Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91738 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Problem with my task manager & regedit etc.


  • This topic is locked This topic is locked
49 replies to this topic

#1 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 09 April 2008 - 12:25 AM

Hello,
Can someone please help me read this logfile from hijackthis. I guess I have something strange on my computer. The task manager closes after a few seconds, also the regeditor etc.

LOG_FILE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:23:43, on 2008-04-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\program filesNorman\Npm\bin\ELOGSVC.EXE
C:\program filesNorman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\program filesNorman\Npm\bin\NJEEVES.EXE
C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
C:\program filesNorman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\WScript.exe
C:\program filesNorman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\program filesNorman\Nvc\BIN\NIP.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\program filesNorman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.spec.../apps/login.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\system32\rogerca.vbs
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\program filesNorman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DBISQL9] "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [SybaseCentral43] "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (User 'Default user')
O4 - Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189776875845
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O17 - HKLM\Software\..\Telephony: DomainName = SpecTecAB.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O18 - Protocol: dynascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adaptive Server Anywhere - hollandica (ASANYs_hollandica) - iAnywhere Solutions, Inc. - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\program filesNorman\Npm\bin\ELOGSVC.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\program filesNorman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\program filesNorman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\program filesNorman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11998 bytes


Wish you a nice day!
/Triton

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 13 April 2008 - 07:26 AM

Posted Image

Sorry about the delay in responding :(

If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 13 April 2008 - 08:25 AM

Hello,
Thank you for your reply.

I made another scan with HijackThis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:45, on 2008-04-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\program filesNorman\Npm\bin\ELOGSVC.EXE
C:\program filesNorman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\program filesNorman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\WScript.exe
C:\program filesNorman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\program filesNorman\Nvc\BIN\NIP.EXE
C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
C:\program filesNorman\Nvc\bin\nvcoas.exe
C:\program filesNorman\Nvc\bin\cclaw.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.spec.../apps/login.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\system32\rogerca.vbs
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\program filesNorman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DBISQL9] "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [SybaseCentral43] "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1264134221-218676709-1160437746-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (User 'Default user')
O4 - Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189776875845
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O17 - HKLM\Software\..\Telephony: DomainName = SpecTecAB.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O18 - Protocol: dynascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adaptive Server Anywhere - hollandica (ASANYs_hollandica) - iAnywhere Solutions, Inc. - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\program filesNorman\Npm\bin\ELOGSVC.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\program filesNorman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\program filesNorman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\program filesNorman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12587 bytes


My computer does not behave quite good actually.
When I start the Task Manager, it closes itself after a few seconds. Same thing with regedit and msconfig and cmd.exe.
Also some HTML-helps in some programs are not working....

Wish you a good day!
/Triton

#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 13 April 2008 - 08:28 AM

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 13 April 2008 - 09:20 AM

Hello,
The Malwarebytes' Anti-Malware found one infected file and removed it.
Malwarebytes' Anti-Malware Log:
Malwarebytes' Anti-Malware 1.11
Database version: 619

Scan type: Quick Scan
Objects scanned: 36678
Time elapsed: 9 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\rogerca\g2mdlhlpx.exe (Trojan.Agent) -> Quarantined and deleted successfully.

After this, I couyld use the Task Manager and Regedit and MSConfig for a while. But then it stopped working again. I restarted the computer and ran the Malwarebytes' Anti-Malware program again, but this time it did not find any infected files.
The task manager still doesn't work.

This is the new HijackThis Logifile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:59, on 2008-04-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\program filesNorman\Npm\bin\ELOGSVC.EXE
C:\program filesNorman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\program filesNorman\Npm\bin\NJEEVES.EXE
C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
C:\program filesNorman\Nvc\bin\nvcoas.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\WScript.exe
C:\program filesNorman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\program filesNorman\Nvc\BIN\NIP.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\program filesNorman\Nvc\bin\cclaw.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.spec.../apps/login.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\system32\rogerca.vbs
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\program filesNorman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DBISQL9] "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [SybaseCentral43] "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (User 'Default user')
O4 - Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189776875845
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O17 - HKLM\Software\..\Telephony: DomainName = SpecTecAB.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O18 - Protocol: dynascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adaptive Server Anywhere - hollandica (ASANYs_hollandica) - iAnywhere Solutions, Inc. - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\program filesNorman\Npm\bin\ELOGSVC.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\program filesNorman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\program filesNorman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\program filesNorman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12549 bytes


Regards
/Triton

#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 13 April 2008 - 09:22 AM

Download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Give it atleast 20-30 minutes to finish

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 13 April 2008 - 01:30 PM

Hello,
This is the HijackThis Log after I ran Combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27, on 2008-04-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\program filesNorman\Npm\bin\ELOGSVC.EXE
C:\program filesNorman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
C:\program filesNorman\Npm\bin\NJEEVES.EXE
C:\program filesNorman\Nvc\bin\nvcoas.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\program filesNorman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\rundll32.exe
C:\program filesNorman\Nvc\BIN\NIP.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\program filesNorman\Nvc\bin\cclaw.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.spec.../apps/login.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\program filesNorman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DBISQL9] "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [SybaseCentral43] "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (User 'Default user')
O4 - Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189776875845
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O17 - HKLM\Software\..\Telephony: DomainName = SpecTecAB.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O18 - Protocol: dynascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adaptive Server Anywhere - hollandica (ASANYs_hollandica) - iAnywhere Solutions, Inc. - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\program filesNorman\Npm\bin\ELOGSVC.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\program filesNorman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\program filesNorman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\program filesNorman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12480 bytes


And this is the log from Combofix.txt
ComboFix 08-04-12.10 - Rogerca 2008-04-13 17:31:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.321 [GMT 2:00]
Running from: C:\Documents and Settings\rogerca\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\MS_Ext1.DLL
C:\WINDOWS\MS_VXD_Ext.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FAD
-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 16:36 . 2008-04-13 16:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 16:36 . 2008-04-13 16:36 <DIR> d-------- C:\Documents and Settings\rogerca\Application Data\Malwarebytes
2008-04-13 16:36 . 2008-04-13 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-13 16:33 . 2008-04-13 16:33 50,688 --a------ C:\Temp\ATF-Cleaner.exe
2008-04-13 16:22 . 2008-04-13 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-13 13:08 . 2008-04-13 13:01 10,360,321 --a------ C:\Enterprise_LEV_080413.zip
2008-04-11 11:43 . 2008-04-11 11:43 268 --ah----- C:\sqmdata04.sqm
2008-04-11 11:43 . 2008-04-11 11:43 244 --ah----- C:\sqmnoopt04.sqm
2008-04-11 11:25 . 2004-05-05 18:40 414,720 -ra------ C:\WINDOWS\system32\ftcunin.exe
2008-04-11 11:25 . 2004-03-16 12:03 69,632 -ra------ C:\WINDOWS\system32\ftd2xx.dll
2008-04-11 11:25 . 2004-03-23 18:36 56,031 -ra------ C:\WINDOWS\system32\drivers\ftcser2k.sys
2008-04-11 11:25 . 2003-06-11 13:48 48,625 -ra------ C:\WINDOWS\system32\ftcsui2.dll
2008-04-11 11:25 . 2004-05-05 12:10 43,235 -ra------ C:\WINDOWS\system32\drivers\ftcusb.sys
2008-04-11 11:25 . 2004-05-06 13:47 20,198 -ra------ C:\WINDOWS\system32\ftcserco.dll
2008-04-11 11:25 . 2004-03-11 13:27 92 -ra------ C:\WINDOWS\system32\ftcun2k.ini
2008-04-11 11:14 . 2008-04-11 11:14 <DIR> d-------- C:\Program Files\Kockum Sonics
2008-04-11 11:14 . 2004-10-07 20:03 74,240 --a------ C:\Norcontrol_sim.exe
2008-04-10 16:32 . 2008-03-28 10:00 57,594 --a------ C:\00008NL.D
2008-04-10 16:10 . 2008-04-10 16:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-10 16:10 . 2008-04-11 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-10 16:08 . 2008-04-10 16:08 9,722,720 --a------ C:\Temp\spybotsd152.exe
2008-04-09 16:44 . 2008-04-09 16:44 276 --a------ C:\Temp\TS-fix.bat
2008-04-09 09:32 . 2008-04-09 09:32 18,264,120 --a------ C:\Temp\Norman_Malware_Cleaner.exe
2008-04-08 09:25 . 2008-04-08 09:25 268 --ah----- C:\sqmdata03.sqm
2008-04-08 09:25 . 2008-04-08 09:25 244 --ah----- C:\sqmnoopt03.sqm
2008-04-08 09:18 . 2008-04-08 09:18 268 --ah----- C:\sqmdata02.sqm
2008-04-08 09:18 . 2008-04-08 09:18 244 --ah----- C:\sqmnoopt02.sqm
2008-04-07 11:28 . 2008-04-07 11:28 <DIR> d-------- C:\Temp\ar6341
2008-04-07 08:17 . 2008-04-07 08:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-07 08:16 . 2008-04-07 08:16 812,344 --a------ C:\Temp\HJTInstall.exe
2008-04-04 14:01 . 2008-04-07 07:54 <DIR> d-------- C:\cbm
2008-04-04 09:15 . 2008-04-04 09:12 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-04 09:12 . 2008-04-04 12:41 <DIR> d-------- C:\Documents and Settings\rogerca\.housecall6.6
2008-04-03 08:45 . 2008-04-03 08:46 8,161,400 --a------ C:\Temp\Windows-KB890830-V1.39.exe
2008-04-01 12:03 . 2008-04-02 08:58 <DIR> d-------- C:\Temp\Repl_explorer
2008-04-01 12:02 . 2008-04-01 12:02 1,845,168 --a------ C:\Temp\Amos Replication Export Files Explorer.zip
2008-04-01 08:30 . 2008-04-01 08:30 <DIR> d-------- C:\Program Files\RealVNC
2008-04-01 08:29 . 2008-04-01 08:29 739,240 --a------ C:\Temp\vnc-4_1_2-x86_win32.exe
2008-03-31 09:35 . 2008-03-31 09:35 2,593 --a------ C:\Temp\uploaded-8407_update helpfile.zip
2008-03-28 15:48 . 2008-03-28 15:57 <DIR> d-------- C:\Program Files\putty
2008-03-28 15:34 . 2008-03-28 15:35 1,518,921 --a------ C:\Temp\putty.zip
2008-03-28 15:04 . 2008-03-28 15:04 233,308 --a------ C:\Temp\ABS8515.zip
2008-03-27 09:57 . 2008-04-13 16:21 33,830 ---hs---- C:\rogerca.vbs
2008-03-26 15:16 . 2008-03-26 15:47 35,960,792 --a------ C:\Temp\avg75free_519a1276.exe
2008-03-25 09:02 . 2008-03-25 09:02 268 --ah----- C:\sqmdata01.sqm
2008-03-25 09:02 . 2008-03-25 09:02 244 --ah----- C:\sqmnoopt01.sqm
2008-03-19 08:45 . 2008-03-19 08:45 268 --ah----- C:\sqmdata00.sqm
2008-03-19 08:45 . 2008-03-19 08:45 244 --ah----- C:\sqmnoopt00.sqm
2008-03-18 12:34 . 2008-03-18 12:34 <DIR> d-------- C:\Apps
2008-03-14 10:28 . 2008-03-31 14:17 <DIR> d-------- C:\Temp\abs8600
2008-03-13 09:46 . 2008-03-13 09:46 <DIR> d-------- C:\Temp\Moland Interface Ver1.1
2008-03-13 09:46 . 2008-04-04 14:54 <DIR> d-------- C:\Program Files\Hourcnt
2008-03-13 09:46 . 1997-07-19 18:00 97,552 --a------ C:\WINDOWS\system32\MSCOMM32.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 15:38 --------- d-----w C:\Program Files\Plaxo
2008-04-13 15:38 --------- d-----w C:\Documents and Settings\rogerca\Application Data\Skype
2008-04-13 14:54 --------- d-----w C:\Documents and Settings\rogerca\Application Data\skypePM
2008-04-13 14:20 33,830 --sh--w C:\WINDOWS\system32\rogerca.vbs
2008-04-13 14:20 33,830 --sh--w C:\WINDOWS\rogerca.vbs
2008-04-10 12:05 --------- d-----w C:\Program Files\LOGIHOLD
2008-04-07 09:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 07:39 --------- d-----w C:\Program Files\DB Commander 2000 PRO
2008-04-04 14:54 --------- d-----w C:\Program Files\AMOS
2008-03-28 14:03 --------- d-----w C:\Program Files\Wfwin
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 07:00 --------- d-----w C:\Program Files\Java
2008-03-13 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\X-Setup Pro
2008-03-10 07:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-10 07:13 --------- d-----w C:\Program Files\Skype
2008-03-10 07:13 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-07 13:04 --------- d-----w C:\Program Files\Oracle
2008-03-06 09:54 --------- d-----w C:\Program Files\TechSmith
2008-03-06 09:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-03-06 09:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 07:27 --------- d-----w C:\Program Files\Seiko Instruments USA Inc
2008-02-20 13:21 --------- d-----w C:\Program Files\Star IPS
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 07:48 --------- d-----w C:\Program Files\Common Files\Deterministic Networks
2008-02-15 15:20 --------- d-----w C:\Program Files\Cisco Systems
2008-02-15 09:37 --------- d-----w C:\Program Files\totalcmd
2008-02-14 10:23 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-09 15:10 30,288 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 15:10 79,440 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 15:10 75,344 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2007-11-09 15:10 140,880 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 15:10 42,576 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2007-11-09 15:10 50,768 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-11-09 15:10 34,384 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll
2007-06-21 17:39 685,640 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 15:11 30,288 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"DBISQL9"="C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" [2008-01-17 21:38 144688]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe" [2007-12-11 18:21 227914]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"GoToMeeting"="C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe" [2007-12-19 11:15 31816]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-26 17:13 1207080]
"SybaseCentral43"="C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" [2008-01-17 21:38 136496]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"="C:\program filesNorman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 03:04 184320]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50 114688]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56 15360]

C:\Documents and Settings\rogerca\Start Menu\Programs\Startup\
SmartCapture.lnk - C:\WINDOWS\Seiko\slpcap.exe [2006-07-12 03:29:00 123917]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 18:46:00 1724416]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 12:11:48 6395464]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2008-02-18 09:49:44 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbisqlg.exe"=
"C:\\Program Files\\Sybase\\Shared\\Sybase Central 4.3\\win32\\scjview.exe"=
"C:\\Program Files\\Sybase\\ASA 8.0\\win32\\dbeng8.exe"=
"C:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbeng9.exe"=
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nortel Networks\\Extranet.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Star IPS\\Star.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1207:UDP"= 1207:UDP:Windows Media Format SDK (firefox.exe)
"1206:UDP"= 1206:UDP:Windows Media Format SDK (firefox.exe)
"1183:UDP"= 1183:UDP:Windows Media Format SDK (firefox.exe)
"1182:UDP"= 1182:UDP:Windows Media Format SDK (firefox.exe)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Ndiskio;Ndiskio;C:\program filesNorman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2006-05-09 18:47]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2006-05-09 18:46]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
R3 nvcoas;Norman Virus Control on-access component;C:\program filesNorman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
S3 ASANYs_hollandica;Adaptive Server Anywhere - hollandica;C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [2008-01-17 21:38]
S3 D100IB;D100IB;C:\WINDOWS\system32\DRIVERS\D100IB5.SYS [2001-08-17 12:12]
S3 FTCSER2K;FTDI USB Dual Serial Port Driver;C:\WINDOWS\system32\drivers\ftcser2k.sys [2004-03-23 18:36]
S3 FTCUSB;FTCUSB.SYS FT2232C IO test driver;C:\WINDOWS\system32\drivers\ftcusb.sys [2004-05-05 12:10]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2006-05-09 18:46]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-04 07:31]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 20:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.43.4.53#gemensam]
\Shell\AutoRun\command - WScript.exe owepe.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe owepe.vbs "AutoRun"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.43.4.53#intranet]
\Shell\AutoRun\command - WScript.exe owepe.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe owepe.vbs "AutoRun"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.43.4.53#kunder]
\Shell\AutoRun\command - WScript.exe owepe.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe owepe.vbs "AutoRun"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2951483f-03ea-11dd-a3b8-00166f732749}]
\Shell\AutoRun\command - WScript.exe rogerca.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe rogerca.vbs "AutoRun"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e9eb2f2-8b72-11dc-a2f9-444553544200}]
\Shell\AutoRun\command - Q:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-03 12:33:08 C:\WINDOWS\Tasks\CKUtil.job"


I also have Spybot Search And Destroy installed and it is warning me about a registry entry:
Category: REG Extension handler
Change: Value changed
Old Data: regedit.exe "%1"
New Data: %SystemRoot\System32\Wscript.exe "C:\Windows\rogerca.vbs" %1 %*
Should I allow it och deny it?


The problem is still there....
Best Regards
Roger Carlsson

#8 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 13 April 2008 - 02:06 PM

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Temp\spybotsd152.exe
C:\Temp\TS-fix.bat
C:\Temp\Norman_Malware_Cleaner.exe
C:\Temp\ar6341
C:\Temp\HJTInstall.exe
C:\Temp\Repl_explorer
C:\Temp\Amos Replication Export Files Explorer.zip
C:\Temp\vnc-4_1_2-x86_win32.exe
C:\Temp\uploaded-8407_update helpfile.zip
C:\Temp\putty.zip
C:\Temp\ABS8515.zip
C:\Temp\avg75free_519a1276.exe
C:\Temp\abs8600
C:\Temp\Moland Interface Ver1.1

Save this as Save this as "CFScript"


Posted Image

Drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 13 April 2008 - 02:37 PM

Hello again,
COmbofix-log
ComboFix 08-04-12.10 - Rogerca 2008-04-13 22:12:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.278 [GMT 2:00]
Running from: C:\Documents and Settings\rogerca\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\rogerca\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Temp\ABS8515.zip
C:\Temp\abs8600
C:\Temp\Amos Replication Export Files Explorer.zip
C:\Temp\ar6341
C:\Temp\avg75free_519a1276.exe
C:\Temp\HJTInstall.exe
C:\Temp\Moland Interface Ver1.1
C:\Temp\Norman_Malware_Cleaner.exe
C:\Temp\putty.zip
C:\Temp\Repl_explorer
C:\Temp\spybotsd152.exe
C:\Temp\TS-fix.bat
C:\Temp\uploaded-8407_update helpfile.zip
C:\Temp\vnc-4_1_2-x86_win32.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Temp\ABS8515.zip
C:\Temp\Amos Replication Export Files Explorer.zip
C:\Temp\avg75free_519a1276.exe
C:\Temp\HJTInstall.exe
C:\Temp\Norman_Malware_Cleaner.exe
C:\Temp\putty.zip
C:\Temp\spybotsd152.exe
C:\Temp\TS-fix.bat
C:\Temp\uploaded-8407_update helpfile.zip
C:\Temp\vnc-4_1_2-x86_win32.exe
.
---- Previous Run -------
.
C:\Autorun.inf
C:\WINDOWS\MS_Ext1.DLL
C:\WINDOWS\MS_VXD_Ext.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FAD
-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-13 16:36 . 2008-04-13 16:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 16:36 . 2008-04-13 16:36 <DIR> d-------- C:\Documents and Settings\rogerca\Application Data\Malwarebytes
2008-04-13 16:36 . 2008-04-13 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-13 16:33 . 2008-04-13 16:33 50,688 --a------ C:\Temp\ATF-Cleaner.exe
2008-04-13 16:22 . 2008-04-13 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-13 13:08 . 2008-04-13 13:01 10,360,321 --a------ C:\Enterprise_LEV_080413.zip
2008-04-11 11:43 . 2008-04-11 11:43 268 --ah----- C:\sqmdata04.sqm
2008-04-11 11:43 . 2008-04-11 11:43 244 --ah----- C:\sqmnoopt04.sqm
2008-04-11 11:25 . 2004-05-05 18:40 414,720 -ra------ C:\WINDOWS\system32\ftcunin.exe
2008-04-11 11:25 . 2004-03-16 12:03 69,632 -ra------ C:\WINDOWS\system32\ftd2xx.dll
2008-04-11 11:25 . 2004-03-23 18:36 56,031 -ra------ C:\WINDOWS\system32\drivers\ftcser2k.sys
2008-04-11 11:25 . 2003-06-11 13:48 48,625 -ra------ C:\WINDOWS\system32\ftcsui2.dll
2008-04-11 11:25 . 2004-05-05 12:10 43,235 -ra------ C:\WINDOWS\system32\drivers\ftcusb.sys
2008-04-11 11:25 . 2004-05-06 13:47 20,198 -ra------ C:\WINDOWS\system32\ftcserco.dll
2008-04-11 11:25 . 2004-03-11 13:27 92 -ra------ C:\WINDOWS\system32\ftcun2k.ini
2008-04-11 11:14 . 2008-04-11 11:14 <DIR> d-------- C:\Program Files\Kockum Sonics
2008-04-11 11:14 . 2004-10-07 20:03 74,240 --a------ C:\Norcontrol_sim.exe
2008-04-10 16:32 . 2008-03-28 10:00 57,594 --a------ C:\00008NL.D
2008-04-10 16:10 . 2008-04-10 16:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-10 16:10 . 2008-04-11 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-08 09:25 . 2008-04-08 09:25 268 --ah----- C:\sqmdata03.sqm
2008-04-08 09:25 . 2008-04-08 09:25 244 --ah----- C:\sqmnoopt03.sqm
2008-04-08 09:18 . 2008-04-08 09:18 268 --ah----- C:\sqmdata02.sqm
2008-04-08 09:18 . 2008-04-08 09:18 244 --ah----- C:\sqmnoopt02.sqm
2008-04-07 11:28 . 2008-04-07 11:28 <DIR> d-------- C:\Temp\ar6341
2008-04-07 08:17 . 2008-04-07 08:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-04 14:01 . 2008-04-07 07:54 <DIR> d-------- C:\cbm
2008-04-04 09:15 . 2008-04-04 09:12 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-04 09:12 . 2008-04-04 12:41 <DIR> d-------- C:\Documents and Settings\rogerca\.housecall6.6
2008-04-03 08:45 . 2008-04-03 08:46 8,161,400 --a------ C:\Temp\Windows-KB890830-V1.39.exe
2008-04-01 12:03 . 2008-04-02 08:58 <DIR> d-------- C:\Temp\Repl_explorer
2008-04-01 08:30 . 2008-04-01 08:30 <DIR> d-------- C:\Program Files\RealVNC
2008-03-28 15:48 . 2008-03-28 15:57 <DIR> d-------- C:\Program Files\putty
2008-03-27 09:57 . 2008-04-13 21:27 33,830 ---hs---- C:\rogerca.vbs
2008-03-25 09:02 . 2008-03-25 09:02 268 --ah----- C:\sqmdata01.sqm
2008-03-25 09:02 . 2008-03-25 09:02 244 --ah----- C:\sqmnoopt01.sqm
2008-03-19 08:45 . 2008-03-19 08:45 268 --ah----- C:\sqmdata00.sqm
2008-03-19 08:45 . 2008-03-19 08:45 244 --ah----- C:\sqmnoopt00.sqm
2008-03-18 12:34 . 2008-03-18 12:34 <DIR> d-------- C:\Apps
2008-03-14 10:28 . 2008-03-31 14:17 <DIR> d-------- C:\Temp\abs8600
2008-03-13 09:46 . 2008-03-13 09:46 <DIR> d-------- C:\Temp\Moland Interface Ver1.1
2008-03-13 09:46 . 2008-04-04 14:54 <DIR> d-------- C:\Program Files\Hourcnt
2008-03-13 09:46 . 1997-07-19 18:00 97,552 --a------ C:\WINDOWS\system32\MSCOMM32.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 19:52 --------- d-----w C:\Documents and Settings\rogerca\Application Data\Skype
2008-04-13 15:38 --------- d-----w C:\Program Files\Plaxo
2008-04-13 14:54 --------- d-----w C:\Documents and Settings\rogerca\Application Data\skypePM
2008-04-13 14:20 33,830 --sh--w C:\WINDOWS\system32\rogerca.vbs
2008-04-13 14:20 33,830 --sh--w C:\WINDOWS\rogerca.vbs
2008-04-10 12:05 --------- d-----w C:\Program Files\LOGIHOLD
2008-04-07 09:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-07 07:39 --------- d-----w C:\Program Files\DB Commander 2000 PRO
2008-04-04 14:54 --------- d-----w C:\Program Files\AMOS
2008-03-28 14:03 --------- d-----w C:\Program Files\Wfwin
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 07:00 --------- d-----w C:\Program Files\Java
2008-03-13 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\X-Setup Pro
2008-03-10 07:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-10 07:13 --------- d-----w C:\Program Files\Skype
2008-03-10 07:13 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-07 13:04 --------- d-----w C:\Program Files\Oracle
2008-03-06 09:54 --------- d-----w C:\Program Files\TechSmith
2008-03-06 09:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-03-06 09:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 07:27 --------- d-----w C:\Program Files\Seiko Instruments USA Inc
2008-02-20 13:21 --------- d-----w C:\Program Files\Star IPS
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 07:48 --------- d-----w C:\Program Files\Common Files\Deterministic Networks
2008-02-15 15:20 --------- d-----w C:\Program Files\Cisco Systems
2008-02-15 09:37 --------- d-----w C:\Program Files\totalcmd
2008-02-14 10:23 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-09 15:10 30,288 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 15:10 79,440 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 15:10 75,344 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2007-11-09 15:10 140,880 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 15:10 42,576 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2007-11-09 15:10 50,768 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-11-09 15:10 34,384 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll
2007-06-21 17:39 685,640 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 15:11 30,288 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
"DBISQL9"="C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" [2008-01-17 21:38 144688]
"PlaxoUpdate"="C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe" [2007-12-11 18:21 227914]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"GoToMeeting"="C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe" [2007-12-19 11:15 31816]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-26 17:13 1207080]
"SybaseCentral43"="C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" [2008-01-17 21:38 136496]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norman ZANDA"="C:\program filesNorman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 15:09 63712]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-10-13 03:04 184320]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50 114688]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 09:56 15360]

C:\Documents and Settings\rogerca\Start Menu\Programs\Startup\
SmartCapture.lnk - C:\WINDOWS\Seiko\slpcap.exe [2006-07-12 03:29:00 123917]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 18:46:00 1724416]
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2007-05-01 12:11:48 6395464]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2008-02-18 09:49:44 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbisqlg.exe"=
"C:\\Program Files\\Sybase\\Shared\\Sybase Central 4.3\\win32\\scjview.exe"=
"C:\\Program Files\\Sybase\\ASA 8.0\\win32\\dbeng8.exe"=
"C:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbeng9.exe"=
"C:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Nortel Networks\\Extranet.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Star IPS\\Star.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1207:UDP"= 1207:UDP:Windows Media Format SDK (firefox.exe)
"1206:UDP"= 1206:UDP:Windows Media Format SDK (firefox.exe)
"1183:UDP"= 1183:UDP:Windows Media Format SDK (firefox.exe)
"1182:UDP"= 1182:UDP:Windows Media Format SDK (firefox.exe)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R2 Ndiskio;Ndiskio;C:\program filesNorman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2006-05-09 18:47]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2006-05-09 18:46]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
R3 nvcoas;Norman Virus Control on-access component;C:\program filesNorman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
S3 ASANYs_hollandica;Adaptive Server Anywhere - hollandica;C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [2008-01-17 21:38]
S3 D100IB;D100IB;C:\WINDOWS\system32\DRIVERS\D100IB5.SYS [2001-08-17 12:12]
S3 FTCSER2K;FTDI USB Dual Serial Port Driver;C:\WINDOWS\system32\drivers\ftcser2k.sys [2004-03-23 18:36]
S3 FTCUSB;FTCUSB.SYS FT2232C IO test driver;C:\WINDOWS\system32\drivers\ftcusb.sys [2004-05-05 12:10]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2006-05-09 18:46]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-04 07:31]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 20:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.43.4.53#gemensam]
\Shell\AutoRun\command - WScript.exe owepe.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe owepe.vbs "AutoRun"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.43.4.53#intranet]
\Shell\AutoRun\command - WScript.exe owepe.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe owepe.vbs "AutoRun"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##10.43.4.53#kunder]
\Shell\AutoRun\command - WScript.exe owepe.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe owepe.vbs "AutoRun"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2951483f-03ea-11dd-a3b8-00166f732749}]
\Shell\AutoRun\command - WScript.exe rogerca.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe rogerca.vbs "AutoRun"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e9eb2f2-8b72-11dc-a2f9-444553544200}]
\Shell\AutoRun\command - Q:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-03 12:33:08 C:\WINDOWS\Tasks\CKUtil.job"

HIjackThislog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36, on 2008-04-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\program filesNorman\Npm\bin\ELOGSVC.EXE
C:\program filesNorman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\program filesNorman\Npm\bin\NJEEVES.EXE
C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
C:\program filesNorman\Nvc\bin\nvcoas.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\program filesNorman\Npm\bin\ZLH.EXE
C:\program filesNorman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\rundll32.exe
C:\program filesNorman\Nvc\bin\cclaw.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
C:\WINDOWS\Seiko\slpcap.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.spec.../apps/login.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\system32\rogerca.vbs
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Norman ZANDA] C:\program filesNorman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DBISQL9] "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [SybaseCentral43] "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe (User 'Default user')
O4 - Startup: SmartCapture.lnk = C:\WINDOWS\Seiko\slpcap.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro....iler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189776875845
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O17 - HKLM\Software\..\Telephony: DomainName = SpecTecAB.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = SpecTecAB.local
O18 - Protocol: dynascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adaptive Server Anywhere - hollandica (ASANYs_hollandica) - iAnywhere Solutions, Inc. - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\program filesNorman\Npm\bin\ELOGSVC.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\program filesNorman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\program filesNorman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\program filesNorman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\program filesNorman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12643 bytes


The computer still behaves the same. The task manager closes itself, regedit the same...

Best Regards
Triton

#10 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 13 April 2008 - 02:39 PM

Method 1
Click Start, Run and type this command exactly as given below: (better - Copy and paste)

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

If the above didn't work:

Method 2
Download and run this REG fix and double-click it.
http://windowsxp.mvp...eg/EnableTM.reg

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

    Advertisements

Register to Remove


#11 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 13 April 2008 - 02:42 PM

Hello, Thank you for the quick reply. I am sorry, but none of the two methods worked. Best Regards triton

#12 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 13 April 2008 - 02:47 PM

http://windowsxp.mvp...g/ToolsQuit.htm

Go to the above link and follow the instructions and run the Emergency Msconfig, Regedit, Task Manager utility.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#13 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 13 April 2008 - 02:59 PM

Hello, Yes, now I can run the task Manager, MSCONFIG and regedit. Thank You! What do you suggest I do about the possible virus? Is the only way to fix it by reinstalling my computer? Best Regards Triton

#14 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,171 posts

Posted 13 April 2008 - 03:01 PM

Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

C:\WINDOWS\system32\rogerca.vbs

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.


If Jotti is too busy you can try these.

http://www.kaspersky...anforvirus.html


http://www.virustota.../en/indexf.html

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#15 TRITON79

TRITON79

    Authentic Member

  • Authentic Member
  • PipPip
  • 26 posts

Posted 13 April 2008 - 03:09 PM

Hello, here is the test-results... I also test it on the rogerca.vbs-file located in the c:\windows folder, and it was also infected. Service load: 0% 100% File: rogerca.vbs Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: 0bde9869e9d956a5bacb15441054df77 Packers detected: - Bit9 reports: File not found Scanner results Scan taken on 13 Apr 2008 21:07:19 (GMT) A-Squared Found nothing AntiVir Found VBS/Changeset.A ArcaVir Found nothing Avast Found VBS:Agent-BC AVG Antivirus Found VBS/Agent BitDefender Found Win32.VBS.Agent.E ClamAV Found VBS.HeadTail CPsecure Found Worm.VBS.Headtail.A Dr.Web Found VBS.Antipron F-Prot Antivirus Found VBS/Nauj.A F-Secure Anti-Virus Found VBS/Nauj.A, Worm.VBS.Headtail.a Fortinet Found nothing Ikarus Found Virus.VBS.Agent.L Kaspersky Anti-Virus Found Worm.VBS.Headtail.a NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found Script.VBS.Agent.ai Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users