Jump to content

b haverkos

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by b haverkos

  1. I have been having problems with this trojan for over a week. It appears to clean it off. As long as I stay on my company network, I am ok, But if I run on another network - home for example, then the next time I boot, I have the virus back. (Maybe even before I boot, but I am not normally on for too long when I am not at work - just to check mail etc.) I cleaned it this morning, and malwarebytes does not find anything at the moment. Can you tell if something is still there? I ran the process you recommended and am attaching the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:17:23 PM, on 1/21/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\HGRA\HGRA\WENGINE\wmonitor.exe C:\Program Files\HGRA\HGRA\FLUtilsSvc.exe C:\Program Files\LANDesk\LDClient\LocalSch.EXE C:\WINDOWS\system32\CBA\pds.exe C:\Program Files\LANDesk\LDClient\tmcsvc.exe C:\PROGRA~1\LANDesk\LDClient\issuser.exe c:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\mnmsrvc.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HGRA\HGRA\ServiceMgr.exe C:\Program Files\LANDesk\LDClient\softmon.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\PROGRA~1\LANDesk\LDClient\rcgui.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\stsystra.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UdaterUI.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe c:\Program Files\Network Associates\Common Framework\McTray.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office Communicator\Communicator.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Southwest Airlines\Ding\Ding.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Downloaded Program Files\SiebelAx_Desktop_Integration_19237.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\calc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.honeywell.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.honeywell.com/ O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 6\SnagItIEAddin.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [McAfeeUpdaterUI] "c:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [1] \\global.ds.honeywell.com\SysVol\global.ds.honeywell.com\Policies\{2037079B-D0B4-4E4C-84AE-EC8F4A576F8D}\Machine\Scripts\GTS-GPOAdminSecWeb2.0.3.vbe O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user') O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {004DF9D9-566D-11D7-B77D-00E018901A05} (Iqeye Control) - http://wxcam.pr.erau.edu/iqeye.ocx.gz O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://communities.honeywell.com/qp2.cab O16 - DPF: {2203BFCF-9541-41B6-931D-CEB34F81DB0D} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - http://hpscrm.honeywell.com/service_enu/19...tBound_mail.cab O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://connect.simpson.com/vdesk/cacheclea...,2008,0717,1603 O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://connect.simpson.com/vdesk/terminal/...llerControl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189012121437 O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://connect.simpson.com/vdesk/terminal/...,2008,0717,1602 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://pki.honeywell.com/pki/VSApps/vspta3.cab O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://121.8.216.123/TSWeb/msrdp.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://az18u367.honeywell.com:8080/jinitiator/oajinit.exe O16 - DPF: {B96F3E61-700B-4E32-932B-0BBB1AFE973C} (Siebel High Interactivity Framework) - http://hpscrm.honeywell.com/service_enu/19...x_HI_Client.cab O16 - DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF} (JInitiator 1.3.1.13) - http://tmpux246.allied.com:7778/forms90/jinitiator/jinit.exe O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2) - http://az18nt095.global.ds.honeywell.com:7778/jpi/j2re.exe O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {D50DB57C-077D-46F9-9570-68ECCCA4B08D} (AXTNS Control) - http://download.livemath.com/activex/AXTNS.ocx O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://flightcam1.pr.erau.edu/activex/AMC.cab O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://connect.simpson.com/vdesk/terminal/...,2008,0717,1606 O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://164.145.226.226/dana-cached/setup/J...perSetupSP1.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = global.ds.honeywell.com O17 - HKLM\Software\..\Telephony: DomainName = global.ds.honeywell.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = global.ds.honeywell.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = global.ds.honeywell.com O18 - Filter hijack: text/html - {4ed3b799-2e76-4fb7-8aa9-4f494aa322a6} - C:\WINDOWS\system32\mst120.dll O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: ence55 - Unknown owner - C:\WINDOWS\system32\ence55.exe O23 - Service: FiberlinkComm Monitor Service (FiberlinkCommMonitor) - Boingo Wireless, Inc. - C:\Program Files\HGRA\HGRA\WENGINE\wmonitor.exe O23 - Service: System Connect Util Service (FLUtilsSvc) - Fiberlink Communications Corp. - C:\Program Files\HGRA\HGRA\FLUtilsSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - c:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\HGRA\HGRA\ServiceMgr.exe O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 14185 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.