU-Default-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.bmc.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{D6CD3CAE-B929-450C-BBAA-F2470453B836}: NameServer = 207.249.166.97

O16 -: DirectAnimation Java Classes - https://www.gmer.net
Rootkit scan 2008-07-25 00:02:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-25 0:04:51
ComboFix-quarantined-files.txt 2008-07-25 05:04:32
ComboFix2.txt 2008-02-20 19:34:54
ComboFix3.txt 2008-02-20 19:31:54
ComboFix4.txt 2008-02-20 18:19:17

Pre-Run: 141,767,094,272 bytes free
Post-Run: 141,784,207,360 bytes free

216
Posted 7/29/2008 6:46 AM
#64099
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
How are things running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 7/29/2008 4:11 PM
#64114
User avatar

Potestatem_Deorum Valued member

Date Joined Nov 2016
Total Posts: 22
Well Touch, things got so much better look ok. I've got a couple of questions for you:

1- How could I know whether or not my PC is being monitored (MSN, programs, e-mail) by those stealth programs ?

2- How & where I can learn about the tools you told me to use ?




Thanks
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, December 11, 2019, 6:49 AM (GMT +1)
There are a total of 61,750 posts in 13,625 threads.
In the last 3 days there were 0 new threads and 2 reply posts.

Who's online

This forum has 38,552 registered members. Please welcome our newest member, joshep.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.