honey_sucker7814

Members
  • Content Count

    12
  • Joined

  • Last visited

About honey_sucker7814

  • Rank
    Member
  1. Can someone change the title topic - with Resolved word.
  2. i ran MAMB and deleted the spyware in safemode.Used CCCLeaner to clean the registry. In safe mode i restored my pc to a week before and the virus is gone. I ran MAMB to clean up the System Volume Information drive as the spyware is still showing up in the system restores. Used AVG and MAMB to clean up everything. This spyware comes back when started in normal mode along with the Windows Security center. Windows security center doesnt start in safe mode. I can access the System restore in safe mode. Now my system is spyware free. Thaanks for your help my friend. Much appreciated.
  3. It doesnt tell the dll name. There are weird characters like @#$bxo....dll in the "Unable to Locate Component" box.
  4. Hi, I cannot run KillBox on the infected PC. The application failed to start because [email protected]#$%^&*(.dll was not found.Re-installation the app will fix the problem.
  5. Looks like it is stuck at the Registry. Looks like it is not able to unregister the vmreg.dll. If it helps - I tried to unregister the vmreg.dll earlier.But i could not. Maybe your application is also not able to uninstall. I am comfortable with unregistering dll's,playing with regedit etc. Let me know
  6. When i pasted into the yellow box and clickde on MoveIt button. I am waiting for the past 10 mins and nothing seems to be happening. I saw the Process explorer.exe killed successfully. After that there is REGISTRY and it is staying there for the past 10 mins. Should this be taking so long.
  7. Here you go my friend.... task.txt Export SharedTaskScheduler key ------------------------------ REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:36:39, on 12/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AccessManager\Client\AMBroker.exe C:\Program Files\LANDesk\Shared Files\residentagent.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe C:\Program Files\LANDesk\LDClient\LocalSch.EXE C:\WINDOWS\system32\CBA\pds.exe C:\Program Files\LANDesk\LDClient\tmcsvc.exe C:\PROGRA~1\LANDesk\LDClient\issuser.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\lotus\notes\ntmulti.exe C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe C:\ODI\OStore\BIN\OSCMGR6.EXE C:\ODI\OStore\BIN\OSSERVER.EXE C:\oracle\ora92\bin\omtsreco.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe C:\SiebelAnalytics\Bin\NQSComGateway.exe C:\SiebelAnalytics\Bin\nqsserver.exe C:\Program Files\LANDesk\LDClient\softmon.exe C:\Program Files\AccessManager\PMAC\sp_SWIns.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe C:\Program Files\AccessManager\Client\sygman.exe C:\WINDOWS\system32\kktools\userdump.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\SiebelAnalytics\SQLAnywhere\dbeng8.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\AccessManager\Client\AccessMgr.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe C:\Program Files\LANDesk\LDClient\LDISCN32.EXE C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\winscenter.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.merck.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.21.1.117:8080 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe O4 - HKLM\..\Run: [MerckPrivateDataCheck] cachedos C:\Windows\System32\MyLocalDataShorcutcheck.vbs O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe" O4 - HKLM\..\Run: [LANDeskInventoryClient] "C:\Program Files\LANDesk\LDClient\LDISCN32.EXE" /NTT=USSE1LDMSNA01.na.merckgroup.com:5007 /S="USSE1LDMSNA01.na.merckgroup.com" /I=HTTP://USSE1LDMSNA01.na.merckgroup.com/ldlogon/ldappl3.ldz /NOUI /W=900 O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /to=30 O4 - HKLM\..\Run: [LANDeskVulscanClient] "C:\Program Files\LANDesk\LDClient\vulScan.exe" /noreboot O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: VPN Client.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.merckgroup.com (HKLM) O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://activex.microsoft.com/activex/contr...ce/outlctlx.CAB O16 - DPF: {00D9C306-6B11-492A-9AFC-C53CE30849CF} (Siebel SmartScript) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Smartscript.cab O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://quickr02.merck.de/qp2.cab O16 - DPF: {06314967-EECF-11D2-9D64-0000949887BE} (Siebel ERM eBriefings Offline Content Synchronization Control) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_ERM_ContentSync.cab O16 - DPF: {0D68687A-A2A3-46EB-9ED9-956C83875A6C} (Siebel Marketing HTML Editor) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_HTML_Editor.cab O16 - DPF: {169ADD4B-EE8B-4B27-B332-2941A82DA7E2} (Siebel Microsite Layout Designer) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Microsite_Layout.cab O16 - DPF: {16C7BBB7-738A-47D7-956E-52DD9A166A9A} (Siebel Event Calendar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_Calendar.cab O16 - DPF: {1D922C61-16AB-4179-8302-6B8A688C88D0} (CSSAxContainerCtrl Class) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Container_Control.cab O16 - DPF: {332bd5a0-8000-11d7-b657-00c04faedb18} (Oracle JInitiator 1.1.8.22) - O16 - DPF: {353F130D-72DB-4F14-B750-625F90D75D1B} (Siebel Test Automation) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Test_Automation.cab O16 - DPF: {3E8C4740-70C5-439E-AE2F-16234083E248} (Siebel High Interactivity Framework) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_HI_Client.cab O16 - DPF: {4514F46B-308B-401B-969D-B62E288158ED} (CSSFlexAxContainerCtrl Class) - http://localhost/19238/applets/SiebelAx_Co...ner_Control.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/42.20/uploader2.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab O16 - DPF: {48CE1C1F-092D-461C-A385-A0C3D19FE052} (Siebel iHelp) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_iHelp.cab O16 - DPF: {5FCAD8CF-85C1-4FD9-BD04-995CBEBA5BEB} (Siebel Hospitality Gantt Chart) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Hospitality_Gantt.cab O16 - DPF: {73EF83D1-DA75-4F58-8DB6-1CD6D8F9C8A1} (Siebel Calendar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Calendar.cab O16 - DPF: {756E01C3-2CF9-4364-8724-B8C850CB0D50} (UInboxDynBtn Class) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_UInbox.cab O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Desktop_Integration.cab O16 - DPF: {96A3E5AB-C228-4D1D-B31F-712BA35EE470} (Siebel Gantt Chart) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Gantt_Chart.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - O16 - DPF: {C5FEEC93-506D-4B41-A38B-3A59BF5B41AB} (Siebel Callcenter Communications Toolbar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_CTI_Toolbar.cab O16 - DPF: {C657D5D2-D725-4F0E-91A9-EA74647DCF84} (Siebel Marketing Allocation) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_Allocation.cab O16 - DPF: {D6CC2526-859B-40C0-8515-1A47946478B6} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_OutBound_mail.cab O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} (Siebel High Interactivity Framework) - http://uscallcenter.us-siebel.us-bos01.ser...x_HI_Client.cab O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://ch1tt031.ch-gva01.serono.com/pam_us...x_HI_Client.cab O16 - DPF: {E1E65027-5BB8-4186-A619-81E219274CC8} (ExecuteViewer2 Class) - http://usse1ldmsna01/common/ENUrcviewer.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ch2.serono.com/dana-cached/setup/JuniperSetupSP1.cab O16 - DPF: {EFA4D912-2A19-4E6F-B681-4DC0C796FBD8} (Siebel SmartScript) - http://us1tt063/epharma_enu/19230/applets/...Smartscript.cab O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} (CIC Ink Control) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\iTools.cab O16 - DPF: {FB8A6B20-09DD-43D5-BF33-676DF96767F3} (Siebel High Interactivity Framework) - http://localhost/19238/applets/SiebelAx_HI_Client.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.merckgroup.com O17 - HKLM\Software\..\Telephony: DomainName = na.merckgroup.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.merckgroup.com O21 - SSODL: ieModule - {3A530F59-69CF-46B0-A6F9-AC1CBCB631A1} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll O21 - SSODL: InternetConnection - {73E4214D-5483-4D82-AEFA-611C2EAB914A} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\rledtcblog.dll O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe O23 - Service: DB2 Management Service (TAEVAL20) (DB2MGMTSVC_TAEVAL20) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe O23 - Service: DB2 Security Server (TAEVAL20) (DB2NTSECSERVER_TAEVAL20) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2sec.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe O23 - Service: ObjectStore Cache Manager R6.0 - eXcelon Corp. - C:\ODI\OStore\BIN\OSCMGR6.EXE O23 - Service: ObjectStore Server R6.0 - eXcelon Corp. - C:\ODI\OStore\BIN\OSSERVER.EXE O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Siebel Analytics Java Host (sawjavahostsvc) - Unknown owner - C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe O23 - Service: Siebel Analytics Server - Siebel Systems, Inc. - C:\SiebelAnalytics\Bin\NQSComGateway.exe O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 17093 bytes FYI:::The spyware keeps coming up...
  8. I cannot find BFU.exe in the link that you provided me.
  9. Thanks a lot for your help... SmitFraudFix v2.387 Scan done at 23:16:16.89, Sun 12/28/2008 Run from C:\Documents and Settings\M157236.DNNA\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\reged.exe Deleted C:\WINDOWS\spoolsystem.exe Deleted C:\WINDOWS\sys.com Deleted C:\WINDOWS\syscert.exe Deleted C:\WINDOWS\sysexplorer.exe Deleted C:\WINDOWS\vmreg.dll Deleted C:\DOCUME~1\M15723~1.DNN\STARTM~1\Programs\Spyware Guard 2008 Deleted C:\DOCUME~1\M15723~1.DNN\Desktop\Spyware Guard 2008.lnk Deleted C:\Program Files\Spyware Guard 2008\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport DNS Server Search Order: 68.87.71.226 DNS Server Search Order: 68.87.73.242 DNS Server Search Order: 68.87.64.146 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146 HKLM\SYSTEM\CS3\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Once i rebooted, the Spyware guard came right away. Once i reboot, i get the Windows Security center window and then comes the spyware guard stuff. Really appreciate your help...
  10. Here is the output from Smitfraudfix SmitFraudFix v2.387 Scan done at 15:38:17.23, Sat 12/27/2008 Run from C:\Documents and Settings\M157236.DNNA\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AccessManager\Client\AMBroker.exe C:\Program Files\LANDesk\Shared Files\residentagent.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe C:\Program Files\LANDesk\LDClient\LocalSch.EXE C:\WINDOWS\system32\CBA\pds.exe C:\Program Files\LANDesk\LDClient\tmcsvc.exe C:\PROGRA~1\LANDesk\LDClient\issuser.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\lotus\notes\ntmulti.exe C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe C:\ODI\OStore\BIN\OSCMGR6.EXE C:\ODI\OStore\BIN\OSSERVER.EXE C:\oracle\ora92\bin\omtsreco.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe C:\SiebelAnalytics\Bin\NQSComGateway.exe C:\SiebelAnalytics\Bin\nqsserver.exe C:\Program Files\LANDesk\LDClient\softmon.exe C:\Program Files\AccessManager\PMAC\sp_SWIns.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe C:\Program Files\AccessManager\Client\sygman.exe C:\WINDOWS\system32\kktools\userdump.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\SiebelAnalytics\SQLAnywhere\dbeng8.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\winscenter.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\AccessManager\Client\AccessMgr.exe C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe C:\Program Files\LANDesk\LDClient\LDISCN32.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cidaemon.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» H:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\reged.exe FOUND ! C:\WINDOWS\spoolsystem.exe FOUND ! C:\WINDOWS\sys.com FOUND ! C:\WINDOWS\syscert.exe FOUND ! C:\WINDOWS\sysexplorer.exe FOUND ! C:\WINDOWS\vmreg.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\M157236.DNNA »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\M15723~1.DNN\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\M157236.DNNA\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\M15723~1.DNN\STARTM~1\Programs\Spyware Guard 2008 FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\M15723~1.DNN\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop C:\DOCUME~1\M15723~1.DNN\Desktop\Spyware Guard 2008.lnk FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Spyware Guard 2008\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, following keys are not inevitably infected!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport DNS Server Search Order: 68.87.71.226 DNS Server Search Order: 68.87.73.242 DNS Server Search Order: 68.87.64.146 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146 HKLM\SYSTEM\CS3\Services\Tcpip\..\{B47068E3-65C6-4A42-BE30-5529802422EC}: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.71.226 68.87.73.242 68.87.64.146 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
  11. Here is the requested log.. ******************************************************************************** * * * FixIEDef Log * * Version 1.7.20.7201 * * * ******************************************************************************** Created at 13:30:22 on Saturday, December 27, 2008 Time Zone : (GMT-05:00) Eastern Time (US & Canada) Logged On User : m157236 Operating System : Microsoft Windows XP Professional Service Pack 2 OS Version : 5.1.2600 System Langauge : English (United States) Keyboard Layout : English (United States) Processor : X86 Intel® Core2 Duo CPU T7250 @ 2.00GHz System Drive : H:\ Windows Directory : C:\WINDOWS System Directory : C:\WINDOWS\system32 System Drive Type : Network System Drive Status : READY System Drive Label : Offline System Drive Size : 76.31 GB System Drive Free : 16.39 GB Total Physical Memory: 3062 MB Free Physical Memory : 2216 MB Total Page File : 3062 MB Free Page File : 3608 MB Total Virtual Memory : 2048 MB Free Virtual Memory : 1970 MB Boot State : Normal boot -------------------------------------------------------------------------------- !!! userinit.exe is Clean !!! -------------------------------------------------------------------------------- !!! Files that have been deleted !!! C:\WINDOWS\system32\tmp.reg C:\WINDOWS\system32\tmp.txt -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! No malicious Registry entries found ================================================================================ All Done ShadowPuterDude Safe Surfing!!!
  12. I installed MAMB..Ran full scan...rebooted...no luck. Tried in safe mode...deleted the reg entries given in other forums...no luck. I am posting my hizackthis log...Please help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:34:33, on 12/27/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\AccessManager\Client\AMBroker.exe C:\Program Files\LANDesk\Shared Files\residentagent.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe C:\Program Files\LANDesk\LDClient\LocalSch.EXE C:\WINDOWS\system32\CBA\pds.exe C:\Program Files\LANDesk\LDClient\tmcsvc.exe C:\PROGRA~1\LANDesk\LDClient\issuser.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\lotus\notes\ntmulti.exe C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe C:\ODI\OStore\BIN\OSCMGR6.EXE C:\ODI\OStore\BIN\OSSERVER.EXE C:\oracle\ora92\bin\omtsreco.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe C:\SiebelAnalytics\Bin\NQSComGateway.exe C:\SiebelAnalytics\Bin\nqsserver.exe C:\Program Files\LANDesk\LDClient\softmon.exe C:\Program Files\AccessManager\PMAC\sp_SWIns.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe C:\Program Files\AccessManager\Client\sygman.exe C:\WINDOWS\system32\kktools\userdump.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\SiebelAnalytics\SQLAnywhere\dbeng8.exe C:\WINDOWS\system32\winscenter.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\stsystra.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\AccessManager\Client\AccessMgr.exe C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Sun\SDK\jdk\bin\javaw.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\regsvr32.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.merck.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.21.1.117:8080 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe O4 - HKLM\..\Run: [MerckPrivateDataCheck] cachedos C:\Windows\System32\MyLocalDataShorcutcheck.vbs O4 - HKLM\..\Run: [sDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe" O4 - HKLM\..\Run: [LANDeskInventoryClient] "C:\Program Files\LANDesk\LDClient\LDISCN32.EXE" /NTT=USSE1LDMSNA01.na.merckgroup.com:5007 /S="USSE1LDMSNA01.na.merckgroup.com" /I=HTTP://USSE1LDMSNA01.na.merckgroup.com/ldlogon/ldappl3.ldz /NOUI /W=900 O4 - HKLM\..\Run: [intelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /to=30 O4 - HKLM\..\Run: [LANDeskVulscanClient] "C:\Program Files\LANDesk\LDClient\vulScan.exe" /noreboot O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: SDK Tray Menu.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: VPN Client.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2008\spy.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2008\spy.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.merckgroup.com (HKLM) O16 - DPF: {0006F063-0000-0000-C000-000000000046} (Microsoft Outlook View Control) - http://activex.microsoft.com/activex/contr...ce/outlctlx.CAB O16 - DPF: {00D9C306-6B11-492A-9AFC-C53CE30849CF} (Siebel SmartScript) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Smartscript.cab O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://quickr02.merck.de/qp2.cab O16 - DPF: {06314967-EECF-11D2-9D64-0000949887BE} (Siebel ERM eBriefings Offline Content Synchronization Control) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_ERM_ContentSync.cab O16 - DPF: {0D68687A-A2A3-46EB-9ED9-956C83875A6C} (Siebel Marketing HTML Editor) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_HTML_Editor.cab O16 - DPF: {169ADD4B-EE8B-4B27-B332-2941A82DA7E2} (Siebel Microsite Layout Designer) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Microsite_Layout.cab O16 - DPF: {16C7BBB7-738A-47D7-956E-52DD9A166A9A} (Siebel Event Calendar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_Calendar.cab O16 - DPF: {1D922C61-16AB-4179-8302-6B8A688C88D0} (CSSAxContainerCtrl Class) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Container_Control.cab O16 - DPF: {332bd5a0-8000-11d7-b657-00c04faedb18} (Oracle JInitiator 1.1.8.22) - O16 - DPF: {353F130D-72DB-4F14-B750-625F90D75D1B} (Siebel Test Automation) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Test_Automation.cab O16 - DPF: {3E8C4740-70C5-439E-AE2F-16234083E248} (Siebel High Interactivity Framework) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_HI_Client.cab O16 - DPF: {4514F46B-308B-401B-969D-B62E288158ED} (CSSFlexAxContainerCtrl Class) - http://localhost/19238/applets/SiebelAx_Co...ner_Control.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/42.20/uploader2.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab O16 - DPF: {48CE1C1F-092D-461C-A385-A0C3D19FE052} (Siebel iHelp) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_iHelp.cab O16 - DPF: {5FCAD8CF-85C1-4FD9-BD04-995CBEBA5BEB} (Siebel Hospitality Gantt Chart) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Hospitality_Gantt.cab O16 - DPF: {73EF83D1-DA75-4F58-8DB6-1CD6D8F9C8A1} (Siebel Calendar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Calendar.cab O16 - DPF: {756E01C3-2CF9-4364-8724-B8C850CB0D50} (UInboxDynBtn Class) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_UInbox.cab O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Desktop_Integration.cab O16 - DPF: {96A3E5AB-C228-4D1D-B31F-712BA35EE470} (Siebel Gantt Chart) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Gantt_Chart.cab O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - O16 - DPF: {C5FEEC93-506D-4B41-A38B-3A59BF5B41AB} (Siebel Callcenter Communications Toolbar) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_CTI_Toolbar.cab O16 - DPF: {C657D5D2-D725-4F0E-91A9-EA74647DCF84} (Siebel Marketing Allocation) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_Marketing_Allocation.cab O16 - DPF: {D6CC2526-859B-40C0-8515-1A47946478B6} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\SiebelAx_OutBound_mail.cab O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} (Siebel High Interactivity Framework) - http://uscallcenter.us-siebel.us-bos01.ser...x_HI_Client.cab O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://ch1tt031.ch-gva01.serono.com/pam_us...x_HI_Client.cab O16 - DPF: {E1E65027-5BB8-4186-A619-81E219274CC8} (ExecuteViewer2 Class) - http://usse1ldmsna01/common/ENUrcviewer.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://ch2.serono.com/dana-cached/setup/JuniperSetupSP1.cab O16 - DPF: {EFA4D912-2A19-4E6F-B681-4DC0C796FBD8} (Siebel SmartScript) - http://us1tt063/epharma_enu/19230/applets/...Smartscript.cab O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} (CIC Ink Control) - file://C:\Siebel1\7.8\client\PUBLIC\enu\19213\applets\iTools.cab O16 - DPF: {FB8A6B20-09DD-43D5-BF33-676DF96767F3} (Siebel High Interactivity Framework) - http://localhost/19238/applets/SiebelAx_HI_Client.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.merckgroup.com O17 - HKLM\Software\..\Telephony: DomainName = na.merckgroup.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.merckgroup.com O21 - SSODL: ieModule - {3A530F59-69CF-46B0-A6F9-AC1CBCB631A1} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll O21 - SSODL: InternetConnection - {73E4214D-5483-4D82-AEFA-611C2EAB914A} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\rledtcblog.dll O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe O23 - Service: DB2 Management Service (TAEVAL20) (DB2MGMTSVC_TAEVAL20) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2mgmtsvc.exe O23 - Service: DB2 Security Server (TAEVAL20) (DB2NTSECSERVER_TAEVAL20) - International Business Machines Corporation - C:\Program Files\Quest Software\Toad for Data Analysis Trial 2.0\DB2 Client\BIN\db2sec.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe O23 - Service: ObjectStore Cache Manager R6.0 - eXcelon Corp. - C:\ODI\OStore\BIN\OSCMGR6.EXE O23 - Service: ObjectStore Server R6.0 - eXcelon Corp. - C:\ODI\OStore\BIN\OSSERVER.EXE O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Siebel Analytics Java Host (sawjavahostsvc) - Unknown owner - C:\SiebelAnalytics\web\Bin\sawjavahostsvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Siebel Analytics Server - Siebel Systems, Inc. - C:\SiebelAnalytics\Bin\NQSComGateway.exe O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 18127 bytes