Technology Forum

Technology Forum


Vista Antivirus 2008 Problems

This is a discussion on Vista Antivirus 2008 Problems within the Spyware forums, part of Technology category; Good afternoon, I have a horrible spyware/malware problem on a laptop for one of my users. I know it ...




Go Back   Technology Forum > Technology > Spyware

Vista Antivirus 2008 Problems Vista Antivirus 2008 Problems

Register FAQ Members List Calendar Search Today's Posts Mark All Read

Reply

 

Thread Tools Display Modes
  #1  
Old 07-23-2008, 09:39 PM
Senior Member
  
Join Date: Apr 2008
Posts: 15,725
Default Vista Antivirus 2008 Problems



Good afternoon, I have a horrible spyware/malware problem on a laptop for one of my users. I know it is infected with Vista Antivirus 2008, but it also has popup for RegistryDoctor 2008. It is causing redirects of home page when opening IE 6. I could not run the Panda scanner, as it hangs up on a file that I cannot find nor remove from the PC. I was able to run the Deckard System Scanner, but cannot get you the file from Panda as it would not run. Any help would be appreciated! Thanks, Leslie Deckard's System Scanner v20071014.68 Run by ghaynes on 2008-07-23 14:20:28 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 69: 2008-07-23 19:20:35 UTC - RP72 - Deckard's System Scanner Restore Point 68: 2008-07-23 15:37:28 UTC - RP71 - System Checkpoint 67: 2008-07-22 14:33:07 UTC - RP70 - Installed Windows Defender 66: 2008-07-21 22:24:55 UTC - RP69 - Installed Cisco Systems VPN Client 5.0.01.0600 65: 2008-07-21 03:00:40 UTC - RP68 - Installed Ad-Aware -- First Restore Point -- 1: 2008-07-20 00:12:58 UTC - RP4 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-07-23 14:23:05 Platform: windows xp Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Symantec Antivirus\DefWatch.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Novell\ZENworks\NALNTSRV.EXE C:\Program Files\PatchLink\Update Agent\GravitixService.exe C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\Zen Rem32.exe C:\Program Files\Symantec Antivirus\SavRoam.exe C:\Program Files\Symantec Antivirus\Rtvscan.exe C:\Program Files\Novell\ZENworks\WM.EXE C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\nwtray.exe C:\WINDOWS\system32\iprntctl.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec Antivirus\VPTray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Program Files\Novell\ZENworks\NalAgent.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\novell\xtagent.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\MSInfo\OFFPROV.EXE C:\Documents and Settings\ghaynes\Desktop\dss.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wscntfy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ft.com/home/us R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.slu.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O1 - Hosts: 165.134.234.219 zenwsimport O1 - Hosts: 10.11.166.16 tenhdsthemx61 O1 - Hosts: 172.18.167.142 tenhdcthemx13 O1 - Hosts: 10.11.166.11 tenhdcthemx14 O1 - Hosts: 10.11.166.12 tenhdcthemx15 O1 - Hosts: 10.11.166.13 tenhdcthemx16 O1 - Hosts: 10.11.166.14 tenhdcthemx17 O1 - Hosts: 10.11.166.15 tenhdcthemx18 O1 - Hosts: 10.11.166.17 tenhdcthemx33 O1 - Hosts: 10.11.166.18 tenhdcthemx34 O1 - Hosts: 10.11.166.16 tenhdcthemx61 O2 - BHO: IDXHlprObj Class - {31816979-F864-4acf-919F-D0B3B56432E6} - C:\Program Files\IDX Systems Corporation\Web Framework\IDXIEController.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7F6D7644-84A1-4E65-9B00-DBAB1533C1A6} - (no file) O2 - BHO: (no name) - {82336A8D-6CD0-4647-B791-75FCA8CF2B39} - (no file) O2 - BHO: (no name) - {928C3776-9E6A-4817-96C0-0FBEA563836B} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll O2 - BHO: (no name) - {B3B205E0-365F-45B4-87ED-EC7A02031CE2} - C:\WINDOWS\system32\nnnnOhFu.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe O4 - HKLM\..\Run: [ZENRC Tray Icon] c:\WINDOWS\system32\zentray.exe O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON O4 - HKLM\..\Run: [Novell Application Explorer] C:\Program Files\Novell\ZENworks\NalView.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "realsched.exe" -osboot O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [141ff82f] rundll32.exe "C:\WINDOWS\system32\quodjsqg.dll",b O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [BM172ccbb3] Rundll32.exe "C:\WINDOWS\system32\vdmqviuo.dll",s O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: HotSync Manager.lnk = ? O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: Scanner File Utility.lnk = C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.patch.slu.loc (HKLM) O15 - Trusted Zone: https://www.airtran.com (HKCU) O15 - Trusted Zone: https://www.delta.com (HKCU) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1209573503130 O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc4.cab O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://fsbanforms.slu.edu:7799/forms...ator/jinit.exe O17 - HKLM\Software\..\Telephony: DomainName = slu.loc O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{1A796E94-E396-4C36-9BBE-DE3AE2182D71}: Domain = tenethealth.net O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = slu.loc O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = slu.loc O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = slu.loc O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: geBrsQgg - C:\WINDOWS\system32\ O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Antivirus\DefWatch.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\NALNTSRV.EXE O23 - Service: ZENworks Patch Management Update (PatchLink Update) - Novell, Inc. - C:\Program Files\PatchLink\Update Agent\GravitixService.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\Zen Rem32.exe O23 - Service: SavRoam - symantec - C:\Program Files\Symantec Antivirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Antivirus\Rtvscan.exe O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\system32\novell\xtagent.exe O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\WM.EXE -- End of file - 15226 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 NICM (Novell InterService Communication Driver) - c:\windows\system32\drivers\nicm.sys R0 NWFILTER (Novell UNC Path Filter) - c:\windows\system32\netware\nwfilter.sys R1 nipplpt2 (Novell iCapture Lpt Redirector 2) - c:\windows\system32\drivers\nipplpt.sys R2 BlankScr (HBDevice) - c:\windows\system32\drivers\blankscr.sys R2 NetwareWorkstation (Novell Client for Windows) - c:\windows\system32\netware\nwfs.sys R2 RESMGR (Novell NetWare Resource Manager) - c:\windows\system32\netware\resmgr.sys R2 SRVLOC (Novell Service Location) - c:\windows\system32\netware\srvloc.sys R3 Darpan - c:\windows\system32\drivers\darpan.sys R3 NWDHCP (Novell DHCP Inform Client) - c:\windows\system32\netware\nwdhcp.sys R3 NWDNS (Novell DNS Name Space Service Provider) - c:\windows\system32\netware\nwdns.sys R3 NWHOST (Novell Host File Name Space Service Provider) - c:\windows\system32\netware\nwhost.sys R3 NWSNS (Novell Simple Naming Services (NWSNS)) - c:\windows\system32\netware\nwsns.sys S2 NWSIPX32 (Novell NetWare IPX/SPX Transport Interface) - c:\windows\system32\netware\nwsipx32.sys S3 NWSAP (Novell SAP Name Space Provider) - c:\windows\system32\netware\nwsap.sys S3 NWSLP (Novell SLP Name Space Service Provider) - c:\windows\system32\netware\nwslp.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" R2 NALNTSERVICE (Novell Application Launcher) - c:\program files\novell\zenworks\nalntsrv.exe R2 PatchLink Update (ZENworks Patch Management Update) - "c:\program files\patchlink\update agent\gravitixservice.exe" R2 Remote Management Agent (Novell ZENworks Remote Management Agent) - c:\program files\novell\zenworks\remotemanagement\rmagent\zen rem32.exe R2 XTAgent (Novell XTier Agent Services) - c:\windows\system32\novell\xtagent.exe R2 ZFDWM (Workstation Manager) - c:\program files\novell\zenworks\wm.exe R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" S2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" S2 QBCFMonitorService - "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe" S3 cusrvc (Client Update Service for Novell) - c:\windows\system32\cusrvc.exe S3 QBFCService (Intuit QuickBooks FCS) - "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs. exe" -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA -- Scheduled Tasks ------------------------------------------------------------- 2008-07-23 13:56:06 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job -- Files created between 2008-06-23 and 2008-07-23 ----------------------------- 2008-07-23 14:20:11 0 d-------- \Deckard 2008-07-23 14:09:08 0 d-------- C:\Program Files\SpywareBlaster 2008-07-23 11:36:59 0 d-------- C:\Program Files\Panda Security 2008-07-23 08:18:02 83232 --a------ C:\WINDOWS\system32\quodjsqg.dll 2008-07-23 08:15:02 105312 --a------ C:\WINDOWS\system32\xbrfoeqv.dll 2008-07-23 08:15:02 105312 --a------ C:\WINDOWS\system32\dvykdq.dll 2008-07-23 08:09:02 91456 --a------ C:\WINDOWS\system32\xdujdsjk.dll 2008-07-22 11:13:33 0 d-------- C:\Program Files\Windows Live Safety Center 2008-07-22 11:13:31 0 d-------- C:\WINDOWS\LastGood 2008-07-22 09:33:25 0 d-------- C:\Program Files\Windows Defender 2008-07-22 08:17:07 83328 --a------ C:\WINDOWS\system32\kxaglaue.dll 2008-07-22 08:14:07 105328 --a------ C:\WINDOWS\system32\tflifmqp.dll 2008-07-22 08:14:07 105328 --a------ C:\WINDOWS\system32\mqgnoq.dll 2008-07-21 17:30:16 0 d-------- C:\WINDOWS\Internet Logs 2008-07-21 17:25:08 0 d-------- C:\Program Files\Common Files\Deterministic Networks 2008-07-21 17:25:00 0 d-------- C:\Program Files\Cisco Systems 2008-07-21 10:27:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google 2008-07-21 10:27:40 0 dr------- C:\Documents and Settings\LocalService\Favorites 2008-07-21 09:00:44 105264 --a------ C:\WINDOWS\system32\ccfazx.dll 2008-07-21 09:00:37 105264 --a------ C:\WINDOWS\system32\wmwdxmup.dll 2008-07-21 08:57:43 91424 --a------ C:\WINDOWS\system32\hdfrsfqa.dll 2008-07-21 05:52:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-20 22:00:48 0 d-------- C:\Program Files\Lavasoft 2008-07-20 22:00:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-20 08:38:24 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-20 08:38:17 0 d-------- C:\Documents and Settings\ghaynes\Application Data\Mozilla 2008-07-20 08:34:39 0 d-------- C:\Program Files\Firefox 3.0 2008-07-20 08:11:11 81216 -----n--- C:\WINDOWS\system32\cyyrnqiw.dll 2008-07-20 08:08:17 105248 --a------ C:\WINDOWS\system32\jwwgrt.dll 2008-07-20 08:08:16 105248 --a------ C:\WINDOWS\system32\sxlyticd.dll 2008-07-19 19:12:48 873877 --ahs---- C:\WINDOWS\system32\uFhOnnnn.ini2 2008-07-19 19:12:42 314656 --a------ C:\WINDOWS\system32\nnnnOhFu.dll 2008-07-19 13:52:13 0 d-------- C:\WINDOWS\system32\carH01 2008-07-19 13:52:12 0 d-------- \Temp 2008-07-16 15:38:43 0 d-------- C:\Program Files\MSECache 2008-07-15 16:46:55 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-07-13 23:20:12 0 d-------- C:\Program Files\Biblesoft 2008-07-13 23:12:31 0 d-------- C:\Program Files\e-Sword 2008-07-13 23:07:10 0 d-------- C:\Documents and Settings\ghaynes\Application Data\Microsoft Web Folders 2008-07-13 22:53:09 0 d-------- C:\Program Files\Microsoft Works 2008-07-13 22:53:00 0 d-------- C:\Program Files\MSBuild 2008-07-13 22:49:03 0 d-------- C:\Program Files\Microsoft Visual Studio 8 2008-07-13 22:47:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-11 15:11:17 0 d-------- \Music files 2008-07-11 11:57:13 0 d-------- C:\Program Files\Winamp 2008-07-11 11:57:13 0 d-------- C:\Documents and Settings\ghaynes\Application Data\Winamp 2008-06-30 18:40:49 0 d-------- C:\WINDOWS\Sun 2008-06-25 13:31:13 0 d-------- C:\Program Files\Common Files\Risxtd 2008-06-25 13:31:11 0 d-------- C:\Documents and Settings\ghaynes\Application Data\ISI ResearchSoft 2008-06-25 13:30:19 0 d-------- C:\Program Files\Reference Manager 11 2008-06-25 13:29:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard -- Find3M Report --------------------------------------------------------------- 2008-07-22 09:52:26 0 d-------- C:\Program Files\Symantec Antivirus 2008-07-22 09:51:36 2145386496 --ahs---- \pagefile.sys 2008-07-21 17:25:08 0 d-------- C:\Program Files\Common Files 2008-06-18 11:01:33 0 d-------- C:\Program Files\Microsoft ActiveSync 2008-06-18 11:00:30 0 d-------- C:\Program Files\Microsoft.NET 2008-06-17 12:06:03 0 d-------- C:\Program Files\Java 2008-06-16 14:20:17 0 d-------- C:\Program Files\Palm 2008-06-16 14:10:27 0 d-------- C:\Documents and Settings\ghaynes\Application Data\Arcsoft 2008-06-16 14:10:10 0 d-------- C:\Documents and Settings\ghaynes\Application Data\HotSync 2008-06-16 14:08:41 0 d-------- C:\Program Files\Common Files\InstallShield 2008-06-16 10:14:41 0 d-------- C:\Program Files\Common Files\supportsoft 2008-06-16 10:10:27 0 d-------- C:\Program Files\Common Files\Intuit 2008-06-16 10:09:02 0 d-------- C:\Program Files\Intuit 2008-06-16 09:18:34 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-16 09:17:40 0 d-------- C:\Program Files\SAS 2008-06-13 08:04:00 0 d-------- C:\Documents and Settings\ghaynes\Application Data\Google 2008-06-13 08:03:55 0 d-------- C:\Program Files\Google 2008-06-04 18:19:08 0 d-------- C:\Documents and Settings\ghaynes\Application Data\Roxio 2008-06-04 11:51:56 0 d-------- C:\Documents and Settings\ghaynes\Application Data\Adobe 2008-06-04 11:00:30 0 d-------- C:\Program Files\Common Files\Adobe 2008-06-04 11:00:23 0 d-------- C:\Program Files\Common Files\Macrovision Shared 2008-06-04 10:33:11 0 d-------- C:\Documents and Settings\ghaynes\Application Data\Novell -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F6D7644-84A1-4E65-9B00-DBAB1533C1A6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82336A8D-6CD0-4647-B791-75FCA8CF2B39}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{928C3776-9E6A-4817-96C0-0FBEA563836B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B3B205E0-365F-45B4-87ED-EC7A02031CE2}] 07/19/2008 07:12 PM 314656 --a------ C:\WINDOWS\system32\nnnnOhFu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [04/09/2007 04:23 PM] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/15/2007 03:07 PM] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/15/2007 03:07 PM] "Persistence"="C:\WINDOWS\system32\igfxpers.ex e" [08/15/2007 03:07 PM] "PDDM"="C:\Program Files\PatchLink\Update Agent\pddm.exe" [01/25/2007 04:44 PM] "ZENRC Tray Icon"="c:\WINDOWS\system32\zentray.exe" [05/18/2005 06:04 PM] "NWTRAY"="NWTRAY.EXE" [03/12/2002 11:37 AM C:\WINDOWS\system32\nwtray.exe] "iPrint Tray"="C:\WINDOWS\system32\iprntctl.exe" [10/24/2005 11:32 AM] "Novell Application Explorer"="C:\Program Files\Novell\ZENworks\NalView.exe" [06/13/2006 08:51 AM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/19/2006 07:26 PM] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [09/27/2006 08:33 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] "TkBellExe"="realsched.exe" [] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [07/27/2004 04:50 PM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 04:50 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 07:54 PM] "@"="" [] "HotSync"="C:\Program Files\PalmSource\Desktop\HotSync.exe" [] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [07/09/2008 04:33 PM] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM] "141ff82f"="C:\WINDOWS\system32\quodjsqg.dll" [07/23/2008 08:18 AM] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM] "BM172ccbb3"="C:\WINDOWS\system32\vdmqviuo.dll " [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [06/13/2008 08:03 AM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/07/2008 09:42 AM] C:\Documents and Settings\ghaynes\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [1/3/2008 6:28:08 PM] QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2/27/2008 5:00:46 AM] Scanner File Utility.lnk - C:\Program Files\Kyocera Mita\FileUtility\NsCatCom.exe [5/5/2008 1:26:20 PM] VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [7/21/2008 5:30:09 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "CompatibleRUPSecurity"=1 (0x1) "disablecad"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{763370C4-268E-4308-A60C-D8DA0342BE32}"= c:\Program Files\Novell\ZENworks\NalShell.dll [07/20/2007 10:17 AM 458752] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "System"="ziswin.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBrsQgg] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification] C:\WINDOWS\system32\Novell\XtNotify.dll 01/10/2007 01:52 PM 24576 C:\WINDOWS\system32\novell\xtnotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] "Authentication Packages"= msv1_0 nwv1_0 C:\WINDOWS\system32\nnnnOhFu [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice] @="Service" -- Hosts ----------------------------------------------------------------------- 165.134.234.219 zenwsimport 10.11.166.16 tenhdsthemx61 172.18.167.142 tenhdcthemx13 10.11.166.11 tenhdcthemx14 10.11.166.12 tenhdcthemx15 10.11.166.13 tenhdcthemx16 10.11.166.14 tenhdcthemx17 10.11.166.15 tenhdcthemx18 10.11.166.17 tenhdcthemx33 10.11.166.18 tenhdcthemx34 1 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-07-23 14:27:13 ------------
Reply With Quote
Reply

« Need Help removing trojan-backdoor-progdav plus more | Spyware/Virus removal »
Thread Tools
Display Modes
Linear Mode Linear Mode


Networking | Windows Vista | Motherboards | Hard Drives | Virus Information | 0x8007f0f1 | hellzlittlespy | Chrome Plugins

Your Computer Networking, Hardware, Software, Windows, Spyware and Malware Info source.

SEO | Domain Forum | Download Ringtones


All times are GMT. The time now is 11:25 AM.

Contact Us - Tech Forum - Sitemap - Tags - Privacy Statement - Top


Powered by vBulletin® Version 3.7.0

1 2 3 4 5 6 7 8 9 10 11 12 13