Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Spyware


  • Please log in to reply
1 reply to this topic

#1 izzo

izzo

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 28 April 2007 - 04:00 PM

I have a hunch I have a keylogger, but any help with other spyware is much appreciated. Also, I have no idea what the EcmComSocketListner is.

Logfile of HijackThis v1.99.1
Scan saved at 5:42:19 PM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aventail\Connect\as32svc.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\Program Files\Connected\CBlaunch.exe
C:\WINDOWS\ECM4\Installer\EcmComSocketListenerService\EcmComSocketListenerService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\PROT_SRV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pagents.exe
C:\WINDOWS\system32\PSTARTSR.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\Program Files\CyberArmor\casvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\PROGRA~1\CYBERA~1\pcs.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\Program Files\Configuresoft\CSI Remote Client\CSIRemoteCSvc.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\PROGRA~1\CYBERA~1\pcshelp.exe
C:\Program Files\RBManager\RBManager.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Pointsec\P95tray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Connected\CBSysTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Funk Software\Odyssey Client\odClientMgr.exe
C:\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [vptray] "C:\Program Files\Symantec AntiVirus\VPTray.exe"
O4 - HKLM\..\Run: [CyberArmorHelper] "C:\PROGRA~1\CYBERA~1\pcshelp.exe" -check
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recycle Bin Manager] "C:\Program Files\RBManager\RBManager.EXE"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Protect Tray] "C:\Program Files\Pointsec\P95tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\RunOnce: [ProxyOn] C:\Progra~1\ConnWiz\ProxyOn.EXE
O4 - Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O10 - Unknown file in Winsock LSP: c:\program files\aventail\connect\asdns.dll
O15 - Trusted Zone: http://contentserver.elementk.com (HKLM)
O15 - Trusted Zone: http://*.intellinex-asp.com (HKLM)
O15 - Trusted Zone: http://*.intellinex.com (HKLM)
O15 - Trusted Zone: http://web.lexis.com (HKLM)
O15 - Trusted Zone: http://intellinex.raindance.com (HKLM)
O15 - Trusted Zone: http://*.smarttrainer4.com (HKLM)
O15 - Trusted Zone: http://*.surveymonkey.com (HKLM)
O15 - Trusted Zone: http://*.thomsonib.com (HKLM)
O15 - Trusted Zone: http://cserver.xtremelearning.com (HKLM)
O15 - Trusted IP range: http://199.51.65.79 (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll
O20 - Winlogon Notify: Timbuktu Pro - C:\Program Files\Timbuktu Pro\Hook32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Program Files\Aventail\Connect\as32svc.exe
O23 - Service: Connected RegCap (CBRegCap) - Connected Corporation - C:\Program Files\Connected\CBRegCap.EXE
O23 - Service: Connected Launcher (ConnectedLauncher) - Connected Corporation - C:\Program Files\Connected\CBlaunch.exe
O23 - Service: CSI ECM Socket Listener - Unknown owner - C:\WINDOWS\ECM4\Installer\EcmComSocketListenerService\EcmComSocketListenerService.exe
O23 - Service: Configuresoft ECM Remote Client (CSIRemoteC) - Configuresoft, Inc. - C:\Program Files\Configuresoft\CSI Remote Client\CSIRemoteCSvc.exe
O23 - Service: CyberArmor Run Service (CyberArmorRunService) - InfoExpress - C:\Program Files\CyberArmor\casvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\Oracle\Ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\Oracle\Ora92\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\PROT_SRV.EXE
O23 - Service: Pointsec update agent (Pointsec_agent) - Unknown owner - C:\WINDOWS\system32\pagents.exe
O23 - Service: Pointsec service start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\PSTARTSR.EXE
O23 - Service: SAVRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 May 2007 - 02:36 PM

Hello and welcome to the forum. Sorry about the delay in responding :( If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread. Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users