Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

PC Infected with gomyhit/false spyware warnings


  • Please log in to reply
5 replies to this topic

#1 nadiur

nadiur

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 04 March 2008 - 08:18 AM

Hi everyone,

my PC has been infected by a virus and even after reading many posts I do not get rid of it. I get two symbols in the taskbar (the white cross on red and the black exclamation mark on yellow), both telling me that "Windows has detected a spyware infection". I get a balloon popup with the long text and a "Windows Security Alert" window telling me to "click here to download spyware remover", yes/no.


I already tried pretty much every program I could find in other threads (SmitFraudFix, VundoFix, Combofix, SuperAntiSpyware, AdAware, Spybot S&D, ATF-Cleaner) but the infection is still there. A couple of times I had different trojans/spyware etc. showing up but it keeps on coming back. I tried a full system restore but it seems as if all my old restore points have been deleted. A new one is added called "Last good known configuration", but that one fails.

I hope someone can help me to solve this systematically... here the HijackThis log to start with, thank you for any help!:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12, on 2008-03-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\BT Common Client\btomosrv.exe
c:\Program Files\CA\SC\CAM\bin\cam.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\Program Files\ENDFORCE\AgentAPI.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\BT Auto Backup\VaultClientSRV.exe
C:\Program Files\BT Auto Backup\VaultClientUpgrade.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\Program Files\CA\DSM\bin\caf.exe
c:\Program Files\CA\DSM\Bin\cfsmsmd.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\CA\DSM\Bin\ccnfagent.exe
c:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
c:\Program Files\CA\DSM\Bin\ccsmagtd.exe
c:\Program Files\CA\DSM\Bin\amswmagt.exe
c:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
c:\Program Files\CA\DSM\Bin\cfftplugin.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ENDFORCE\AgntTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\DSM\bin\cfSysTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Qlock\qlock.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Paint.NET\PaintDotNet.exe
D:\Documents and Settings\100022178\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gems.setpac.ge.com:1533/pac.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: AvayaIEHlprObj Class - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Softphone\AvayaWebDial.dll
O3 - Toolbar: SupportCentral - {E5CA3FCB-32F0-4602-A3FD-0785E3F0F5BF} - C:\WINDOWS\System32\SCTOOL~1.DLL
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [imekrmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMKR\imekrmig.exe
O4 - HKLM\..\Run: [imjpmig] C:\Program Files\Common Files\Microsoft Shared\IME\IMJP\imjpmig.exe /RemAdvDef /AIMEREG /Migration /SetPreload
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ENDFORCEAgent] "c:\Program Files\ENDFORCE\AgntTray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DsmSxplog] "c:\Program Files\CA\DSM\Bin\sxpstub.exe"
O4 - HKLM\..\Run: [CAF_SystemTray] "c:\Program Files\CA\DSM\bin\cfSysTray.exe"
O4 - HKLM\..\Run: [PWRESET] C:\Program Files\Avaya\Avaya IP Softphone\IP Service Provider\pwreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvbud.dll,startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [2] \\euro.med.ge.com\sysvol\euro.med.ge.com\scripts\Unicenter\DSMSDAMV2.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = ?
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: RealSecure® Desktop Protector.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: CADE - {605E5D27-BFA0-471F-87ED-98A2623D633C} - C:\Program Files\CADE\Web\new.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://healthcare.home.ge.com
O15 - Trusted Zone: *.ge.com
O15 - Trusted Zone: *.ge.com (HKLM)
O16 - DPF: Sametime MRC 651FP1 - http://medmeeting01....gRoomClient.cab
O16 - DPF: {205E7068-6D03-4566-AD06-A146B592FBA5} (Loader Class v2) - http://usmkeqcvm01.a...in/Spider80.ocx
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {3A45C7F1-E772-46C9-A84D-7F60D401D2BD} (prjBrowseFolder.ctrlBrowseFolder) - http://alpharetta.fo...rowseFolder.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {4B58531F-5100-4FCD-9801-51D2728F85A6} (MassUploadDnD.UserInterface) - http://alpharetta.fo...ssUploadDnd.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1186209219110
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1158497154261
O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) - http://medmeeting01....STJNILoader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emeetings.we...bex/ieatgpc.cab
O16 - DPF: {F9B3E1F4-3F66-11D3-AD61-0090275A7262} (ZABOClientControl Class) - http://bizobjects.am...eX/ZABOIEEN.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = clients.em.health.ge.com
O17 - HKLM\Software\..\Telephony: DomainName = clients.em.health.ge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = clients.em.health.ge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = em.health.ge.com,health.ge.com,euro.med.ge.com,med.ge.com,e2k.ad.ge.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = clients.em.health.ge.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = em.health.ge.com,health.ge.com,euro.med.ge.com,med.ge.com,e2k.ad.ge.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = em.health.ge.com,health.ge.com,euro.med.ge.com,med.ge.com,e2k.ad.ge.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: CAF - c:\Program Files\CA\DSM\Bin\cfwlogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: BT Common Client - British Telecommunications Plc. - C:\Program Files\BT Common Client\btomosrv.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - c:\Program Files\CA\SC\CAM\bin\cam.exe
O23 - Service: CA DSM r11 Common Application Framework. (caf) - CA - c:\Program Files\CA\DSM\bin\caf.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ENDFORCE Agent API - ENDFORCE, Inc. - c:\Program Files\ENDFORCE\AgentAPI.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iClarityQoSService - AVAYA Communication - C:\WINDOWS\System32\QosServM.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: BT Auto Backup Service (VaultClientSRV) - BT - C:\Program Files\BT Auto Backup\VaultClientSRV.exe
O23 - Service: BT Auto Backup Upgrade Service (VaultClientUpgrade) - BT - C:\Program Files\BT Auto Backup\VaultClientUpgrade.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 16610 bytes

    Advertisements

Register to Remove


#2 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 04 March 2008 - 04:04 PM

You are running HJT from an unsafe location. An easy way to correct this is to do the following:

Download a copy of HJTInstall.exe from here and save it to your Desktop
  • Double click HJTInstall.exe to begin installation.
  • Accept the installation location, which by default is C:\Program Files\Trend Micro\HijackThis or click the Browse... button if you want to chose somewhere else and then click Install
  • Once HJT has installed, a shortcut will be created on your Desktop and HJT will open automatically.
  • You will need to accept the EULA, if it appears, to be able to use the tool.
  • Click on Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.

Death to the salad eaters!

#3 nadiur

nadiur

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 04 March 2008 - 04:21 PM

Hi Noviciate and thank you very much for your reply! I have installed HiJackThis as recommended by you and here is the information you requested. Thank you! ???? ??? ????? ?? Microsoft .NET Framework 3.0 Ad-Aware 2007 Adobe Flash Player ActiveX Apple Mobile Device Support Apple Software Update Avaya IP Softphone R6 Azureus Vuze Bluetooth Stack for Windows by Toshiba BT Access Manager BT Auto Backup BusinessObjects Enterprise XI Release 2 CA Unicenter DSM DMPrimer CDex extraction audio doPDF 5.3 printer Ethereal 0.99.0 Freecom Personal Media Suite 2.53 HijackThis 2.0.2 IBM Lotus Sametime Connect 7.5 iTunes Java™ 6 Update 2 Java™ 6 Update 3 Map24 Desktop Map24 Mobile - PocketPC Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 ?? ? - ??? Microsoft .NET Framework 2.0 ??? - ???? Microsoft .NET Framework 2.0 ??? Language Pack Microsoft .NET Framework 2.0 ???? - ???? Microsoft .NET Framework 2.0 Language Pack - DEU Microsoft .NET Framework 2.0 Language Pack - ELL Microsoft .NET Framework 2.0 Language Pack - HEB Microsoft .NET Framework 2.0 Language Pack - NLD Microsoft .NET Framework 2.0 Language Pack - PTG Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 - Language Pack (italiano) Microsoft .NET Framework 3.0 ??? ?? ? Microsoft .NET Framework 3.0 ??? Language Pack Microsoft .NET Framework 3.0 ??????? Microsoft .NET Framework 3.0 ???????? Microsoft .NET Framework 3.0 Dutch Language Pack Microsoft .NET Framework 3.0 French Language Pack Microsoft .NET Framework 3.0 German Language Pack Microsoft .NET Framework 3.0 German Language Pack Microsoft .NET Framework 3.0 Hebrew Language Pack Microsoft .NET Framework 3.0 Italian Language Pack Microsoft .NET Framework 3.0 Japanese Language Pack Microsoft .NET Framework 3.0 Korean Language Pack Microsoft .NET Framework 3.0 Nederlands taalpakket Microsoft .NET Framework 3.0 Portuguese Language Pack Microsoft .NET Framework 3.0 Portuguese Language Pack Microsoft .NET Framework 3.0 Simplified Chinese Language Pack Microsoft .NET Framework 3.0 Spanish Language Pack Microsoft .NET Framework 3.0 Traditional Chinese Language Pack Microsoft ActiveSync Microsoft Office Outlook 2003 Microsoft Office XP Standard Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0 Mozilla Firefox (2.0.0.12) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) Nero 8 Trial neroxml OpenProj Beta 6 Paint.NET v3.22 Paquete de idioma de Microsoft .NET Framework 2.0 - ESN Paquete de idioma para español de Microsoft .NET Framework 3.0 QuickTime Security Update for Windows XP (KB921503) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB942615) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944533) Security Update for Windows XP (KB946026) Spybot - Search & Destroy SUPERAntiSpyware Free Edition Update for Windows XP (KB933360) VCRedistSetup VideoLAN VLC media player 0.8.6a WebEx Windows Communication Foundation Windows Imaging Component Windows Presentation Foundation Windows Presentation Foundation Language Pack (CHS) Windows Presentation Foundation Language Pack (CHT) Windows Presentation Foundation Language Pack (DEU) Windows Presentation Foundation Language Pack (ESN) Windows Presentation Foundation Language Pack (FRA) Windows Presentation Foundation Language Pack (HEB) Windows Presentation Foundation Language Pack (ITA) Windows Presentation Foundation Language Pack (JPN) Windows Presentation Foundation Language Pack (KOR) Windows Presentation Foundation Language Pack (NLD) Windows Presentation Foundation Language Pack (PTG) Windows Workflow Foundation Windows Workflow Foundation DE Language Pack Windows Workflow Foundation ES Language Pack Windows Workflow Foundation FR Language Pack Windows Workflow Foundation HE Language Pack Windows Workflow Foundation IT Language Pack Windows Workflow Foundation JA Language Pack Windows Workflow Foundation KO Language Pack Windows Workflow Foundation NL Language Pack Windows Workflow Foundation PT Language Pack Windows Workflow Foundation ZH-CHS Language Pack Windows Workflow Foundation ZH-CHT Language Pack WinPcap 3.1 XML Paper Specification Shared Components Language Pack 1.0 XoftSpySE YeahReader 2.22

#4 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 04 March 2008 - 05:10 PM

I see entries in your log for both Symantec and CA anti-virus programs. It's possible that the Symantec ones are leftovers from a previous installation as their stuff is a b!tch to uninstall properly! If you do have two anti-virus programs installed, you'll need to uninstall the one you like least as there is a risk of conflictions if you have two running in real time competing. If you don't, and i'd guess that these bits are leftovers, then let me know and i'll get rid of them as well - do be certain that you have nothing Symantec installed before you reply as once it's gone, you won't get it back without reinstalling.
Death to the salad eaters!

#5 nadiur

nadiur

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 04 March 2008 - 05:54 PM

Hi, I only have one virus scanner, symantec. I alread made a full scan with it, no results. The CA entry is from Unicentre, which is a tool that delivers updates/patches etc. in networks, not a virus scanner. I can not uninstall either due to company policies. Thanks.

#6 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 04 March 2008 - 06:02 PM

Not familiar with that - CA is normally seen as providing an AV, and i guess I got carried away! :smack:

I can not uninstall either due to company policies.

If this is a company machine I recommend that you get their tech support to deal with your problem. Although most computers clean up OK, there is always a risk that something gets borked and you won't be very popular if this machine is the one that gets it in the neck. Malware is getting more difficult to remove, and sometimes file/registry corruption is an unavoidable result of trying to dig out slime.
Death to the salad eaters!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users