Jump to content

DigiGuru

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. DigiGuru
    So far, so good - no more popups. I deleted the rootkit via the Mcafee Rootkit Detective available here: http://download.nai.com/products/mcafee-av...itDetective.zip Seems to have worked, and if it has, I'm so glad!
  2. DigiGuru
    I've uploaded the file for you to look at before I attempt removal.
  3. DigiGuru
    Decided to do a virus scan on that file via VirusTotal: Antivirus Version Last Update ResultAhnLab-V3 2007.8.9.2 2007.08.09 -AntiVir 7.4.0.57 2007.08.09 -Authentium 4.93.8 2007.08.08 -Avast 4.7.1029.0 2007.08.09 -AVG 7.5.0.476 2007.08.08 -BitDefender 7.2 2007.08.09 -CAT-QuickHeal 9.00 2007.08.09 (Suspicious) - DNAScanClamAV 0.91 2007.08.09 -DrWeb 4.33 2007.08.09 -eSafe 7.0.15.0 2007.07.31 -eTrust-Vet 31.1.5045 2007.08.09 -Ewido 4.0 2007.08.08 -FileAdvisor 1 2007.08.09 -Fortinet 2.91.0.0 2007.08.09 -F-Prot 4.3.2.48 2007.08.08 -F-Secure 6.70.13030.0 2007.08.09 -Ikarus T3.1.1.12 2007.08.09 -Kaspersky 4.0.2.24 2007.08.09 -McAfee 5093 2007.08.08 -Microsoft 1.2704 2007.08.09 -NOD32v2 2446 2007.08.09 -Norman 5.80.02 2007.08.08 -Panda 9.0.0.4 2007.08.09 -Prevx1 V2 2007.08.09 -Rising 19.35.32.00 2007.08.09 -Sophos 4.19.0 2007.08.01 -Sunbelt 2.2.907.0 2007.08.09 -Symantec 10 2007.08.09 Trojan.SkintrimTheHacker 6.1.7.166 2007.08.09 -VBA32 3.12.2.2 2007.08.09 -VirusBuster 4.3.26:9 2007.08.09 -Webwasher-Gateway 6.0.1 2007.08.09 - Additional informationFile size: 263680 bytesMD5: b974d7a5c37e15c07b6ce2b99547a3e7SHA1: cbcd9d8295f1b7f3c67fd17fb1b55c5aff37490e
  4. DigiGuru
    If this helps, the rootkit search (so far) has revealed the following hidden process and highlighted it red.... GMER 1.0.13.12551 - http://www.gmer.netRootkit scan 2007-08-09 15:46:29Windows 5.2.3790 Service Pack 1 ---- Processes - GMER 1.0.13 ---- Process c:\windows\system32\ghzozres.exe (*** hidden *** ) 2880 Library c:\windows\system32\ghzozres.exe (*** hidden *** ) @ c:\windows\system32\ghzozres.exe [2880] 0x00400000
  5. DigiGuru
    I ran AVG and it deleted the New.DotNet file, along with another Trojan that I cant remember - I couldn't get it to save a log (even though I had "always create a report" enabled) Every time I try to run Panda now, I get a JavaScript error, so that's not looking good. Run the latest rogueremover and that's found nothing. Currently doing a rootkit search with GMER HJT Log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:35:11, on 09/08/2007 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mgabg.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Seagate Software\WCS\pageserver.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\vds.exe C:\Program Files\Seagate Software\WCS\WebCompServer.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\UltraMon\UltraMon.exe c:\Program Files\Microsoft SQL Server\90\COM\logread.exe c:\Program Files\Microsoft SQL Server\90\COM\distrib.exe C:\Program Files\Network Associates\Common Framework\McTray.exe C:\WINDOWS\system32\PDesk\PDesk.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\PROGRA~1\Symbian\Shared\SymbianConnectRunTime\SymbianConnectRuntime.exe C:\PROGRA~1\Symbian\Shared\SymbianConnectRunTime\SCBAL.exe C:\PROGRA~1\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe C:\Documents and Settings\DuncanS\Local Settings\Temp\gmer.exe c:\downloads\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/ O1 - Hosts: 87.117.196.106 www.ktjewellery.co.uk O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [pvinstall] "c:\pvinstall.vbs" O4 - HKLM\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: Map Z Drive.lnk = C:\startup.bat O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: SQL Prompt.lnk = C:\Program Files\Red Gate\SQL Prompt\RedGate.SQLPrompt.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XML Spy Suite\spy.htm (HKCU) O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XML Spy Suite\spy.htm (HKCU) O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\NPssView.dll O14 - IERESET.INF: START_PAGE_URL=http://intranet O15 - Trusted Zone: http://staging.cpd.gnx.com O15 - Trusted Zone: http://www.pandasecurity.com O15 - Trusted Zone: http://www.pandasoftware.com O15 - Trusted Zone: http://*.uk-dev-duncans O15 - Trusted Zone: http://*.uk-qa-msweb03 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://uk-dev-duncans/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=jzgar1v4erq2uo45ydvqek55&ControlID=a6ccf01f-181c-43f1-9d1d-039dca17dcf8&Culture=2057&UICulture=9&ReportStack=1&OpType=PrintCab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wwre.org O17 - HKLM\Software\..\Telephony: DomainName = wwre.org O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wwre.org O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wwre.org O20 - Winlogon Notify: jkhhi - C:\WINDOWS\system32\jkhhi.dll (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe O23 - Service: Seagate Page Server (pageserver) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\pageserver.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Seagate Web Component Server (WebCompServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\WebCompServer.exe -- End of file - 10558 bytes
  6. DigiGuru
    I've never had Bazooka tell me it can remove anything - it pureley tells you if it finds something, then you go off to a very informative website that tells you where to look for the files and how to remove it, along with links to free AVG or Norton utils that target that spyware/virus. The utility shows all file and registry location and goes at depth into removing it yourself, for free and never once has it recommended "pay-for" software. Are we talking about the same Bazooka? Oh... and Panda got about 40% of the way through earlier and then crashed IE lol... will run that tonight Stu
  7. DigiGuru
    I was using Bazooka Adware and Spyware scanner - which until recently has done me very well. Cleaned the system using Spybot S&D, and that's fixed a few things. Ran RogueRemover free edition and it found nothing at all (latest version) Forgot to set the Panda off overnight. I'll see about doing it now, but this is a work machine and I'm a developer, so if it starts impacting performance, I'll have to leave it until tonight to run and post the log in the morning. HijackThis log below: --------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:22:31, on 07/08/2007 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mgabg.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Seagate Software\WCS\pageserver.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\vds.exe C:\Program Files\Seagate Software\WCS\WebCompServer.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE c:\Program Files\Microsoft SQL Server\90\COM\logread.exe c:\Program Files\Microsoft SQL Server\90\COM\distrib.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\Program Files\Network Associates\Common Framework\McTray.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\PDesk\PDesk.exe C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe C:\Program Files\GetRight\getright.exe C:\Program Files\Red Gate\SQL Prompt\RedGate.SQLPrompt.exe C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\PROGRA~1\Symbian\Shared\SymbianConnectRunTime\SymbianConnectRuntime.exe C:\PROGRA~1\Symbian\Shared\SymbianConnectRunTime\SCBAL.exe C:\Program Files\Sony Ericsson\Mobile4\Sync Manager\SyncIndicator.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.uk-dev-duncans O15 - Trusted Zone: http://*.uk-qa-msweb03 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://uk-dev-duncans/Reports/Reserved.Rep...OpType=PrintCab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wwre.org O17 - HKLM\Software\..\Telephony: DomainName = wwre.org O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wwre.org O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wwre.org O20 - Winlogon Notify: jkhhi - C:\WINDOWS\system32\jkhhi.dll (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe O23 - Service: Seagate Page Server (pageserver) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\pageserver.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Seagate Web Component Server (WebCompServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\WebCompServer.exe -- End of file - 12060 bytes
  8. DigiGuru
    Downloading spybot s&d, and currently running a panda scan
  9. DigiGuru
    Here's the log. Windows Defender, Bazooka etc coming up with nothing. This is a work machine, so I have no control over antivirus, but full admin rights on everything else. Currently using Network Associates antivirus ================================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:50:39, on 06/08/2007 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\mgabg.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Seagate Software\WCS\pageserver.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\vds.exe C:\Program Files\Seagate Software\WCS\WebCompServer.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE c:\Program Files\Microsoft SQL Server\90\COM\logread.exe c:\Program Files\Microsoft SQL Server\90\COM\distrib.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Network Associates\Common Framework\McTray.exe C:\WINDOWS\system32\PDesk\PDesk.exe C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe C:\Program Files\GetRight\getright.exe C:\Program Files\Red Gate\SQL Prompt\RedGate.SQLPrompt.exe C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\PROGRA~1\Symbian\Shared\SymbianConnectRunTime\SymbianConnectRuntime.exe C:\PROGRA~1\Symbian\Shared\SymbianConnectRunTime\SCBAL.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Microsoft Visual Studio\Common\IDE\IDE98\DEVENV.EXE Z:\Utilities\Exe\SprocSafe.exe C:\Program Files\Microsoft Visual Studio\Common\VSS\win32\SSEXP.EXE C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\sqlwb.exe C:\WINDOWS\system32\luleixvf.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\QSA Ltd\PV Configuration Tool v1.4\LabelConfig.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\NewsLeecher\newsLeecher.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Sony Ericsson\Mobile4\Sync Manager\SyncIndicator.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE C:\Program Files\Internet Explorer\iexplore.exe c:\windows\system32\inetsrv\w3wp.exe C:\WINDOWS\system32\taskmgr.exe C:\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.uk-dev-duncans O15 - Trusted Zone: http://*.uk-qa-msweb03 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://uk-dev-duncans/Reports/Reserved.Rep...OpType=PrintCab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wwre.org O17 - HKLM\Software\..\Telephony: DomainName = wwre.org O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wwre.org O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wwre.org O20 - Winlogon Notify: jkhhi - C:\WINDOWS\system32\jkhhi.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe O23 - Service: Seagate Page Server (pageserver) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\pageserver.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Seagate Web Component Server (WebCompServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\WebCompServer.exe -- End of file - 12515 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.