Jump to content

Pc trying to get to 145.186 and 83....


alaric

Recommended Posts

I also tried sysinternals rootkit revealer. It found some things but pc still sick. Can anyone direct me to the land of the healthy?

Forgot DDS and Attach, Below:

dds.txt

attach.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Jim.Wright at 12:39:22 on 2011-12-20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3055.2201 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\vcsFPService.exe

svchost.exe

svchost.exe

C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\idt\wdm\STacSV.exe

svchost.exe

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\WINDOWS\system32\qosservm.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\LG Electronics\LGE LTE Driver\LGVL600SVC.exe

C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\AESTFltr.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\ping.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.mozilla.org/

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110615094501.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: WebDialerBHO Class: {e6df0b46-7d6f-407a-a6a2-62d17a021a9a} - c:\program files\avaya\avaya ip agent\WebDialer.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Avaya Web Dialer: {a6790aa5-c6c7-4bcf-a46d-0fdac4ea90eb} - c:\program files\avaya\avaya ip agent\WebDialer.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [iMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "c:\program files\cisco\cisco anyconnect secure mobility client\vpnui.exe" -minimized

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - c:\program files\avaya\avaya ip agent\WebDialer.dll

LSP: mswsock.dll

DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://ssl.patientfirst.com/CACHE/stc/2/binaries/vpnweb.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cisco.webex.com/client/WBXclient-T27L10NSP25-10481/support/ieatgpc.cab

TCP: DhcpNameServer = 71.252.0.12 71.242.0.12

TCP: Interfaces\{2B3D79AF-EED0-4C3A-97C6-8292C7C745A2} : DhcpNameServer = 71.252.0.12 71.242.0.12

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxdev.dll

Hosts: 66.173.130.11 ssl.patientfirst.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jim.wright\application data\mozilla\firefox\profiles\vbdoxkul.default\

FF - prefs.js: browser.search.selectedEngine - cnet

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-6-15 436728]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-6-15 88544]

R2 LGE NDIS Connection Service;LGE NDIS Connection Service;c:\program files\lg electronics\lge lte driver\LGVL600SVC.exe [2010-11-12 144832]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-18 366152]

R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-8-25 103744]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-6-15 159320]

R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2011-1-12 209760]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-6-15 145936]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]

R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-6-24 48640]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-6-24 47616]

R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-6-24 38912]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-6-24 2320920]

R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-2-18 1664304]

R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\cisco\cisco anyconnect secure mobility client\vpnagent.exe [2011-5-23 465872]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-6-24 113664]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-6-24 167080]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-6-24 132480]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-18 22216]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-6-15 171296]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-6-15 58456]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [2011-8-17 36624]

S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [2011-8-17 46480]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-3-26 319488]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-3-26 51456]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-6-24 235520]

S3 LGELTEBus;LGE Composite Device;c:\windows\system32\drivers\LGELTEBus.sys [2011-6-8 33408]

S3 LGELTEmdm;LGE LTE USB Device for Modem Communication;c:\windows\system32\drivers\LGELTEmdm.sys [2011-6-8 101888]

S3 LGELTEMux;LGE LTE Mux Enumerator ;c:\windows\system32\drivers\LGELTEMux.sys [2011-6-8 38016]

S3 LGELTENdis;LGE USB NDIS Miniport Ethernet Adapter Service;c:\windows\system32\drivers\LGELTENdis.sys [2011-6-8 45568]

S3 LGELTEprt;LGE USB Device for Serial Communication;c:\windows\system32\drivers\LGELTEprt.sys [2011-6-8 102784]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-6-15 85152]

S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-12-19 02:39:53 -------- d-----w- c:\documents and settings\jim.wright\application data\Malwarebytes

2011-12-19 02:39:47 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-12-19 02:39:43 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-19 02:39:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-12-09 00:34:35 -------- d-----w- c:\documents and settings\jim.wright\local settings\application data\Deployment

2011-11-22 18:10:53 -------- d-----w- c:\documents and settings\jim.wright\local settings\application data\Asent

2011-11-22 18:08:56 608448 ----a-w- c:\windows\system32\comctl32.ocx

.

==================== Find3M ====================

.

2011-11-10 15:47:16 73802 ----a-w- c:\windows\system32\pwspui.dll

2011-11-10 15:47:16 266307 ----a-w- c:\windows\system32\pwsp32.tsp

.

============= FINISH: 12:39:52.57 ===============

Link to post
Share on other sites

  • 1 month later...

Hello,

Would you advise if you have resolved your issues or if you have sought help elsewhere?

If not resolved and you are not already seeking help elsewhere, I'd like for you to rerun a new (fresh) DDS and Copy & Paste the DDS.txt into a new reply.

Anyone other than original-poster who has similar issues, do not reply here. Start your own topic.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.