MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Computer slow, symantec pop-up
June 18, 2019, 01:42:38 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 18, 2019, 01:42:38 PM

Login with username, password and session length
 
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Computer slow, symantec pop-up  (Read 3343 times)
Ekim407
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 94


Bookmark and Share

View Profile
« on: January 08, 2009, 02:52:43 PM »

Hi,

I had a problem a few weeks ago where I got a popup from my anti-virus notifying me of infected items that were quarantined.  I thought I had it all cleared up but I recently got another couple notifications of the same type.  Nothing is too noticably wrong, but my PC seems to be running slow.  I am posting my HJT log.  Can someone please tell me if anything is wrong? 

Thanks a lot!

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:51 AM, on 1/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SmartPipes\PMAC\sp_SWIns.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AccessManager\Client\sygman.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\DOCUME~1\mxandrad\LOCALS~1\Temp\LogonApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\PROGRA~1\RIGHTFAX\Client\FaxCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.pcgb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet.pcgb.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pcgb.com:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\PROGRA~1\RIGHTFAX\Client\FaxCtrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.16\ilikesidebar.exe /checkforupdate
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: Shortcut to BackupToG.lnk = Documents and Settings\mxandrad\Start Menu\Programs\Startup\BackupToG.bat
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158722955406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225899686375
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.pcgb.com
O17 - HKLM\Software\..\Telephony: DomainName = na.pcgb.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.pcgb.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.pcgb.com
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: Entire Connection Host Printer Service - Software AG - C:\Program Files\Software AG\Entire Connection 4.1.2\PccPlusv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\IP VPN Remote Services\Extranet_serv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\SmartPipes\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\SmartPipes\SMOC\spi_da.exe
O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: January 08, 2009, 09:55:01 PM »

See if this helps..

Please download Malwarebytes' Anti-Malware from one of these places:

 http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 http://www.besttechie.net/tools/mbam-setup.exe


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Logged

An Australian Member of

EDDY
Ekim407
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 94


Bookmark and Share

View Profile
« Reply #2 on: January 09, 2009, 03:26:39 AM »

OK,  I ran Mbam, it said there was found.  i have posted the mbam log, followed by a new HJT log below...


Malwarebytes' Anti-Malware 1.23
Database version: 1002
Windows 5.1.2600 Service Pack 2

9:16:00 PM 1/8/2009
mbam-log-1-8-2009 (21-16-00).txt

Scan type: Quick Scan
Objects scanned: 54751
Time elapsed: 12 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of HijackThis v1.99.1
Scan saved at 9:21 PM, on 1/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SmartPipes\PMAC\sp_SWIns.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AccessManager\Client\sygman.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\DOCUME~1\mxandrad\LOCALS~1\Temp\LogonApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\PROGRA~1\RIGHTFAX\Client\FaxCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.pcgb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet.pcgb.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pcgb.com:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\PROGRA~1\RIGHTFAX\Client\FaxCtrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.16\ilikesidebar.exe /checkforupdate
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: Shortcut to BackupToG.lnk = Documents and Settings\mxandrad\Start Menu\Programs\Startup\BackupToG.bat
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158722955406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225899686375
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.pcgb.com
O17 - HKLM\Software\..\Telephony: DomainName = na.pcgb.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.pcgb.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.pcgb.com
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: Entire Connection Host Printer Service - Software AG - C:\Program Files\Software AG\Entire Connection 4.1.2\PccPlusv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\IP VPN Remote Services\Extranet_serv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\SmartPipes\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\SmartPipes\SMOC\spi_da.exe
O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Logged

 
Ekim407
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 94


Bookmark and Share

View Profile
« Reply #3 on: January 09, 2009, 03:27:16 AM »

edit:  it said there was nothing found
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: January 09, 2009, 05:19:44 AM »

This does not look like a malware problem but we will give it one more shot...

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please download from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Logged

An Australian Member of

EDDY
Ekim407
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 94


Bookmark and Share

View Profile
« Reply #5 on: January 20, 2009, 02:16:39 PM »

i don't have the password to disable anti-virus.  should i still go ahead and run combofix?
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: January 20, 2009, 09:26:51 PM »

Yes.Just go ahead and run Combofix.
Logged

An Australian Member of

EDDY
Ekim407
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 94


Bookmark and Share

View Profile
« Reply #7 on: January 28, 2009, 08:54:01 PM »

Ok, I ran combofix.  here is the log, followed by a new HJT log....

ComboFix 09-01-21.04 - mxandrad 2009-01-28 14:36:10.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.510.182 [GMT -6:00]
Running from: c:\documents and settings\mxandrad\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\IE4 Error Log.txt

----- BITS: Possible infected sites -----

hxxp://NTSMSDB01:80
hxxp://NTSMSDP01:80
.
(((((((((((((((((((((((((   Files Created from 2008-12-28 to 2009-01-28  )))))))))))))))))))))))))))))))
.

2009-01-27 14:39 . 2009-01-27 14:39   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Soulseek
2009-01-27 14:30 . 2009-01-27 14:30   <DIR>   d--------   c:\program files\SoulseekNS
2009-01-14 07:08 . 2009-01-14 07:09   <DIR>   d--------   c:\program files\QuickTime
2009-01-14 07:08 . 2009-01-14 07:08   <DIR>   d--------   c:\program files\Apple Software Update
2009-01-13 23:00 . 2009-01-13 23:00   <DIR>   d--------   c:\program files\Western Digital
2009-01-13 22:57 . 2009-01-13 22:57   <DIR>   d--------   c:\program files\Western Digital Technologies

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 13:09   ---------   d-----w   c:\program files\Common Files\Apple
2009-01-14 05:04   0   ---h--w   c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-01-14 05:04   ---------   d-----w   c:\program files\Common Files\Nikon
2009-01-10 17:43   ---------   d-----w   c:\documents and settings\mxandrad\Application Data\uTorrent
2009-01-09 00:20   ---------   d-----w   c:\program files\DivX
2009-01-08 14:41   ---------   d-----w   c:\program files\Yahoo!
2009-01-03 19:00   ---------   d-----w   c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-17 19:33   ---------   d-----w   c:\program files\Symantec AntiVirus
2008-12-12 20:46   ---------   d-----w   c:\program files\Common Files\Symantec Shared
2008-12-12 20:43   ---------   d-----w   c:\documents and settings\All Users\Application Data\Symantec
2008-12-12 20:33   805   ----a-w   c:\windows\system32\drivers\SYMEVENT.INF
2008-12-12 20:33   123,952   -c--a-w   c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-12 20:33   10,563   ----a-w   c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-12 20:33   ---------   d-----w   c:\program files\Symantec
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2008-03-17 12:54   380472   --a------   c:\windows\system32\PGPfsshl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-10-04 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 512000]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-14 139264]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-09-01 237568]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-08-29 94208]
"QCTRAY"="c:\program files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-09-06 745472]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-09-06 86016]
"AccessManager"="c:\program files\AccessManager\Client\AccessMgr.exe" [2004-07-22 786432]
"RightFAX Print-to-Fax Driver"="c:\progra~1\RIGHTFAX\Client\FaxCtrl.exe" [2004-10-22 94208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-13 115560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"TpShocks"="TpShocks.exe" [2005-11-07 c:\windows\system32\TpShocks.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-09-19 24576]
PGPtray.exe.lnk - c:\windows\Installer\{3D9C6299-6661-47CF-AA09-74C7F96E9201}\Icon6560581611.exe [2008-08-13 55296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"AllowMultipleTSSessions"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-09-06 02:08 262144 c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-06-16 21:23 24576 c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      scecli PGPpwflt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpSvc.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"c:\\Program Files\\ThinkPad\\ConnectUtilities\\QCWIZARD.EXE"=
"c:\\Program Files\\Cognos\\cer4\\bin\\AccessConfigWizard.exe"=
"c:\\Program Files\\E!PC\\nodecfg.exe"=
"c:\\Program Files\\E!PC\\MANAGER.exe"=
"c:\\Program Files\\E!PC\\E32CFG.exe"=
"c:\\Program Files\\E!PC\\FT5250db.exe"=
"c:\\Program Files\\Cognos\\cer4\\bin\\PwrPlay.exe"=
"c:\\Program Files\\Cognos\\cer4\\bin\\edmacro32.exe"=
"c:\\Program Files\\Cognos\\cer4\\bin\\configgui.exe"=
"c:\\Program Files\\E!PC\\EXTRA.exe"=
"c:\\Program Files\\Software AG\\Entire Connection 4.1.2\\PccConvert.exe"=
"c:\\Program Files\\IP VPN Remote Services\\Extranet.exe"=
"c:\\Program Files\\E!PC\\ebedit.exe"=
"c:\\Program Files\\E!PC\\migrate.exe"=
"c:\\Program Files\\E!PC\\RmtCmd32.exe"=
"c:\\Salient UXT\\salcli.exe"=
"c:\\Program Files\\E!PC\\Appnode.exe"=
"c:\\Program Files\\E!PC\\status.exe"=
"c:\\Program Files\\E!PC\\APPNOFF.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Software AG\\Entire Connection 4.1.2\\PccTerminal.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\AS2\\BIN\\DPAS2FILETRANSFER.EXE"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"135:TCP"= 135:TCP:RPC
"2701:TCP"= 2701:TCP:general contact, reboot, and ping
"2702:TCP"= 2702:TCP:Remote Control
"2703:TCP"= 2703:TCP:File Transfer
"2704:TCP"= 2704:TCP:Chat

R0 pgpfs;PGP File Sharing;c:\windows\system32\drivers\PGPfsfd.sys [2008-03-17 115768]
R0 PGPwded;PGPwded Storage Filter Service;c:\windows\system32\drivers\PGPwded.sys [2008-03-17 204856]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2006-09-19 69632]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2006-09-19 14720]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2006-09-19 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2006-09-19 2432]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-09-19 4736]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2006-09-19 16384]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2006-09-19 4442]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2006-09-20 9817]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-12 99376]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2006-09-19 6400]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [2005-04-21 14336]
R4 AMBroker;Access Manager Configuration Service;c:\program files\AccessManager\Client\AMBroker.exe [2004-07-22 77824]
R4 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2008-03-17 245816]
R4 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2008-03-17 40504]
R4 Sygman;SSA Integration Manager;c:\program files\AccessManager\Client\sygman.exe [2004-07-22 126976]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-11 24652]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-10-13 23904]
S3 DAPlugin;Visual Insight DA Plugin;c:\program files\AccessManager\Client\DAPlugin.exe [2004-07-22 81920]
S3 Entire Connection Host Printer Service;Entire Connection Host Printer Service;c:\program files\Software AG\Entire Connection 4.1.2\PccPLUSv.exe [2006-09-20 49152]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\IP VPN Remote Services\Extranet_serv.exe [2006-09-20 643072]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2006-09-19 12288]
S3 sp_spi_da;Visual Insight Dial Analysis;c:\program files\SmartPipes\SMOC\spi_da.exe [2003-04-17 81920]
S4 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2006-09-20 117760]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4129f617-e182-11dd-9611-444553544200}]
\Shell\AutoRun\command - e:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2006-09-20 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2005-04-20 00:38]

2009-01-28 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-04-14 00:01]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-iLike - c:\program files\iLike\1.1.16\ilikesidebar.exe
SafeBoot-Symantec Antvirus


.
------- Supplementary Scan -------
.
uStart Page = hxxp://intranet.pcgb.com/
uInternet Connection Wizard,ShellNext = hxxp://intranet.pcgb.com/
uInternet Settings,ProxyServer = proxy.pcgb.com:80
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\PGPlsp.dll
FF - ProfilePath - c:\documents and settings\mxandrad\Application Data\Mozilla\Firefox\Profiles\15zmg81m.default\
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 14:47:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1336)
c:\windows\system32\PGPlsp.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'lsass.exe'(1392)
c:\windows\system32\PGPlsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Symantec AntiVirus\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PGPserv.exe
c:\windows\system32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\SmartPipes\PMAC\sp_SWIns.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Symantec AntiVirus\SmcGui.exe
c:\docume~1\mxandrad\LOCALS~1\Temp\LogonApp.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\rundll32.exe
c:\progra~1\ThinkPad\CONNEC~1\QCTRAY.EXE
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\PGP Corporation\PGP Desktop\PGPtray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-28 14:50:43 - machine was rebooted [mxandrad]
ComboFix-quarantined-files.txt  2009-01-28 20:49:50
ComboFix2.txt  2008-06-30 14:36:21

Pre-Run: 30,858,260,480 bytes free
Post-Run: 31,357,116,416 bytes free

254




Will post new HJT log in next post
Logged

 
Ekim407
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 94


Bookmark and Share

View Profile
« Reply #8 on: January 28, 2009, 08:54:46 PM »

here is my new HJT log, (had to put in separate post due to post length limit)

Logfile of HijackThis v1.99.1
Scan saved at 14:53, on 2009-01-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SmartPipes\PMAC\sp_SWIns.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AccessManager\Client\sygman.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\DOCUME~1\mxandrad\LOCALS~1\Temp\LogonApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\PROGRA~1\RIGHTFAX\Client\FaxCtrl.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.pcgb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet.pcgb.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.pcgb.com:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\PROGRA~1\RIGHTFAX\Client\FaxCtrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Startup: Shortcut to BackupToG.lnk = Documents and Settings\mxandrad\Start Menu\Programs\Startup\BackupToG.bat
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: PGPtray.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158722955406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225899686375
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.pcgb.com
O17 - HKLM\Software\..\Telephony: DomainName = na.pcgb.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.pcgb.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.pcgb.com
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: Entire Connection Host Printer Service - Software AG - C:\Program Files\Software AG\Entire Connection 4.1.2\PccPlusv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\IP VPN Remote Services\Extranet_serv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\SmartPipes\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\SmartPipes\SMOC\spi_da.exe
O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: January 29, 2009, 12:59:40 AM »

I see no more problems.You should be fine now.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 04, 2018, 10:57:08 AM