Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: SteveG60558 on July 30, 2010, 06:13:31 PM
-
Thanks in advance for any time and effort you make helping me. Before I found this site, I did the following because I believe my laptop has been infected by some sort of virus, spyware or malware. I had already ran complete scans with:
McAfee, Malware, Ad-Aware, SpyBot and CCleaner
I found a few things in the scans cleaned them out, rebooted but continued to experience some problems.. Here are the symptoms that I continued to experience:
When I run a web search with Google or Bing, the first page of results that I get have generic names related to whatever I run a search on but the actual URL that each of them links to the following (I ran a search on Chicago) (further below are copies of all the shortcuts and attached are copies of results from a few searches in Google and Bing. Notice the lower left corner of the browsers where the actual URL is shown when searching or hovering over a link).
• The second page of the results seem to be alright however all of the “advertising” seem to be corrupted regardless of what page it shows up on
• If I keep trying to work with search and try to figure out what is going on I get some error messages (see 2 attached screenshots)
• When these errors show up, I loose connectivity between Outlook and the server and between all browsers and the internet (even though my wireless connection remains strong)
• Also, I can’t launch programs, open taskmanager (even from Cntrl Alt Del – I can click on the option but no response) or shutdown the computer. I have to do a “Hard Shutdown” with the power button
Copies of Shortcuts from first page of results from Google Search (see screen shots for what is displayed vs what the link actually is)
http://bitstub.com/public/go.php?to=874623
http://bitstub.com/public/go.php?to=874624
http://bitstub.com/public/go.php?to=874626
http://109.235.49.54:81/a/click.php?s=eAEFwUdyo0BcMFwwwL_4js0MIMBbW1sEgQhcIojMhVwiXCchcnz9ds-_
JMB-v6plGX5_fm74N1ww4BsC-A0x_Fwn_R6q4d_8N9f6xZmh3rdMUHCMHSXEehNxPQUsyjK2Q73SrYO3MnTY_WiFw-
Yjqp1h53y8ASjeaLUGIyyHGT6v-xBEDxBN2s5yEgUoWWK4Tyk1TtYeXFw9XCL3jc_
HHJsvSzYFZTXieyW9PU16NUtI8L10Kj1P3QOlrj JVcVhNdvDgOXpPVq9H124JyyTKSu6RjQRQpN6nf iBGMORSM8qFxpXJA7Ps-
NCyN1nQO_4msPZAwG2WEkjjyUSrbz-RtoWa6sTfwk9Io1GL-jOGaTYCrcVVczLhLLtwJHqiLjmdOspgRdFelxeBTjuIPZD5kZC6
bVMUDxcIQrR9XFxLWfFH8Ww72ncPfSyTOhvorkn uziHEg7b7SVOsyLRi7miRcw5YhLgIGTrFoobxiY rdZJ-iBiSPXCfWPqU2ugWbt
FCb2xt2EBvvljJX77zVXR9ZO4dW_nGlZ0pPczCI HzMPk8NTHwnmqjAZQl2nhi77jDc5LKQ6uhBdHZB dKREX0Q8U3aQKbgm6INaE-
3eIYUGYlauptLYOzwWe5MWXtLOr121bhmbCdEwg LaM0c3riRP1V19L-bO2FP0oYFL3yDBtrRm1So3EvDoiHhsMlOHYEkKux83gcDyr
BWA21I8lLfcVMxDCN6FClYBJcXMwcWaqHY_WxhN N-gYbASUt6dGMeEvHmDW0rptQSV6aSZRGTTcix719__gPvRvBcJw,,&aff=625&as=1
http://bitstub.com/public/go.php?to=874628
http://bitstub.com/public/go.php?to=874629
http://bitstub.com/public/go.php?to=874630
http://bitstub.com/public/go.php?to=874632
http://109.235.49.54:81/a/click.php?s=eAENysttwzAMXDDQXTKAwz8pF0VnkSgSKdqDgWZ_1Kd3eX9cJ5Gej9f7fZ3Pp8WBNg6TAxmf-
fudP8f1ur7yc-1YWb5ojZI1dkOLhsLiKJ8BvjYP6umCBdoGggNFVblcMHPHLt2CsZ1sRjKzSUJ1ZRk4t3LLvaw45iAy15nCOYYSqjUJjTYE0ekE
KVYNMyRVbNOmUW3OvqBxXCf6RAMLd8Z7Wda6eXz 8A3wSP4A,&aff=625&as=1
http://109.235.49.54:81/a/click.php?s=eAENzltqAzEMQNG9ZAEzeth6TCldiy3JJKQfA83-qf8Pl_t3EfXr8fx87us8xQ4UP6QdyHjG7yvex_
28f-IbLdIQ2uTKlcNk9WSjlDAsbsBBfVS1RQRq6NA7OrGSMa0QLojtkyboiAwbZICtJZALVrqa41K1wiUk6dLnYM7Rw7eSkkoUVrAxXFzZbU3s
1lAFaGr6mEa6RtkOUETfo1N1P8k0rtb08fUPEns-1Q,,&aff=625&as=1
http://bitstub.com/public/go.php?to=874635
I then followed instructions posted at this site:
Here are the log files from the scans I ran.
SuperAntispyware Scan Results:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/30/2010 at 06:24 PM
Application Version : 4.41.1000
Core Rules Database Version : 5291
Trace Rules Database Version: 3103
Scan type : Complete Scan
Total Scan Time : 01:53:17
Memory items scanned : 610
Memory threats detected : 0
Registry items scanned : 7504
Registry threats detected : 0
File items scanned : 109328
File threats detected : 0
Malware Scan Results:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4372
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/30/10 06:37:19 PM
mbam-log-2010-07-30 (18-37-19).txt
Scan type: Quick scan
Objects scanned: 145191
Time elapsed: 8 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\javaw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Hijack This Scan results:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:57:58 PM, on 7/30/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IObit\Advanced Spyware Remover\ASRsrv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\IObit\Advanced Spyware Remover\ASRtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\FriendlyHijackThis\Sniper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Advanced Spyware Remover] "C:\Program Files\IObit\Advanced Spyware Remover\ASRtray.exe" /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - https://amqp1.ansell.com/qp2.cab
O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} (ICWMInstallObj Class) - https://cpc.on.intercall.com/confmgr/installs/ICWMInstall.cab
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn-am1.infor.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn-am1.infor.com/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199978753218
O16 - DPF: {804F9BC5-0EAB-4150-8065-0DF485420670} (InstallShield Setup Player V11.5) - http://w2003e/deciweb/clientconfig/setup.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.infuzer.com/IDC/client/player/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC7D77DA-E1AC-4D40-930B-B87B2954E034} (QuickMksAxCtl Class) - https://10.130.129.1/LabManager/ControlPanel/Machines/MachineDetails/ActiveXControls/ViewerXVNC/vmware-mks.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = infor.com
O17 - HKLM\Software\..\Telephony: DomainName = infor.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = infor.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = infor.com,infor.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = infor.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = infor.com,infor.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = infor.com,infor.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASRservice - IObit - C:\Program Files\IObit\Advanced Spyware Remover\ASRsrv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: SSA License Server (Master:6005) (BCLMD_M) - SSA Global - C:\Program Files\Baan\shared\bin\BclmServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RDI Document Conversion Helper (RDIConverterPrintHelper) - Web Meeting - C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VMware vCenter Converter Agent (vmware-converter-agent) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
O23 - Service: VMware vCenter Converter Server (vmware-converter-server) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe
--
End of file - 18424 bytes
-
Sorry for duplicate post ... I got a time-out error when I submitted and just redid it rather than checking first. My apologies.
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and links posted for each one)
* Copy the file path in the below Code box:
C:\WINDOWS\system32\msjava.dll
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
========================================
Download Disable/Remove Windows Messenger (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.
Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.
Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.
Exit out of MessengerDisable then delete the two files that were put on the desktop.
========================================
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
=================================
Download ComboFix by sUBs from one of the below links.
Important! You MUST save ComboFix to your desktop
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Double click on ComboFix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
When the scan completes it will open a text window.
Post the contents of that log in your next reply.
Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.