|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
DCOM Server Launcher Terminated (moved from XP Forum)
I have been getting the message: "Windows must now restart because the DCOM Server Process Launcher service terminated unexpectedly" and then the system restarts after about a minute. I get it about 30-45 minutes after booting up. I ran ComboFix, HJT, and MBAM and have attached logs. No P2P programs.
ComboFix 09-01-21.04 - salston 2009-01-26 19:46:37.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1684 [GMT -7:00] Running from: C:\ComboFix.exe AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\bold.log c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\SAlston\Local Settings\Temporary Internet Files\fbk.sts c:\windows\system32\drivers\seneka.sys c:\windows\system32\drivers\senekaocoeeydj.sys c:\windows\system32\senekagdwqaqps.dat c:\windows\system32\senekahbdpptwo.dll c:\windows\system32\senekalhccnuhg.dat c:\windows\system32\senekaurkcytla.dll ----- BITS: Possible infected sites ----- hxxp://uswwsus01.wlgore.com Infected copy of c:\windows\system32\services.exe was found and disinfected Restored copy from - c:\windows\system32\dllcache\services.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SENEKA ((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 ))))))))))))))))))))))))))))))) . 2009-01-26 19:19 . 2009-01-26 19:19 3,048,418 -ra------ C:\ComboFix.exe 2009-01-26 08:10 . 2009-01-26 08:10 <DIR> d--h----- c:\windows\system32\GroupPolicy.WMOriginal2 2009-01-26 08:10 . 2009-01-26 11:20 <DIR> d--h----- c:\windows\system32\GroupPolicy.WksCache 2009-01-26 08:10 . 2009-01-26 19:50 <DIR> d-------- c:\windows\system32\GroupPolicy 2009-01-06 13:16 . 2009-01-06 13:16 73 --a------ c:\windows\cdplayer.ini 2009-01-05 21:25 . 2009-01-05 21:24 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-05 21:25 . 2009-01-05 21:24 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-05 21:14 . 2009-01-05 21:20 <DIR> d-------- c:\windows\system32\CatRoot_bak 2009-01-02 21:49 . 2009-01-02 21:49 <DIR> d-------- c:\program files\Michael K. Weise 2009-01-02 21:49 . 2000-01-11 16:46 528,384 --------- c:\windows\system32\BladeEnc.dll 2009-01-02 21:49 . 1997-07-15 10:30 120,832 --------- c:\windows\system32\ShnDll32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-01-27 02:50 9,248 ----a-w c:\windows\system32\drivers\CDProbe.SYS 2009-01-26 16:50 --------- d-----w c:\documents and settings\All Users\Application Data\SecTaskMan 2009-01-26 03:25 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-01-25 17:06 --------- d-----w c:\program files\AT&T Global Network Client 2009-01-25 04:25 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-22 19:44 63,566 ----a-w c:\windows\Global_Variables.cmd 2009-01-19 19:36 --------- d-----w c:\program files\Common Files\Adobe 2009-01-14 23:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 23:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-01-08 04:03 --------- d-----w c:\documents and settings\SAlston\Application Data\Move Networks 2009-01-06 04:24 --------- d-----w c:\program files\Java 2008-12-21 04:06 --------- d-----w c:\documents and settings\SAlston\Application Data\Twain 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "NetSP - restore settings on power failure"="c:\program files\AT&T Global Network Client\NetSP.exe" [2007-01-13 24576] "Infuzer"="c:\program files\Trondent Development Corp\Infuzer\Infuzer.exe" [2008-04-03 628008] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-09-05 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "AGNS_Config"="nircmd execmd" [X] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168] "iPrint Tray"="c:\windows\system32\iprntctl.exe" [2005-10-24 40960] "NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104] "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2007-11-17 81920] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "Discovery User Input"="c:\discovery\User Input\userin32.exe" [2005-12-13 212992] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-03-27 136768] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-05-22 111952] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600] "NWTRAY"="NWTRAY.EXE" [2002-03-12 c:\windows\system32\nwtray.exe] "nwiz"="nwiz.exe" [2007-11-17 c:\windows\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2007-11-17 c:\windows\system32\nvhotkey.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Curr entversion\policies\explorer\Run] "2"="c:\windows\System32\GroupPolicy.WksCache\User \nircmd.exe" [2009-01-08 25088] [HKEY_CURRENT_USER\software\microsoft\windows\Curre ntversion\policies\explorer\Run] "1"="c:\windows\System32\GroupPolicy\User\nircmd.e xe" [2009-01-08 25088] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-01-19 113664] DJ DICOM Server.lnk - c:\program files\DesAcc\Digital Jacket\DJ DICOM Server.exe [2008-08-28 806912] Infuzer.lnk - c:\program files\Trondent Development Corp\Infuzer\Infuzer.exe [2008-09-15 628008] Mobile Suite Client.lnk - c:\program files\Intellisync Mobile Suite\Client\ClientShell.exe [2006-01-10 262216] Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2005-03-04 869376] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "CompatibleRUPSecurity"= 1 (0x1) "LogonType"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) "NoPublishingWizard"= 1 (0x1) "NoWebServices"= 1 (0x1) "NoOnlinePrintsWizard"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "ForceStartMenuLogOff"= 1 (0x1) "DisablePersonalDirChange"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) "NoStartMenuEjectPC"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2007-07-20 458752] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification] 2007-01-10 10:52 24576 c:\windows\system32\Novell\xtnotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\System32\\DPMW32.EXE"= "c:\\Program Files\\Novell\\ZENworks\\RemoteManagement\\RMAgent \\ZenRem32.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.s ys [1980-01-01 17584] R1 enstart_;enstart_;c:\windows\system32\enstart_.sys [2008-08-08 25472] R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2005-03-04 34671] R3 agnfilt;AGN Filter Interface;c:\windows\system32\drivers\agnfilt.sys [2006-05-19 180864] R3 CdProbe;CdProbe;c:\windows\system32\drivers\CDProb e.SYS [2008-08-08 9248] R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.s ys [2005-05-23 2773] R4 agnwifi;AT&T Wi-Fi Support Driver;c:\windows\system32\drivers\agnwifi.sys [2004-04-29 19328] R4 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [2008-08-08 33664] R4 BlankScr;HBDevice;c:\windows\system32\drivers\blan kscr.sys [2005-05-23 6899] R4 enstart;enstart;c:\windows\system32\enstart.exe -s --> c:\windows\system32\enstart.exe -s [?] R4 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\Zen Rem32.exe [2006-05-09 167936] R4 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [2006-01-06 9176] R4 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [2007-01-10 61440] S3 avpnnic;AGN Virtual Network Adapter;c:\windows\system32\drivers\avpnnic.sys [2003-04-04 13952] S3 OracleOraHome8iClientCache;OracleOraHome8iClientCa che;c:\oracle\bin\ONRSD.EXE [2000-10-19 411244] S3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [2005-03-23 11312] S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_ svga.sys [1980-01-01 22448] S3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [1980-01-01 29232] --- Other Services/Drivers In Memory --- *Deregistered* - uphcleanhlp . Contents of the 'Scheduled Tasks' folder 2009-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-01-09 c:\windows\Tasks\At1.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-23 c:\windows\Tasks\At10.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-26 c:\windows\Tasks\At11.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-23 c:\windows\Tasks\At12.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-26 c:\windows\Tasks\At13.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-26 c:\windows\Tasks\At14.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-26 c:\windows\Tasks\At15.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-23 c:\windows\Tasks\At16.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-15 c:\windows\Tasks\At17.job - c:\windows\system32\DL2XGJ10.exe [] 2008-12-31 c:\windows\Tasks\At18.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-25 c:\windows\Tasks\At19.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-09 c:\windows\Tasks\At2.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-25 c:\windows\Tasks\At20.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-25 c:\windows\Tasks\At21.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-26 c:\windows\Tasks\At22.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-25 c:\windows\Tasks\At23.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-09 c:\windows\Tasks\At24.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-09 c:\windows\Tasks\At25.job - c:\windows\system32\RRuui23l.exe [] 2009-01-09 c:\windows\Tasks\At26.job - c:\windows\system32\RRuui23l.exe [] 2009-01-09 c:\windows\Tasks\At27.job - c:\windows\system32\RRuui23l.exe [] 2009-01-09 c:\windows\Tasks\At28.job - c:\windows\system32\RRuui23l.exe [] 2009-01-09 c:\windows\Tasks\At29.job - c:\windows\system32\RRuui23l.exe [] 2009-01-09 c:\windows\Tasks\At3.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-09 c:\windows\Tasks\At30.job - c:\windows\system32\RRuui23l.exe [] 2008-12-26 c:\windows\Tasks\At31.job - c:\windows\system32\RRuui23l.exe [] 2009-01-10 c:\windows\Tasks\At32.job - c:\windows\system32\RRuui23l.exe [] 2009-01-05 c:\windows\Tasks\At33.job - c:\windows\system32\RRuui23l.exe [] 2009-01-23 c:\windows\Tasks\At34.job - c:\windows\system32\RRuui23l.exe [] 2009-01-26 c:\windows\Tasks\At35.job - c:\windows\system32\RRuui23l.exe [] 2009-01-23 c:\windows\Tasks\At36.job - c:\windows\system32\RRuui23l.exe [] 2009-01-26 c:\windows\Tasks\At37.job - c:\windows\system32\RRuui23l.exe [] 2009-01-26 c:\windows\Tasks\At38.job - c:\windows\system32\RRuui23l.exe [] 2009-01-26 c:\windows\Tasks\At39.job - c:\windows\system32\RRuui23l.exe [] 2009-01-09 c:\windows\Tasks\At4.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-23 c:\windows\Tasks\At40.job - c:\windows\system32\RRuui23l.exe [] 2009-01-15 c:\windows\Tasks\At41.job - c:\windows\system32\RRuui23l.exe [] 2008-12-31 c:\windows\Tasks\At42.job - c:\windows\system32\RRuui23l.exe [] 2009-01-25 c:\windows\Tasks\At43.job - c:\windows\system32\RRuui23l.exe [] 2009-01-25 c:\windows\Tasks\At44.job - c:\windows\system32\RRuui23l.exe [] 2009-01-25 c:\windows\Tasks\At45.job - c:\windows\system32\RRuui23l.exe [] 2009-01-26 c:\windows\Tasks\At46.job - c:\windows\system32\RRuui23l.exe [] 2009-01-25 c:\windows\Tasks\At47.job - c:\windows\system32\RRuui23l.exe [] 2009-01-09 c:\windows\Tasks\At48.job - c:\windows\system32\RRuui23l.exe [] 2009-01-09 c:\windows\Tasks\At5.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-09 c:\windows\Tasks\At6.job - c:\windows\system32\DL2XGJ10.exe [] 2008-12-26 c:\windows\Tasks\At7.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-10 c:\windows\Tasks\At8.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-05 c:\windows\Tasks\At9.job - c:\windows\system32\DL2XGJ10.exe [] 2009-01-27 c:\windows\Tasks\kkdrupvu.job - c:\windows\system32\cbXOGArS.dll [] . - - - - ORPHANS REMOVED - - - - HKCU-Explorer_Run-2 - c:\winnt\System32\GroupPolicy\User\nircmd.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://genie.wlgore.com/ uInternet Connection Wizard,ShellNext = hxxp://genie.wlgore.com/ uInternet Settings,ProxyServer = 157.204.22.4:8080 uInternet Settings,ProxyOverride = *.wlgore.com;127.0.0.1;localhost;157.204.*;chipsnd ip;32.85.*;192.168.*;<local> IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-26 19:50:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... c:\windows\system32\enstart.exe [776] 0x896F18C8 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1284) c:\program files\Novell\ZENworks\ZENPOL32.DLL c:\windows\system32\xmlparse.dll c:\windows\system32\ZenMup.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\windows\system32\scardsvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\centenn.ial\AUDIT\cagent32.exe c:\centenn.ial\AUDIT\xferwan.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\lotus\notes\ntmulti.exe c:\program files\Novell\ZENworks\NALNTSRV.EXE c:\program files\AT&T Global Network Client\NetCfgSv.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\stacsv.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\windows\system32\wdfmgr.exe c:\program files\UPHClean\uphclean.exe c:\program files\Novell\ZENworks\WM.EXE c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\DellTPad\ApMsgFwd.exe c:\program files\DellTPad\hidfind.exe c:\program files\DellTPad\ApntEx.exe c:\program files\McAfee\Common Framework\Mctray.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\progra~1\MICROS~4\rapimgr.exe c:\program files\iPod\bin\iPodService.exe c:\program files\DesAcc\Digital Jacket\DDBServer.exe c:\program files\Novell\ZENworks\WMRUNDLL.EXE . ************************************************** ************************ . Completion time: 2009-01-26 19:53:54 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-27 02:53:52 Pre-Run: 52,466,286,592 bytes free Post-Run: 52,742,909,952 bytes free 341 --- E O F --- 2009-01-26 15:59:26 |
#2
|
|||
|
|||
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55, on 2009-01-26 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Novell\XTAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Centenn.ial\Audit\CAgent32.exe C:\Centenn.ial\Audit\xferwan.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\lotus\notes\ntmulti.exe C:\Program Files\Novell\ZENworks\nalntsrv.exe C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\Zen Rem32.exe C:\WINDOWS\system32\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Novell\ZENworks\wm.exe C:\WINDOWS\system32\NWTRAY.EXE C:\WINDOWS\system32\dpmw32.exe C:\Program Files\DellTPad\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\DesAcc\Digital Jacket\DJ DICOM Server.exe C:\Program Files\Trondent Development Corp\Infuzer\Infuzer.exe C:\Program Files\Intellisync Mobile Suite\Client\ClientShell.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\DesAcc\Digital Jacket\DDBServer.exe C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE C:\WINDOWS\Explorer.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://genie.wlgore.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://genie.wlgore.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://genie.wlgore.com/proxy/gore.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 157.204.22.4:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.wlgore.com;127.0.0.1;localhost;157.204.*;chipsnd ip;32.85.*;192.168.*;<local> O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [AGNS_Config] nircmd execmd C:\WINDOWS\ATT_Config.cmd O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Discovery User Input] C:\Discovery\User Input\userin32.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show O4 - HKCU\..\Run: [Infuzer] C:\Program Files\Trondent Development Corp\Infuzer\Infuzer.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe O4 - HKLM\..\Policies\Explorer\Run: [2] C:\Windows\System32\GroupPolicy.WksCache\User\nirc md.exe execmd C:\Windows\System32\GroupPolicy.WksCache\User\prox .cmd O4 - HKCU\..\Policies\Explorer\Run: [1] C:\Windows\System32\GroupPolicy\User\nircmd.exe execmd C:\Windows\System32\GroupPolicy\User\prox.cmd GPRUN O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DJ DICOM Server.lnk = C:\Program Files\DesAcc\Digital Jacket\DJ DICOM Server.exe O4 - Global Startup: Infuzer.lnk = ? O4 - Global Startup: Mobile Suite Client.lnk = C:\Program Files\Intellisync Mobile Suite\Client\ClientShell.exe O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = usw.wlgore.com O17 - HKLM\Software\..\Telephony: DomainName = wlgore.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = usw.wlgore.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wlgore.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = usw.wlgore.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = wlgore.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wlgore.com O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CentennialClientAgent - Centennial Software Limited - C:\Centenn.ial\Audit\CAgent32.exe O23 - Service: CentennialIPTransferAgent - Centennial Software Limited - C:\Centenn.ial\Audit\xferwan.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe O23 - Service: enstart - Unknown owner - C:\WINDOWS\system32\enstart.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OracleOraHome8iClientCache - Unknown owner - C:\Oracle\BIN\ONRSD.EXE O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\Zen Rem32.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe -- End of file - 14308 bytes |
#3
|
|||
|
|||
Malwarebytes' Anti-Malware 1.33
Database version: 1698 Windows 5.1.2600 Service Pack 2 2009-01-26 20:20:56 mbam-log-2009-01-26 (20-20-56).txt Scan type: Quick Scan Objects scanned: 60185 Time elapsed: 2 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) |
#4
|
||||
|
||||
Welcome to CTH Cosmic_Charlie,
Looks like you just chose to do you own repairs there, which is often a very difficult place for one of us to step in on. But before we discuss any options for changes, this appears to be a business computer. As our assistance is really aimed at personal-use computers, and most of the tools we use here restricted from commercial use by their authors, if this is a business computer we would most often refer any repairs needed to the business's own staff or choices. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
DCOM Server Process Launcher terminated unexpectedly | freeze1305 | Malware Removal | 8 | June 11th, 2009 02:51 AM |
DCOM Server Process Launcher service terminated - moved from XP | dubouku | Malware Removal | 54 | January 26th, 2009 11:33 PM |
DCOM Server Process Launcher service terminated - moved from XP | dubouku | Malware Removal | 1 | January 5th, 2009 12:11 AM |
DCOM server process launcher service terminated unexpectedly | mlinny | Windows Vista | 27 | September 28th, 2008 04:00 AM |
DCOM Server Process Launcher service terminated help | xbirdyx | Malware Removal | 68 | August 23rd, 2008 03:10 PM |
All times are GMT +1. The time now is 06:02 PM.