Jump to content

siroscar

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ok it all seemed to go well. ANewHighjackthis LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:19, on 04/06/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Altiris\AClient\AClient.exe C:\Program Files\Equitrac\Professional\Client\EQSharedEngine.exe C:\WINDOWS\system32\LxrJD31s.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\PDF Complete\pdfsty.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Altiris\AClient\AClntUsr.EXE C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\SHOREL~1\SHOREW~1\STCHost.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\PROGRA~1\SHOREL~1\SHOREW~1\CSISCMGR.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://luceweb/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: LookUp Precision - {3DF1974F-9A93-4EF8-9E52-1F93B7FA6765} - C:\PROGRA~1\WRPCLI~1\webtrack.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [FtLnSOP_setup] C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe /Station O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [shoreTel Personal Call Manager] C:\Program Files\Shoreline Communications\ShoreWare Client\StartCli.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Error Recovery Guide.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://sdmcxaac.lfhs.com O15 - Trusted Zone: http://sircxaac.lfhs.com O15 - Trusted Zone: http://slacxaac.lfhs.com O15 - Trusted Zone: http://srscxaac.lfhs.com O15 - Trusted Zone: http://ssdcxaac.lfhs.com O15 - Trusted Zone: http://ssfcxaac.lfhs.com O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} (Shoretel SClientInstall) - http://10.21.10.140/ShoreWareDirector/clie...ientInstall.ocx O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://production.ms.svcrqst.xerox.com/pro...lOptionPack.cab O20 - AppInit_DLLs: PTAPISP.DLL EQDtpSp.dll O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe O23 - Service: EQ Shared Engine (EQSharedEngine) - Equitrac - C:\Program Files\Equitrac\Professional\Client\EQSharedEngine.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9532 bytes Combofix LOG ComboFix 09-04-04.01 - Imaging 2009-04-06 19:02:53.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1418 [GMT -7:00] Running from: c:\documents and settings\Imaging\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Imaging\Desktop\CFScript.txt * Created a new restore point * Resident AV is active FILE :: E:\Help!.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MARXDEV2 -------\Service_MarxDev2 ((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 ))))))))))))))))))))))))))))))) . 2009-04-03 16:26 . 2009-04-03 16:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-04-03 16:26 . 2009-04-03 16:26 <DIR> d-------- c:\documents and settings\Imaging\Application Data\Malwarebytes 2009-04-03 16:26 . 2009-04-03 16:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-03 16:26 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-03 16:26 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-04-02 17:19 . 2009-04-02 17:19 <DIR> d-------- c:\program files\Trend Micro 2009-04-02 16:47 . 2009-04-02 20:27 <DIR> d-------- C:\T.MYRICK 4-2-09 2009-04-01 18:07 . 2009-04-01 18:07 <DIR> d-------- c:\documents and settings\Imaging\Application Data\True Sword 2009-04-01 18:04 . 2009-04-03 14:14 <DIR> d-------- c:\program files\True Sword 5 2009-04-01 17:19 . 2009-04-03 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-01 17:17 . 2009-04-01 17:50 <DIR> d-------- c:\windows\SxsCaPendDel 2009-04-01 16:06 . 2009-04-01 16:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard 2009-04-01 16:05 . 2009-04-01 16:05 <DIR> d-------- c:\program files\Common Files\iS3 2009-04-01 16:05 . 2009-04-01 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-03-24 09:09 . 2009-03-27 13:18 130,040,832 --a------ C:\RDH Chemical.pst 2009-03-12 12:05 . 2009-03-12 12:05 <DIR> d-------- c:\documents and settings\Imaging\Tracing 2009-03-12 12:04 . 2009-03-12 12:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Applications 2009-03-12 12:04 . 2008-12-22 14:43 82,768 --a------ c:\windows\system32\lmdimon8.dll 2009-03-10 12:41 . 2009-04-06 19:08 2,401 --a------ c:\windows\system32\drivers\AlKernel.sys 2009-03-10 12:41 . 2009-04-06 19:08 1,380 --a------ C:\AClient.cfg 2009-03-10 12:41 . 2009-03-10 16:57 41 --a------ C:\AClient.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-06 20:24 --------- d-----w c:\documents and settings\Imaging\Application Data\ShoreWare Client 2009-04-01 18:29 67 ----a-w c:\program files\090331.WordFiles.txt 2009-03-26 18:05 --------- d-----w c:\documents and settings\All Users\Application Data\Juniper Networks 2009-03-10 19:41 --------- d-----w c:\program files\Altiris 2009-03-09 15:22 69 ----a-w c:\program files\090116.OutlookDates.txt 2009-02-10 20:14 81 ----a-w c:\program files\090210.Imaging.IEintranetaddition.txt 2009-02-10 20:14 57 ----a-w c:\program files\090210.TimeService.txt 2009-01-30 19:55 54 ----a-w c:\program files\090130.LFHSmainUpDate.txt 2009-01-19 18:35 57 ----a-w c:\program files\090116.XP.txt 2009-01-12 17:18 110 ----a-w c:\program files\090108.nrtEchoPrune.txt 2008-12-31 21:00 110 ----a-w c:\program files\081226.nrtEchoPrune.txt 2008-12-26 18:45 353 ----a-w c:\program files\echopruneinstall.bat 2008-12-26 18:35 57 ----a-w c:\program files\echoprune.bat 2008-12-22 16:44 58 ----a-w c:\program files\081218.IE7.txt 2008-12-22 16:42 67 ----a-w c:\program files\081216.WordFiles.txt 2008-12-13 17:28 67 ----a-w c:\program files\081211.WordFiles.txt 2008-10-30 02:46 56 ----a-w c:\program files\081023.Imaging.NK2Fix.txt 2008-09-29 19:54 77 ----a-w c:\program files\080917.Imaging.IEtrustedSites.txt 2008-09-04 04:43 110 ----a-w c:\program files\080821.nrtEchoPrune.txt 2008-08-13 23:12 103 ----a-w c:\program files\080812.QV-IEintegration.txt 2008-06-23 19:46 73 ----a-w c:\program files\080620.Imaging.OfficeHelpFix.txt 2008-06-23 19:46 62 ----a-w c:\program files\080619.Imaging.PowerPointClipArtFix.txt 2008-05-27 23:46 67 ----a-w c:\program files\080508.Imaging.OLsecsetfix.txt 2008-03-20 16:23 48 ----a-w c:\program files\080307.DocXTools.txt 2008-03-14 19:28 66 ----a-w c:\program files\080312.Imaging.OLsecZ3fix.txt 2008-01-24 19:33 50 ----a-w c:\program files\080122.LiveMeeting.txt 2008-01-22 18:50 60 ----a-w c:\program files\080118.Best.txt 2008-01-22 18:50 60 ----a-w c:\program files\080116.Best.txt 2008-01-22 18:50 54 ----a-w c:\program files\080117.Defrag.txt 2007-12-28 19:15 60 ----a-w c:\program files\071220.Imaging.Printerupgrade.txt 2007-12-06 21:37 54 ----a-w c:\program files\071128.Imaging.Printerupgrade.txt 2007-11-26 16:00 61 ----a-w c:\program files\071116.Imaging.Printerupgrade.txt 2007-10-15 14:53 67 ----a-w c:\program files\071003.Word2003Macros.txt 2007-09-24 14:53 56 ----a-w c:\program files\070920.Interwoven.txt 2007-08-27 22:09 0 ----a-w c:\program files\070814.USCF.txt 2007-06-25 22:04 103 ----a-w c:\program files\070615.CarpeDiem.txt 2007-03-07 23:26 59 ----a-w c:\program files\070306.NewDST.txt 2007-01-11 17:04 66 ----a-w c:\program files\070110.USCF.txt 2005-09-19 23:19 150,490 ----a-w c:\program files\CBUSetup.zip 2005-09-09 19:17 62 ----a-w c:\program files\041006.Imaging.SigFix.txt 2005-09-09 19:16 74 ----a-w c:\program files\030703.Imaging.WordEnvironReg.txt 2005-01-13 19:40 78 ----a-w c:\program files\4400.txt 2003-12-16 22:02 60 ----a-w c:\program files\pjettest.txt 2008-08-20 23:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082020080821\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-06_13.18.01.68 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2008-04-14 00:12:38 26,112 ----a-w c:\windows\system32\dllcache\userinit.exe - 2009-04-01 18:22:10 32,256 ----a-w c:\windows\system32\userinit.exe + 2008-04-14 00:12:38 26,112 ----a-w c:\windows\system32\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "ShoreTel Personal Call Manager"="c:\program files\Shoreline Communications\ShoreWare Client\StartCli.exe" [2008-03-29 41000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2005-03-06 276480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 5513216] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-01-10 86016] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320] "FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2003-12-19 212992] "FJTWAIN Setup"="c:\windows\Twain_32\fjscan32\FjtwSetup.exe" [2003-04-24 126976] "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536] "RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-09-24 868352] "RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "AClntUsr"="c:\program files\Altiris\AClient\AClntUsr.EXE" [2009-04-06 184320] "nwiz"="nwiz.exe" [2005-01-10 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [2006-12-08 25214] Error Recovery Guide.lnk - c:\program files\PFU\Error Recovery Guide\FTErGuid.exe [2005-09-07 225280] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=PTAPISP.DLL EQDtpSp.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Kf650a;Kf650a;c:\windows\system32\drivers\Kf650a2k.sys [2005-09-07 16405] R0 KofaxIO;KofaxIO;c:\windows\system32\drivers\KofaxIO.sys [2005-09-07 41976] R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2005-09-07 58464] R2 EQSharedEngine;EQ Shared Engine;c:\program files\Equitrac\Professional\Client\EQSharedEngine.exe [2007-09-06 1683456] R2 InAspi32;InAspi32;c:\windows\system32\drivers\InAspi32.sys [2005-09-07 8704] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2005-07-25 476160] R3 CBUSB;MARX CryptoTech LP;c:\windows\system32\drivers\CBUSB.sys [2005-09-19 45056] R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2005-09-07 11520] . Contents of the 'Scheduled Tasks' folder 2009-03-31 c:\windows\Tasks\defragtues.job - C:\ [2009-04-06 19:08] 2009-03-25 c:\windows\Tasks\echoprune.job - c:\program files\echoprune.bat [2008-12-26 11:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://luceweb/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: lfhs.com\sdmcxaac Trusted Zone: lfhs.com\sircxaac Trusted Zone: lfhs.com\slacxaac Trusted Zone: lfhs.com\srscxaac Trusted Zone: lfhs.com\ssdcxaac Trusted Zone: lfhs.com\ssfcxaac DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} - hxxps://production.ms.svcrqst.xerox.com/prodfalcon/service_enu/16279/applets/SiebelOptionPack.cab . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-06 19:08:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . ------------------------ Other Running Processes ------------------------ . c:\program files\Altiris\AClient\ACLIENT.EXE c:\windows\system32\LxrJD31s.exe c:\program files\Network Associates\Common Framework\FrameworkService.exe c:\program files\Network Associates\VirusScan\mcshield.exe c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe c:\program files\Network Associates\VirusScan\vstskmgr.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\MsPMSPSv.exe c:\progra~1\SHOREL~1\SHOREW~1\STCHost.exe c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe c:\progra~1\SHOREL~1\SHOREW~1\CSISCMGR.exe . ************************************************************************** . Completion time: 2009-04-06 19:12:06 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-07 02:12:02 ComboFix2.txt 2009-04-06 20:19:17 Pre-Run: 85,222,457,344 bytes free Post-Run: 85,153,390,592 bytes free 209 --- E O F --- 2009-03-21 04:57:20
  2. The following are the requested logs. PLEASE note that after running Combofix the problem is now gone. Hijackthis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:29, on 2009-04-06 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Altiris\AClient\AClient.exe C:\Program Files\Equitrac\Professional\Client\EQSharedEngine.exe C:\WINDOWS\system32\LxrJD31s.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PDF Complete\pdfsty.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Altiris\AClient\AClntUsr.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\PROGRA~1\SHOREL~1\SHOREW~1\STCHost.exe C:\PROGRA~1\SHOREL~1\SHOREW~1\CSISCMGR.exe C:\Program Files\MICROSOFT OFFICE\OFFICE11\OUTLOOK.EXE C:\PROGRA~1\SHOREL~1\SHOREW~1\Agent.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\PROGRAM FILES\Microsystems\DocXamine\DocXManager.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Network Associates\VirusScan\MCUPDATE.EXE C:\Program Files\Network Associates\Common Framework\McScript_InUse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://luceweb/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: LookUp Precision - {3DF1974F-9A93-4EF8-9E52-1F93B7FA6765} - C:\PROGRA~1\WRPCLI~1\webtrack.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [FtLnSOP_setup] C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe /Station O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [shoreTel Personal Call Manager] C:\Program Files\Shoreline Communications\ShoreWare Client\StartCli.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Error Recovery Guide.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://sdmcxaac.lfhs.com O15 - Trusted Zone: http://sircxaac.lfhs.com O15 - Trusted Zone: http://slacxaac.lfhs.com O15 - Trusted Zone: http://srscxaac.lfhs.com O15 - Trusted Zone: http://ssdcxaac.lfhs.com O15 - Trusted Zone: http://ssfcxaac.lfhs.com O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} (Shoretel SClientInstall) - http://10.21.10.140/ShoreWareDirector/clie...ientInstall.ocx O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://production.ms.svcrqst.xerox.com/pro...lOptionPack.cab O20 - AppInit_DLLs: PTAPISP.DLL EQDtpSp.dll O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe O23 - Service: EQ Shared Engine (EQSharedEngine) - Equitrac - C:\Program Files\Equitrac\Professional\Client\EQSharedEngine.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9875 bytes COMBOFIX LOG: ComboFix 09-04-04.01 - Imaging 2009-04-06 13:16:06.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1345 [GMT -7:00] Running from: c:\documents and settings\Imaging\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt . ((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 ))))))))))))))))))))))))))))))) . 2009-04-03 16:26 . 2009-04-03 16:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-04-03 16:26 . 2009-04-03 16:26 <DIR> d-------- c:\documents and settings\Imaging\Application Data\Malwarebytes 2009-04-03 16:26 . 2009-04-03 16:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-03 16:26 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-03 16:26 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-04-02 17:19 . 2009-04-02 17:19 <DIR> d-------- c:\program files\Trend Micro 2009-04-02 16:47 . 2009-04-02 20:27 <DIR> d-------- C:\T.MYRICK 4-2-09 2009-04-01 18:07 . 2009-04-01 18:07 <DIR> d-------- c:\documents and settings\Imaging\Application Data\True Sword 2009-04-01 18:04 . 2009-04-03 14:14 <DIR> d-------- c:\program files\True Sword 5 2009-04-01 17:19 . 2009-04-03 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-01 17:17 . 2009-04-01 17:50 <DIR> d-------- c:\windows\SxsCaPendDel 2009-04-01 16:06 . 2009-04-01 16:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard 2009-04-01 16:05 . 2009-04-01 16:05 <DIR> d-------- c:\program files\Common Files\iS3 2009-04-01 16:05 . 2009-04-01 17:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla! 2009-03-24 09:09 . 2009-03-27 13:18 130,040,832 --a------ C:\RDH Chemical.pst 2009-03-12 12:05 . 2009-03-12 12:05 <DIR> d-------- c:\documents and settings\Imaging\Tracing 2009-03-12 12:04 . 2009-03-12 12:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Applications 2009-03-12 12:04 . 2008-12-22 14:43 82,768 --a------ c:\windows\system32\lmdimon8.dll 2009-03-10 12:41 . 2009-04-06 09:05 2,401 --a------ c:\windows\system32\drivers\AlKernel.sys 2009-03-10 12:41 . 2009-04-06 09:05 1,380 --a------ C:\AClient.cfg 2009-03-10 12:41 . 2009-03-10 16:57 41 --a------ C:\AClient.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-06 16:08 --------- d-----w c:\documents and settings\Imaging\Application Data\ShoreWare Client 2009-04-01 18:29 67 ----a-w c:\program files\090331.WordFiles.txt 2009-04-01 18:22 32,256 ----a-w c:\windows\system32\userinit.exe 2009-03-26 18:05 --------- d-----w c:\documents and settings\All Users\Application Data\Juniper Networks 2009-03-10 19:41 --------- d-----w c:\program files\Altiris 2009-03-09 15:22 69 ----a-w c:\program files\090116.OutlookDates.txt 2009-02-10 20:14 81 ----a-w c:\program files\090210.Imaging.IEintranetaddition.txt 2009-02-10 20:14 57 ----a-w c:\program files\090210.TimeService.txt 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys 2009-01-30 19:55 54 ----a-w c:\program files\090130.LFHSmainUpDate.txt 2009-01-19 18:35 57 ----a-w c:\program files\090116.XP.txt 2009-01-17 05:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2009-01-12 17:18 110 ----a-w c:\program files\090108.nrtEchoPrune.txt 2008-12-31 21:00 110 ----a-w c:\program files\081226.nrtEchoPrune.txt 2008-12-26 18:45 353 ----a-w c:\program files\echopruneinstall.bat 2008-12-26 18:35 57 ----a-w c:\program files\echoprune.bat 2008-12-22 16:44 58 ----a-w c:\program files\081218.IE7.txt 2008-12-22 16:42 67 ----a-w c:\program files\081216.WordFiles.txt 2008-12-13 17:28 67 ----a-w c:\program files\081211.WordFiles.txt 2008-10-30 02:46 56 ----a-w c:\program files\081023.Imaging.NK2Fix.txt 2008-09-29 19:54 77 ----a-w c:\program files\080917.Imaging.IEtrustedSites.txt 2008-09-04 04:43 110 ----a-w c:\program files\080821.nrtEchoPrune.txt 2008-08-13 23:12 103 ----a-w c:\program files\080812.QV-IEintegration.txt 2008-06-23 19:46 73 ----a-w c:\program files\080620.Imaging.OfficeHelpFix.txt 2008-06-23 19:46 62 ----a-w c:\program files\080619.Imaging.PowerPointClipArtFix.txt 2008-05-27 23:46 67 ----a-w c:\program files\080508.Imaging.OLsecsetfix.txt 2008-03-20 16:23 48 ----a-w c:\program files\080307.DocXTools.txt 2008-03-14 19:28 66 ----a-w c:\program files\080312.Imaging.OLsecZ3fix.txt 2008-01-24 19:33 50 ----a-w c:\program files\080122.LiveMeeting.txt 2008-01-22 18:50 60 ----a-w c:\program files\080118.Best.txt 2008-01-22 18:50 60 ----a-w c:\program files\080116.Best.txt 2008-01-22 18:50 54 ----a-w c:\program files\080117.Defrag.txt 2007-12-28 19:15 60 ----a-w c:\program files\071220.Imaging.Printerupgrade.txt 2007-12-06 21:37 54 ----a-w c:\program files\071128.Imaging.Printerupgrade.txt 2007-11-26 16:00 61 ----a-w c:\program files\071116.Imaging.Printerupgrade.txt 2007-10-15 14:53 67 ----a-w c:\program files\071003.Word2003Macros.txt 2007-09-24 14:53 56 ----a-w c:\program files\070920.Interwoven.txt 2007-08-27 22:09 0 ----a-w c:\program files\070814.USCF.txt 2007-06-25 22:04 103 ----a-w c:\program files\070615.CarpeDiem.txt 2007-03-07 23:26 59 ----a-w c:\program files\070306.NewDST.txt 2007-01-11 17:04 66 ----a-w c:\program files\070110.USCF.txt 2005-09-19 23:19 150,490 ----a-w c:\program files\CBUSetup.zip 2005-09-09 19:17 62 ----a-w c:\program files\041006.Imaging.SigFix.txt 2005-09-09 19:16 74 ----a-w c:\program files\030703.Imaging.WordEnvironReg.txt 2005-01-13 19:40 78 ----a-w c:\program files\4400.txt 2003-12-16 22:02 60 ----a-w c:\program files\pjettest.txt 2008-08-20 23:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082020080821\index.dat . ------- Sigcheck ------- 2004-08-04 00:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe 2008-04-13 17:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe 2009-04-01 11:22 32256 05e3d55791817b245c1aa8468a69837e c:\windows\system32\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "ShoreTel Personal Call Manager"="c:\program files\Shoreline Communications\ShoreWare Client\StartCli.exe" [2008-03-29 41000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2005-03-06 276480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 5513216] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-01-10 86016] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320] "FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2003-12-19 212992] "FJTWAIN Setup"="c:\windows\Twain_32\fjscan32\FjtwSetup.exe" [2003-04-24 126976] "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536] "RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-09-24 868352] "RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 319488] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "AClntUsr"="c:\program files\Altiris\AClient\AClntUsr.EXE" [2009-04-06 184320] "nwiz"="nwiz.exe" [2005-01-10 c:\windows\system32\nwiz.exe] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [2006-12-08 25214] Error Recovery Guide.lnk - c:\program files\PFU\Error Recovery Guide\FTErGuid.exe [2005-09-07 225280] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=PTAPISP.DLL EQDtpSp.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Kf650a;Kf650a;c:\windows\system32\drivers\Kf650a2k.sys [2005-09-07 16405] R0 KofaxIO;KofaxIO;c:\windows\system32\drivers\KofaxIO.sys [2005-09-07 41976] R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2005-09-07 58464] R2 EQSharedEngine;EQ Shared Engine;c:\program files\Equitrac\Professional\Client\EQSharedEngine.exe [2007-09-06 1683456] R2 InAspi32;InAspi32;c:\windows\system32\drivers\InAspi32.sys [2005-09-07 8704] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2005-07-25 476160] R3 CBUSB;MARX CryptoTech LP;c:\windows\system32\drivers\CBUSB.sys [2005-09-19 45056] R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2005-09-07 11520] S2 MarxDev2;MarxDev2; [x] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88db8807-2410-11dc-8bb2-001321ca777f}] \Shell\AutoRun\command - E:\Help!.exe \Shell\open\command - E:\Help!.exe . Contents of the 'Scheduled Tasks' folder 2009-03-31 c:\windows\Tasks\defragtues.job - C:\ [2009-04-06 13:17] 2009-03-25 c:\windows\Tasks\echoprune.job - c:\program files\echoprune.bat [2008-12-26 11:35] . - - - - ORPHANS REMOVED - - - - Toolbar-SITEguard - (no file) HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKLM-Run-Network Associates Error Reporting Service - c:\program files\Common Files\Network Associates\TalkBack\tbmon.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://luceweb/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: lfhs.com\sdmcxaac Trusted Zone: lfhs.com\sircxaac Trusted Zone: lfhs.com\slacxaac Trusted Zone: lfhs.com\srscxaac Trusted Zone: lfhs.com\ssdcxaac Trusted Zone: lfhs.com\ssfcxaac DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} - hxxps://production.ms.svcrqst.xerox.com/prodfalcon/service_enu/16279/applets/SiebelOptionPack.cab . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-06 13:17:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\PTAPISP.DLL - - - - - - - > 'lsass.exe'(788) c:\windows\system32\PTAPISP.DLL . Completion time: 2009-04-06 13:19:15 ComboFix-quarantined-files.txt 2009-04-06 20:19:10 Pre-Run: 85,207,236,608 bytes free Post-Run: 85,291,950,080 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 206 --- E O F --- 2009-03-21 04:57:20
  3. I am getting a 'warning you have a security problem' alert button in my task bar and every so offten IE will try and open ffhdghdgh.com (which our proxy blocks). After running your Maleware remover it shows I have a couple of 'false trojan alerts' keys in my registry. It removes them and then reboots. After rebooting the problem is still there and running Malware shows the same problem. Following is the Hijack and Malware logs. MALWARE LOG: Malwarebytes' Anti-Malware 1.35 Database version: 1938 Windows 5.1.2600 Service Pack 3 4/3/2009 4:34:19 PM mbam-log-2009-04-03 (16-34-19).txt Scan type: Quick Scan Objects scanned: 82479 Time elapsed: 5 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\userinit.exe -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\promo.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HIJACK LOG: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:13:08 PM, on 4/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Altiris\AClient\AClient.exe C:\Program Files\Equitrac\Professional\Client\EQSharedEngine.exe C:\WINDOWS\system32\LxrJD31s.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PDF Complete\pdfsty.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe C:\WINDOWS\system32\userinit.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\PROGRA~1\SHOREL~1\SHOREW~1\STCHost.exe C:\PROGRA~1\SHOREL~1\SHOREW~1\CSISCMGR.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://luceweb/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ F2 - REG:system.ini: Shell=Explorer.exe, c:\pjet\PJETSE.EXE O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: LookUp Precision - {3DF1974F-9A93-4EF8-9E52-1F93B7FA6765} - C:\PROGRA~1\WRPCLI~1\webtrack.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [FtLnSOP_setup] C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwSetup.exe /Station O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU\..\Run: [shoreTel Personal Call Manager] C:\Program Files\Shoreline Communications\ShoreWare Client\StartCli.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Error Recovery Guide.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://sdmcxaac.lfhs.com O15 - Trusted Zone: http://sircxaac.lfhs.com O15 - Trusted Zone: http://slacxaac.lfhs.com O15 - Trusted Zone: http://srscxaac.lfhs.com O15 - Trusted Zone: http://ssdcxaac.lfhs.com O15 - Trusted Zone: http://ssfcxaac.lfhs.com O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} (Shoretel SClientInstall) - http://10.21.10.140/ShoreWareDirector/clie...ientInstall.ocx O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://production.ms.svcrqst.xerox.com/pro...lOptionPack.cab O20 - AppInit_DLLs: PTAPISP.DLL EQDtpSp.dll O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe O23 - Service: EQ Shared Engine (EQSharedEngine) - Equitrac - C:\Program Files\Equitrac\Professional\Client\EQSharedEngine.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 10697 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.