[Resolved] My Hijack Report

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

2 Pages

1 2 >

[Resolved] My Hijack Report - Please advise

Options

ArunPedha View Member Profile	Aug 4 2008, 04:52 PM Post #1
New Member Group: New Member Posts: 12 Joined: 19-July 08 Member No.: 80,385 Operating System: Windows XP	Hi, I recently removed anitvirus xp from the system with the help your support . But my system seems to be slower now in term of response time. Here is my hijack list report. Please take a look and advise if you see anything abnormal. Thanks in advance. ****************************************************************************** *********************************************************** Logfile of HijackThis v1.99.1 Scan saved at 6:43:34 PM, on 8/4/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe C:\Program Files\Gizmo5\mDNSResponder.exe C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\GizmoPlugin\GizmoPlugin.exe C:\Program Files\Hummingbird\Connectivity\12.00\InetD\inetd32.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Rational\ClearCase\bin\lockmgr.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\McAfee\DLP\Agent\fcags.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe C:\Program Files\Hummingbird\Connectivity\12.00\HostExplorer\PrintServices\PESRV.exe C:\Program Files\ROVA Update\rovasrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\timesync.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\Program Files\McAfee\DLP\Agent\fcag.exe C:\Program Files\McAfee\DLP\Agent\FCAGT.EXE C:\WINDOWS\SYSTEM32\DWRCST.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Network Associates\Common Framework\McTray.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MRU-Blaster\scheduler.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Documents and Settings\akrishna\Desktop\arun1\app\coolbar\Coolbar.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.ml.com:8083 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [ICA Client9.00.32649] "C:\Program Files\Citrix\ICA Client\ICAClient Config.EXE" O4 - HKLM\..\Run: [GUpload] "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\GRAS302\GUpload.exe" O4 - HKLM\..\Run: [ROVATray] "C:\Program Files\ROVA\rovatray.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe" O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\akrishna\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\hummingbird\connectivity\12.00\exceed\humshmx.dll O10 - Unknown file in Winsock LSP: c:\program files\hummingbird\connectivity\12.00\exceed\humshmx.dll O10 - Unknown file in Winsock LSP: c:\program files\hummingbird\connectivity\12.00\exceed\humshmx.dll O15 - Trusted Zone: http://.aost.ml.com O15 - Trusted Zone: http://.corp.ml.com O15 - Trusted Zone: http://.dats.ml.com O15 - Trusted Zone: http://.ffsdev.ml.com O15 - Trusted Zone: http://.mlpc.privnet.us.ml.com O15 - Trusted Zone: .privnet.us.ml.com O15 - Trusted Zone: http://.purchasing.ml.com O15 - Trusted Zone: .qa.ml.com O15 - Trusted Zone: http://.qa.ml.com O15 - Trusted Zone: http://.somerset.ml.com O15 - Trusted Zone: http://.tgadev.privnet.us.ml.com O15 - Trusted Zone: http://.tgaqa.privnet.us.ml.com O15 - Trusted Zone: aost.ml.com O15 - Trusted Zone: corp.ml.com O15 - Trusted Zone: dats.ml.com O15 - Trusted Zone: ffsdev.ml.com O15 - Trusted Zone: mlpc.privnet.us.ml.com O15 - Trusted Zone: purchasing.ml.com O15 - Trusted Zone: somerset.ml.com O15 - Trusted Zone: us.ml.com O15 - Trusted Zone: worldnet.ml.com O15 - Trusted Zone: http://www.worldnet.ml.com O15 - Trusted Zone: .motive30 O15 - Trusted Zone: .motive40 O15 - Trusted Zone: http://.aost.ml.com (HKLM) O15 - Trusted Zone: http://.corp.ml.com (HKLM) O15 - Trusted Zone: http://.dats.ml.com (HKLM) O15 - Trusted Zone: http://.ffsdev.ml.com (HKLM) O15 - Trusted Zone: http://.mlpc.privnet.us.ml.com (HKLM) O15 - Trusted Zone: .privnet.us.ml.com (HKLM) O15 - Trusted Zone: http://.purchasing.ml.com (HKLM) O15 - Trusted Zone: .qa.ml.com (HKLM) O15 - Trusted Zone: http://.qa.ml.com (HKLM) O15 - Trusted Zone: http://.somerset.ml.com (HKLM) O15 - Trusted Zone: http://.tgadev.privnet.us.ml.com (HKLM) O15 - Trusted Zone: http://.tgaqa.privnet.us.ml.com (HKLM) O15 - Trusted Zone: aost.ml.com (HKLM) O15 - Trusted Zone: corp.ml.com (HKLM) O15 - Trusted Zone: dats.ml.com (HKLM) O15 - Trusted Zone: ffsdev.ml.com (HKLM) O15 - Trusted Zone: mlpc.privnet.us.ml.com (HKLM) O15 - Trusted Zone: purchasing.ml.com (HKLM) O15 - Trusted Zone: somerset.ml.com (HKLM) O15 - Trusted Zone: us.ml.com (HKLM) O15 - Trusted Zone: worldnet.ml.com (HKLM) O15 - Trusted Zone: http://www.worldnet.ml.com (HKLM) O15 - Trusted Zone: .ml.com (HKLM) O15 - Trusted Zone: .motive30 (HKLM) O15 - Trusted Zone: .motive40 (HKLM) O15 - Trusted Zone: ml.softscape.com (HKLM) O15 - Trusted Zone: ml.webex.com (HKLM) O15 - Trusted IP range: 127.0.0.1 (HKLM) O15 - Trusted IP range: 169.242.54.68 (HKLM) O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amrs.win.ml.com O17 - HKLM\Software\..\Telephony: DomainName = amrs.win.ml.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amrs.win.ml.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = amrs.win.ml.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: FCAGWL - C:\WINDOWS\SYSTEM32\fcagwl.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo5\mDNSResponder.exe O23 - Service: Rational Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hummingbird InetD (HCLInetd) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\12.00\InetD\inetd32.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Rational Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Rational\ClearCase\bin\lockmgr.exe O23 - Service: Rational ClearQuest Mail Service (MailService) - IBM Corporation - C:\Program Files\Rational\ClearQuest\mailservice.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: McAfee DLP Agent Service (McAfeeDLPAgentService) - McAfee Inc. - C:\Program Files\McAfee\DLP\Agent\fcags.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing) O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: OracleMTSRecoveryService - Unknown owner - C:\Program Files\Oracle\ora92\bin\omtsreco.exe" "OracleMTSRecoveryService (file missing) O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\Program Files\Oracle\ora92\bin\ONRSD.EXE O23 - Service: Hummingbird HostExplorer Print Services (PESRV) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\12.00\HostExplorer\PrintServices\PESRV.exe O23 - Service: Hummingbird Proxy Server (ProxyEngine) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\12.00\Accessories\ProxyEngine.exe O23 - Service: ROVA Service (ROVA_Srvc) - Quintech, Inc. - C:\Program Files\ROVA Update\rovasrvc.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe O23 - Service: TimeSync - Intellisoft AG, Switzerland - C:\WINDOWS\system32\timesync.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe ***************************************************************************** ********************************************************* MY STARTUPLIST.txt** StartupList report, 8/4/2008, 6:44:50 PM StartupList version: 1.52.2 Started from : C:\Program Files\Hijackthis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe C:\Program Files\Gizmo5\mDNSResponder.exe C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\GizmoPlugin\GizmoPlugin.exe C:\Program Files\Hummingbird\Connectivity\12.00\InetD\inetd32.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Rational\ClearCase\bin\lockmgr.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\McAfee\DLP\Agent\fcags.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe C:\Program Files\Hummingbird\Connectivity\12.00\HostExplorer\PrintServices\PESRV.exe C:\Program Files\ROVA Update\rovasrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\timesync.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\Program Files\McAfee\DLP\Agent\fcag.exe C:\Program Files\McAfee\DLP\Agent\FCAGT.EXE C:\WINDOWS\SYSTEM32\DWRCST.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Network Associates\Common Framework\McTray.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MRU-Blaster\scheduler.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Documents and Settings\akrishna\Desktop\arun1\app\coolbar\Coolbar.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\akrishna\Start Menu\Programs\Startup] MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 MSPY2002 = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC PHIME2002ASync = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC PHIME2002A = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName ICA Client9.00.32649 = "C:\Program Files\Citrix\ICA Client\ICAClient Config.EXE" GUpload = "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\GRAS302\GUpload.exe" ROVATray = "C:\Program Files\ROVA\rovatray.exe" SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" snpstd = C:\WINDOWS\vsnpstd.exe McAfeeUpdaterUI = "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey nmapp = "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot ShStatEXE = "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE Verizon_McciTrayApp = "C:\Program Files\Verizon\McciTrayApp.exe" UserFaultCheck = C:\WINDOWS\system32\dumprep 0 -u mxomssmenu = "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" VerizonServicepoint.exe = "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe cdloader = "C:\Documents and Settings\akrishna\Application Data\mjusbsp\cdloader2.exe" MAGICJACK Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=INI section not found SCRNSAVE.EXE=INI section not found drivers=INI section not found Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=Registry value not found drivers=Registry value not found Policies Shell key: HKCU\..\Policies: Shell=Registry value not found HKLM\..\Policies: Shell=Registry value not found -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Skype add-on (mastermind) - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (no name) - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} -------------------------------------------------- Enumerating Task Scheduler jobs: Norton Security Scan.job wrSpySweeperTrialSweep.job -------------------------------------------------- Enumerating Download Program Files: [TDServer Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\tdserver.ocx CODEBASE = http://www.kumudam.com/wfplayer/tdserver.cab [Crucial cpcScan] InProcServer32 = C:\WINDOWS\Downloaded Program Files\cpcScan.dll CODEBASE = http://crucial.com/controls/cpcScanner.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: Protocol #6: C:\Program Files\Hummingbird\Connectivity\12.00\Exceed\humshmx.dll Protocol #7: C:\Program Files\Hummingbird\Connectivity\12.00\Exceed\humshmx.dll Protocol #8: C:\Program Files\Hummingbird\Connectivity\12.00\Exceed\humshmx.dll -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- End of report, 8,825 bytes Report generated in 0.290 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only [size="5"][/size] This post has been edited by ArunPedha: Aug 4 2008, 04:55 PM

ArunPedha View Member Profile	Aug 8 2008, 07:37 AM Post #2
New Member Group: New Member Posts: 12 Joined: 19-July 08 Member No.: 80,385 Operating System: Windows XP	Any help??

LDTate View Member Profile	Aug 8 2008, 03:28 PM Post #3
Forum God Group: Root Admin Posts: 40,571 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Stay with this topic until I give you the all clean post. You might want to print these instructions out. I suggest you do this: Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Clear "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Clear "Hide protected operating system files." Click Apply, and then click OK. Please do not delete anything unless instructed to. Please download ATF Cleaner by Atribune. Download - ATF Cleaner» Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. (If you use FireFox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. Next: Please download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected . When completed, a log will open in Notepad. Please save it to a convenient location and post the results. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot. Also "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.

ArunPedha View Member Profile	Aug 9 2008, 10:38 AM Post #4
New Member Group: New Member Posts: 12 Joined: 19-July 08 Member No.: 80,385 Operating System: Windows XP	Thanks. This is malware scan report... My system seems to be slow when i open a word/excel doc or open windows file explorer/save a file or similar activities. It was not that bad earlier.. ****************************************************************************** ************************** Malwarebytes' Anti-Malware 1.24 Database version: 1012 Windows 5.1.2600 Service Pack 2 12:20:57 PM 8/9/2008 mbam-log-8-9-2008 (12-20-57).txt Scan type: Quick Scan Objects scanned: 55780 Time elapsed: 1 hour(s), 39 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) **************************************************************************** ************************** MY HIJACK LIST REPORT **************************************************************************** **************************** Logfile of HijackThis v1.99.1 Scan saved at 12:36:04 PM, on 8/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe C:\Program Files\Gizmo5\mDNSResponder.exe C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\GizmoPlugin\GizmoPlugin.exe C:\Program Files\Hummingbird\Connectivity\12.00\InetD\inetd32.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Rational\ClearCase\bin\lockmgr.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\McAfee\DLP\Agent\fcags.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\Program Files\McAfee\DLP\Agent\fcag.exe C:\Program Files\ROVA Update\rovasrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\timesync.exe C:\WINDOWS\system32\UTSCSI.EXE C:\Program Files\McAfee\DLP\Agent\FCAGT.EXE C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SYSTEM32\DWRCST.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Network Associates\Common Framework\McTray.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MRU-Blaster\scheduler.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\akrishna\Desktop\arun1\app\coolbar\Coolbar.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe C:\Documents and Settings\akrishna\Desktop\arun\exp\Arun_DT\PrjExp.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.ml.com:8083 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [ICA Client9.00.32649] "C:\Program Files\Citrix\ICA Client\ICAClient Config.EXE" O4 - HKLM\..\Run: [GUpload] "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\GRAS302\GUpload.exe" O4 - HKLM\..\Run: [ROVATray] "C:\Program Files\ROVA\rovatray.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\akrishna\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\hummingbird\connectivity\12.00\exceed\humshmx.dll O10 - Unknown file in Winsock LSP: c:\program files\hummingbird\connectivity\12.00\exceed\humshmx.dll O10 - Unknown file in Winsock LSP: c:\program files\hummingbird\connectivity\12.00\exceed\humshmx.dll O15 - Trusted Zone: http://.aost.ml.com O15 - Trusted Zone: http://.corp.ml.com O15 - Trusted Zone: http://.dats.ml.com O15 - Trusted Zone: http://.ffsdev.ml.com O15 - Trusted Zone: http://.mlpc.privnet.us.ml.com O15 - Trusted Zone: .privnet.us.ml.com O15 - Trusted Zone: http://.purchasing.ml.com O15 - Trusted Zone: .qa.ml.com O15 - Trusted Zone: http://.qa.ml.com O15 - Trusted Zone: http://.somerset.ml.com O15 - Trusted Zone: http://.tgadev.privnet.us.ml.com O15 - Trusted Zone: http://.tgaqa.privnet.us.ml.com O15 - Trusted Zone: aost.ml.com O15 - Trusted Zone: corp.ml.com O15 - Trusted Zone: dats.ml.com O15 - Trusted Zone: ffsdev.ml.com O15 - Trusted Zone: mlpc.privnet.us.ml.com O15 - Trusted Zone: purchasing.ml.com O15 - Trusted Zone: somerset.ml.com O15 - Trusted Zone: us.ml.com O15 - Trusted Zone: worldnet.ml.com O15 - Trusted Zone: http://www.worldnet.ml.com O15 - Trusted Zone: .motive30 O15 - Trusted Zone: .motive40 O15 - Trusted Zone: http://.aost.ml.com (HKLM) O15 - Trusted Zone: http://.corp.ml.com (HKLM) O15 - Trusted Zone: http://.dats.ml.com (HKLM) O15 - Trusted Zone: http://.ffsdev.ml.com (HKLM) O15 - Trusted Zone: http://.mlpc.privnet.us.ml.com (HKLM) O15 - Trusted Zone: .privnet.us.ml.com (HKLM) O15 - Trusted Zone: http://.purchasing.ml.com (HKLM) O15 - Trusted Zone: .qa.ml.com (HKLM) O15 - Trusted Zone: http://.qa.ml.com (HKLM) O15 - Trusted Zone: http://.somerset.ml.com (HKLM) O15 - Trusted Zone: http://.tgadev.privnet.us.ml.com (HKLM) O15 - Trusted Zone: http://.tgaqa.privnet.us.ml.com (HKLM) O15 - Trusted Zone: aost.ml.com (HKLM) O15 - Trusted Zone: corp.ml.com (HKLM) O15 - Trusted Zone: dats.ml.com (HKLM) O15 - Trusted Zone: ffsdev.ml.com (HKLM) O15 - Trusted Zone: mlpc.privnet.us.ml.com (HKLM) O15 - Trusted Zone: purchasing.ml.com (HKLM) O15 - Trusted Zone: somerset.ml.com (HKLM) O15 - Trusted Zone: us.ml.com (HKLM) O15 - Trusted Zone: worldnet.ml.com (HKLM) O15 - Trusted Zone: http://www.worldnet.ml.com (HKLM) O15 - Trusted Zone: .ml.com (HKLM) O15 - Trusted Zone: .motive30 (HKLM) O15 - Trusted Zone: .motive40 (HKLM) O15 - Trusted Zone: ml.softscape.com (HKLM) O15 - Trusted Zone: ml.webex.com (HKLM) O15 - Trusted IP range: 127.0.0.1 (HKLM) O15 - Trusted IP range: 169.242.54.68 (HKLM) O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amrs.win.ml.com O17 - HKLM\Software\..\Telephony: DomainName = amrs.win.ml.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amrs.win.ml.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = amrs.win.ml.com O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: FCAGWL - C:\WINDOWS\SYSTEM32\fcagwl.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Gizmo5\mDNSResponder.exe O23 - Service: Rational Cred Manager (cccredmgr) - Unknown owner - C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hummingbird InetD (HCLInetd) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\12.00\InetD\inetd32.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Rational Lock Manager (LockMgr) - Unknown owner - C:\Program Files\Rational\ClearCase\bin\lockmgr.exe O23 - Service: Rational ClearQuest Mail Service (MailService) - IBM Corporation - C:\Program Files\Rational\ClearQuest\mailservice.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: McAfee DLP Agent Service (McAfeeDLPAgentService) - McAfee Inc. - C:\Program Files\McAfee\DLP\Agent\fcags.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing) O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: OracleMTSRecoveryService - Unknown owner - C:\Program Files\Oracle\ora92\bin\omtsreco.exe" "OracleMTSRecoveryService (file missing) O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\Program Files\Oracle\ora92\bin\ONRSD.EXE O23 - Service: Hummingbird HostExplorer Print Services (PESRV) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\12.00\HostExplorer\PrintServices\PESRV.exe O23 - Service: Hummingbird Proxy Server (ProxyEngine) - Hummingbird Ltd. - C:\Program Files\Hummingbird\Connectivity\12.00\Accessories\ProxyEngine.exe O23 - Service: ROVA Service (ROVA_Srvc) - Quintech, Inc. - C:\Program Files\ROVA Update\rovasrvc.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe O23 - Service: TimeSync - Intellisoft AG, Switzerland - C:\WINDOWS\system32\timesync.exe O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe ***************************************************************************** ****************************

LDTate View Member Profile	Aug 9 2008, 12:00 PM Post #5
Forum God Group: Root Admin Posts: 40,571 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Did you add all those O15 - Trusted Zone, in your trusted zones?

ArunPedha View Member Profile	Aug 9 2008, 06:42 PM Post #6
New Member Group: New Member Posts: 12 Joined: 19-July 08 Member No.: 80,385 Operating System: Windows XP	No i have not added any trusted zone myself but this is my office owned system. I am re-infected by antivirus xp again. I will clean and post you the malware log and Hijack once i am done.

LDTate View Member Profile	Aug 9 2008, 06:49 PM Post #7
Forum God Group: Root Admin Posts: 40,571 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Download ComboFix from Here or Here to your Desktop. Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop -------------------------------------------------------------------- Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix. WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts Please do not re-connect your machine back to the Internet until Combofix has completely finished. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ** *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections. Give it atleast 20-30 minutes to finish

ArunPedha