Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

      
 
 Reply to this topicStart new topic
> Vundo Malware/Spyware Removal Advice Needed
tifosi
post Apr 10 2008, 12:35 AM
Post #1


New Member
*

Group: New Member
Posts: 2
Joined: 10-April 08
Member No.: 78,285
Operating System: Windows XP
Hello Removal Team,

My Windows XP PC has recently been infected with what I believe to be Vundo/Virtumonde virus (in addition to others). I have been able to remove most of the issues with Spybot S&D and Ad-Aware...but the Virtumonde continues to come back. Every once in a while after I think I have cleaned the PC I notice several seconds of DL data transfer when I am not actually DL'ing files. Soon there after I get a few different pop-ups.

1) Windows Update icon appears saying I need to update (I have never usually had this turned on)
2) A yellow Triangle with an exclamation point inside it pops up in the task bar stating my computer could be infected.
3) A pop up entitled "System Integrity Scan Wizard" pops up saying my computer may have critical errors in the Windows registry and file system.
4) A bright red virus notification pop up stating something about a specific file .exe or .dll usually in the SYSTEM directory.

Also, I notice that when using IE, after I do a Yahoo search and click one of the results I usually get re-directed to some website that has nothing to do with my search. If I go back and re-click the search result link 3-4 times then I usually get to the correct result link.

I have just run the ComboFix.exe tool followed by HijackThis (renamed HJT.exe) and I have pasted the logs below.

Regards,
Jeff

ComboFix 08-04-08.7 - jedralla 2008-04-09 23:08:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.845 [GMT -7:00]
Running from: C:\Documents and Settings\jedralla\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Q:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-09 22:24 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-09 22:22 . 2008-04-09 22:22 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-09 21:47 . 2008-04-09 21:47 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-09 21:45 . 2008-04-09 21:45 98,304 --a------ C:\WINDOWS\system32\groxslad.exe
2008-04-08 00:02 . 2008-04-08 10:30 499 --a------ C:\WINDOWS\wininit.ini
2008-04-07 23:12 . 2008-04-07 23:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 21:51 . 2008-04-08 00:36 698 --ahs---- C:\WINDOWS\system32\gbkxvjme.ini
2008-04-07 12:05 . 2008-04-09 21:41 8,405,015 --a------ C:\WINDOWS\TempFile
2008-04-07 10:56 . 2008-04-09 21:46 3,596 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-04-07 10:52 . 2008-04-07 10:52 2,126 --a------ C:\WINDOWS\system32\wpa.dbl
2008-04-07 04:04 . 2008-04-07 04:04 30,464 --a------ C:\WINDOWS\system32\ntnut32.exe
2008-04-07 04:02 . 2008-04-07 04:02 27,904 --a------ C:\WINDOWS\ntnut.exe
2008-04-07 04:02 . 2008-04-07 04:02 11,008 --a------ C:\WINDOWS\123messenger.per
2008-04-07 03:45 . 2008-04-09 21:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-06 23:48 . 2008-04-06 23:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-06 23:48 . 2008-04-06 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-06 23:47 . 2008-04-07 01:49 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-06 23:47 . 2008-04-07 01:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 23:30 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-06 23:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-06 23:30 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-06 23:30 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-06 23:29 . 2008-04-06 23:29 12,032 --a------ C:\WINDOWS\aviwrap32.dll
2008-04-06 20:40 . 2008-04-06 20:40 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Ipswitch
2008-04-06 20:24 . 2008-04-06 20:24 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Omnipod
2008-04-06 20:23 . 2007-08-27 14:09 <DIR> d-------- C:\Documents and Settings\jefftest\Application Data\Intel
2008-04-06 20:23 . 2005-11-21 12:21 <DIR> d-------- C:\Documents and Settings\jefftest\{6B009945-0D67-438E-B477-EF5D2EE5EA66}
2008-04-06 20:23 . 2005-11-21 12:24 <DIR> d-------- C:\Documents and Settings\jefftest\{3BC096B0-A083-41F1-A299-441401FFFA2C}
2008-04-06 20:23 . 2005-11-21 12:22 <DIR> d-------- C:\Documents and Settings\jefftest\{0bedbd4e-2d34-47b5-9973-57e62b29307c}
2008-04-06 15:02 . 2008-04-06 15:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mjszurkz
2008-04-06 15:02 . 2008-04-06 15:02 67,584 --a------ C:\Documents and Settings\All Users\Application Data\pajutolw.dll
2008-03-24 03:25 . 2008-03-24 03:38 <DIR> d-------- C:\ADS2008
2008-03-21 20:02 . 2008-03-21 20:02 <DIR> d-------- C:\WINDOWS\EB38E3885E4F4B8FBB2267F52FF2B4B3.TMP
2008-03-20 19:17 . 2008-03-20 19:29 <DIR> d-------- C:\Documents and Settings\jedralla\Application Data\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 06:11 --------- d-----w C:\Documents and Settings\jedralla\Application Data\Skype
2008-04-10 05:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-10 05:24 --------- d-----w C:\Program Files\Java
2008-04-10 04:42 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-04-07 06:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 13:44 --------- d-----w C:\Documents and Settings\jedralla\Application Data\Intuit
2008-03-31 19:57 140 ----a-w C:\WINDOWS\system32\drivers\macxvi.cfg
2008-03-27 01:44 --------- d-----w C:\Program Files\QuickTime
2008-03-25 10:42 120 ----a-w C:\drmHeader.bin
2008-03-24 19:05 --------- d-----w C:\Program Files\Agilent
2008-03-24 18:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 19:03 --------- d-----w C:\Program Files\AgilentIE6Settings
2008-03-20 18:57 --------- d-----w C:\Program Files\Novatel Wireless
2008-01-25 03:08 516,173 ----a-w C:\WINDOWS\system32\MSVCP60D.DLL
2008-01-25 03:08 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL
2008-01-19 04:12 673,610 ------w C:\WINDOWS\unins001.exe
2007-04-06 06:23 1,024 ------w C:\Documents and Settings\All Users\Application Data\imgppt2.dll
2003-06-09 18:29 57,344 ------w C:\Program Files\internet explorer\plugins\atlnudge.dll
2005-10-12 23:04 131,072 ------w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-09_ 2.46.02.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 02:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 14:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 15:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2000-08-31 14:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
- 2006-11-09 21:28:20 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 08:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2006-11-09 21:28:30 53,346 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 08:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2006-11-09 23:07:32 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 09:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0063C2D9-2D75-4FF4-8701-6B34C925D17D}]
C:\WINDOWS\system32\ljJdBqQG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06368860-DD7C-4BAB-9ED5-0A2169606D1C}]
C:\WINDOWS\system32\efcCvUkJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8334A30C-49E5-489a-B63D-5B927C1EF46E}]
C:\Program Files\QdrDrive\QdrDrive15.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adcist.exe"="c:\Agilent\adci\adcist.exe" [2003-12-11 14:31 69632]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 16:52 68856]
"LogitechSetup"="D:\setup.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 15:18 23233576]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"qkvhhile"="C:\WINDOWS\system32\gbsnwvod.exe" [ ]
"Aim6"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41 860160]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 14:52 86105]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 16:02 815104]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-07 22:05 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 11:12 88209 C:\WINDOWS\AGRSMMSG.exe]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2005-03-09 15:54 184320]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05 122939]
"adcius.exe"="c:\Agilent\adci\adcius.exe" [2007-07-05 11:03 49152]
"LAAM"="c:\agilent\bin\runit c:\Agilent\bin\s_user.exe" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1140899710\ee\AOLSoftware.exe" [2005-11-02 20:01 50792]
"SchedulingAgent_nDG"="C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" [2005-10-21 17:40 1110016]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 16:33 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-06-06 13:25 125632]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 15:18 1582616]
"MBDocker.exe"="C:\WINDOWS\system32\MBDocker.exe" [2005-10-05 14:39 168208]
"AgNotificationCenter"="C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe" [2007-06-14 09:53 110592]
"AeXAgentLogon"="C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2005-01-18 09:31 143360]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-04-16 11:24 819200]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"WD Button Manager"="WDBtnMgr.exe" [2007-10-22 19:54 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"KTWCM_H1100"="C:\Program Files\KT WIBRO\SPH-H1100\KTWIBROCM.exe" [ ]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-07 10:47 159744]
"FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-12-25 14:25 937984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="C:\Program Files\Common Files\logishrd\WUApp32.exe" [2007-05-11 17:24 441120]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe [2007-05-02 10:47:30 98304]
IO Control.lnk - c:\WINDOWS\Installer\{973FF72F-4B14-4A08-BA8C-A4FA5F0EC0F4}\NewShortcut2.53194037_DDF3_483C_97E9_67D689D47D96.exe [2007-12-04 18:48:17 155648]
POD.lnk - C:\Program Files\Omnipod\POD35\omnipod35.exe [2005-06-20 15:04:20 5787648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"qRiasATq1c"= C:\Documents and Settings\All Users\Application Data\mjszurkz\klkzsdct.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=GPO_add_sdadmin.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=logonCI.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-198358228-527928863-167192953-277482\Scripts\Logon\0\0]
"Script"=cleanup.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=
"HyperSend-1-www.hypersend.com"="C:\Program Files\HyperSend\HyperSend.exe" /host=www.hypersend.com /cid=1
"Microsoft Windows Installer"=C:\Documents and Settings\jedralla\Local Settings\Temp\ie.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1140899710\\ee\\aim6.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"C:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Mobridg;Mobility PCI-2-PCI Bridge;C:\WINDOWS\system32\drivers\mobridg.sys [2005-10-05 14:38]
R0 premrt;premrt;C:\WINDOWS\system32\drivers\premrt.sys [2003-08-01 12:41]
R2 AgilentIOLibrariesService;Agilent IO Libraries Service;"c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe" [2007-09-28 15:32]
R2 agLogicSvc;Agilent Logic Analysis;C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe [2007-06-14 09:55]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2004-07-26 10:00]
R2 ndGlobalLauncher;ManageSoft installation agent;"C:\Program Files\ManageSoft\Launcher\ndserv.exe" [2005-10-21 17:38]
R2 ndinit;ManageSoft managed device;"C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe" [2005-10-21 17:40]
R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys [2004-02-23 09:40]
R2 SentinelKeysServer;Sentinel Keys Server;"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" [2007-04-27 02:00]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2004-09-30 14:42]
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 14:43]
R3 mrtcb;mrtcb;C:\WINDOWS\system32\drivers\mrtcb.sys [2003-09-10 09:59]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-09-06 15:30]
R3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-08-16 13:02]
S2 adWLANusb;Analog Devices WLAN MB - 2;C:\WINDOWS\system32\Drivers\wlanmb.sys [2006-06-19 16:44]
S2 CSW;CSW;C:\System-TestWorkbench\2005A\licenses\bin\Lmgrd.exe []
S2 EZUSB;Cypress EZ-usb 2;C:\WINDOWS\system32\Drivers\ezusb.sys [2005-05-05 13:43]
S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" []
S3 BeceemNDIS;TarangService;C:\WINDOWS\system32\DRIVERS\BeceemNDIS.sys []
S3 BeceemNdisCardBus;Tarang;C:\WINDOWS\system32\DRIVERS\drxvi315.sys [2007-12-11 16:28]
S3 GCR410P;GEMPLUS GCR410P Serial Smart Card Reader;C:\WINDOWS\system32\DRIVERS\grserial.sys [2004-08-03 22:59]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2004-09-30 14:43]
S3 Ipt1394;Agilent E8491 1394 VXI controller;C:\WINDOWS\system32\DRIVERS\1394Ipt.sys [2007-09-28 14:41]
S3 magaService;Lan Discover Agent;C:\Program Files\Sygate\SSA\maga\maga.exe []
S3 MSHUSBVideo;NX6000 Filter Driver;C:\WINDOWS\system32\Drivers\nx6000.sys [2006-08-23 17:33]
S3 N5101A;Agilent Technologies N5101A Device Driver;C:\WINDOWS\system32\DRIVERS\N5101A.sys [2003-04-03 16:08]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\WINDOWS\system32\DRIVERS\nwusbser2.sys [2007-10-12 16:04]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2007-04-19 11:09]
S3 SamsungSerenum;Samsung ENUMERATER Serenum Filter Driver;C:\WINDOWS\system32\DRIVERS\VSPenum.sys []
S3 SamsungSerial;Samsung_BUS Serial port driver;C:\WINDOWS\system32\DRIVERS\Vsp.sys []
S3 SamsungWiBroNet;Wibro;C:\WINDOWS\system32\DRIVERS\SamsungWiBro.sys []
S3 Usbtmc;ausbtmc;C:\WINDOWS\system32\Drivers\ausbtmc.sys [2007-09-28 14:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c765c2fe-19ba-11dc-a006-444553544200}]
\Shell\Auto\command - D:\sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{F68D3BCB-E0D4-4E62-B16C-CAA794081E26}]
wscript //b "C:\Program Files\AgilentIE6Settings\ConfigureIE6.vbs"
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 23:11:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-09 23:15:09
ComboFix-quarantined-files.txt 2008-04-10 06:15:05
ComboFix2.txt 2008-04-09 08:46:26
Pre-Run: 6,777,135,104 bytes free
Post-Run: 6,761,160,704 bytes free
.
2008-04-07 20:08:01 --- E O F ---



#################################################
#################################################
#################HiJackThis log below###############
#################################################
#################################################

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19, on 2008-04-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ManageSoft\Launcher\ndserv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ManageSoft\Usage Agent\mgsusageag.exe
c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.NkoServer.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc488.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc82357.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\All Users\Application Data\mjszurkz\klkzsdct.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\AOL\1140899710\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ManageSoft\Schedule Agent\ndtask.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\MBDocker.exe
C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Agilent\adci\adcist.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\groxslad.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
C:\Program Files\Agilent\IO Libraries Suite\bin\iprocsvr.exe
c:\Program Files\Agilent\IO Libraries Suite\bin\iproc8491.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.agilent.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = web-proxy:8088
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.agilent.com; localhost; 127.0.0.1; ;<local>
O2 - BHO: (no name) - {0063C2D9-2D75-4FF4-8701-6B34C925D17D} - C:\WINDOWS\system32\ljJdBqQG.dll (file missing)
O2 - BHO: (no name) - {06368860-DD7C-4BAB-9ED5-0A2169606D1C} - C:\WINDOWS\system32\efcCvUkJ.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [adcius.exe] c:\Agilent\adci\adcius.exe
O4 - HKLM\..\Run: [LAAM] c:\agilent\bin\runit c:\Agilent\bin\s_user.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140899710\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SchedulingAgent_nDG] "C:\Program Files\ManageSoft\Schedule Agent\ndschedag.exe" -o RunNDStartup=True -o Startup=True
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [MBDocker.exe] C:\WINDOWS\system32\MBDocker.exe
O4 - HKLM\..\Run: [AgNotificationCenter] "C:\Program Files\Agilent Technologies\Logic Analyzer\agNotificationCenter.exe"
O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" /logon
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [KTWCM_H1100] C:\Program Files\KT WIBRO\SPH-H1100\KTWIBROCM.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [pajutolw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pajutolw.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3218] command /c del "C:\WINDOWS\system32\efcCvUkJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3313] cmd /c del "C:\WINDOWS\system32\efcCvUkJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8071] command /c del "C:\WINDOWS\system32\gtnpxeio.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC361] cmd /c del "C:\WINDOWS\system32\gtnpxeio.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3970] command /c del "C:\WINDOWS\system32\pnhplaek.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5957] cmd /c del "C:\WINDOWS\system32\pnhplaek.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5735] command /c del "C:\WINDOWS\system32\qoMffETJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC560] cmd /c del "C:\WINDOWS\system32\qoMffETJ.dll_old"
O4 - HKCU\..\Run: [adcist.exe] c:\Agilent\adci\adcist.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSetup] D:\setup.exe /skip_all_checks /p /start /restart driveronly /l:enu
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [QdrModule15] "C:\Program Files\QdrModule\QdrModule15.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [qkvhhile] C:\WINDOWS\system32\gbsnwvod.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB8023] command /c del "C:\WINDOWS\system32\efcCvUkJ.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6698] cmd /c del "C:\WINDOWS\system32\efcCvUkJ.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB269] command /c del "C:\WINDOWS\system32\gtnpxeio.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3084] cmd /c del "C:\WINDOWS\system32\gtnpxeio.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8400] command /c del "C:\WINDOWS\system32\pnhplaek.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2041] cmd /c del "C:\WINDOWS\system32\pnhplaek.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8811] command /c del "C:\WINDOWS\system32\qoMffETJ.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3398] cmd /c del "C:\WINDOWS\system32\qoMffETJ.dll_old"
O4 - HKLM\..\Policies\Explorer\Run: [qRiasATq1c] C:\Documents and Settings\All Users\Application Data\mjszurkz\klkzsdct.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0991 -f video -m logitech -d 11.0.0.1217 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0991 -f video -m logitech -d 11.0.0.1217 (User 'Default user')
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: IO Control.lnk = ?
O4 - Global Startup: POD.lnk = C:\Program Files\Omnipod\POD35\omnipod35.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://be.agilent.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {F9DED47C-5B9F-4119-BAAF-E772E1BB551E} (HyperSend Agent) - https://www.hypersend.com/img/0/setup/hsc_win.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\Software\..\Telephony: DomainName = agilent.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = agilent.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = agilent.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Agilent IO Libraries Service (AgilentIOLibrariesService) - Agilent - c:\Program Files\Agilent\IO Libraries Suite\Agilent.TMFramework.Connectivity.AgilentIOLibrariesService.exe
O23 - Service: Agilent Logic Analysis (agLogicSvc) - Agilent Technologies, Inc. - C:\Program Files\Agilent Technologies\Logic Analyzer\agLogicSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CSW - Unknown owner - C:\System-TestWorkbench\2005A\licenses\bin\Lmgrd.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hummingbird InetD (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\10.00\Inetd\inetd32.exe
O23 - Service: HP WMI Interface (hpqwmi) - Unknown owner - C:\Program Files\HPQ\SHARED\HPQWMI.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing)
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: ManageSoft installation agent (ndGlobalLauncher) - ManageSoft Corp - C:\Program Files\ManageSoft\Launcher\ndserv.exe
O23 - Service: ManageSoft managed device (ndinit) - ManageSoft Corp - C:\Program Files\ManageSoft\Schedule Agent\ndinit.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 18675 bytes

I also forgot to mention these further items about the virus I initially contracted....

1) It initially locked me out of "task manager". I then ran a script to get back control. I now have access.
2) The Virus somehow managed to delete ALL previous system restore points on my PC. Then it created a new one right about the time the virus was contracted.
Go to the top of the page
 
+Quote Post
« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Collapse

> Similar Topics

    Topic Title Replies Topic Starter Views Last Action
No New Posts  
7 Morten G 43 22 minutes ago
Last post by: LDTate
No New Posts  
10 ozyank 79 Today, 04:24 AM
Last post by: ken545
No New Posts  
4 spike1899 54 Yesterday, 07:52 PM
Last post by: spike1899
No New Posts  
1 Jerzey007 43 Yesterday, 02:41 PM
Last post by: LDTate
No New Posts  
1 Jerzey007 24 Yesterday, 02:40 PM
Last post by: LDTate

RSS Time is now: 12th October 2008 - 12:29 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2008  IPS, Inc.