FIXWAREOUT LOG:
Username "AT3629" - 30/09/2007 20:26:47 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp"="C:\\windows\\system32\\TuneUp\\TuneUp.exe /startup"
"tgcmd"="\"C:\\Program Files\\Support.com\\bin\\tgcmd.exe\" /server"
"SigmaTel StacMon"="C:\\Program Files\\SigmaTel\\SigmaTel AC97 Audio Drivers\\stacmon.exe"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NWTRAY"="NWTRAY.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"ExecUser"="\"C:\\Windows\\System32\\ExecUser.exe\""
"esd3Agent"="C:\\Program Files\\Marimba\\AddOns\\EsdAgent.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"AeXSWDUsr"="\"C:\\Program Files\\Altiris\\eXpress\\NS Client\\AeXSWDUsr.exe\""
"ADU"="\"C:\\Program Files\\Cisco Aironet\\adu.exe\" -nogui"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WBPCache"="WBPCache.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Communicator"="\"c:\\Program Files\\Microsoft Office Communicator\\Communicator.exe\""
"TuneUp"="C:\\windows\\system32\\TuneUp\\TuneUp.exe /startup"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
HIJACKTHIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:46:00 p.m., on 30/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ccs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\WinPwdHelper.exe
C:\program files\marimba\castanet tuner\Tuner.exe
C:\WINDOWS\system32\JobTrigger.exe
c:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Windows\System32\ExecUser.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe
C:\Program Files\Cisco Aironet\adu.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.pg.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.pg.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.pg.com;<local>
O2 - BHO: APHelper Class - {08C63920-DC18-11D2-9E1E-00A0247061AB} - C:\Program Files\Internet Explorer\Autopass\APHelper.dll
O2 - BHO: MSVPS System - {0D5227BF-0C5B-4EA8-833C-FE09F1496F39} - C:\WINDOWS\div32.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [TuneUp] C:\windows\system32\TuneUp\TuneUp.exe /startup
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [ExecUser] "C:\Windows\System32\ExecUser.exe"
O4 - HKLM\..\Run: [esd3Agent] C:\Program Files\Marimba\AddOns\EsdAgent.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AeXSWDUsr] "C:\Program Files\Altiris\eXpress\NS Client\AeXSWDUsr.exe"
O4 - HKLM\..\Run: [ADU] "C:\Program Files\Cisco Aironet\adu.exe" -nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [WBPCache] WBPCache.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Communicator] "c:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [TuneUp] C:\windows\system32\TuneUp\TuneUp.exe /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RealSecure® Desktop Protector.LNK = C:\Program Files\ISS\issSensors\DesktopProtection\PDDonIce.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - c:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.smartforce.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (WficaCtl Object) -
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.timevisio...e30/OrgPubX.cab
O20 - AppInit_DLLs: AeXPrcssAppInitNT.dll
O21 - SSODL: mssql - {2F374123-37E1-468A-8BEA-969BA3ACAEB2} - C:\WINDOWS\mssql.dll
O21 - SSODL: syscore - {C5428A26-4475-498B-B142-A2BF2606FD2A} - C:\WINDOWS\syscore.dll
O23 - Service: Altiris eXpress NS Client (AeXNSClient) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClient.exe
O23 - Service: Altiris eXpress NS Client Transport (AeXNSClientTransport) - Altiris - C:\Program Files\Altiris\eXpress\NS Client\AeXNSClientTransport.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Cisco Configuration Service (CCS) - Unknown owner - C:\WINDOWS\system32\ccs.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - c:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - c:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - c:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: JobTrigger - Hewlett Packard - C:\WINDOWS\system32\JobTrigger.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: WinPwdReset - Unknown owner - C:\WINDOWS\system32\WinPwdHelper.exe
O23 - Service: workspace - Marimba, Inc. - C:\program files\marimba\castanet tuner\Tuner.exe
--
End of file - 10519 bytes