Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Cleanup Required

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Cleanup Required

Unread postby epmenard » December 18th, 2008, 4:52 pm

hello,

need help in cleaning the pc. Not sure exactly how infected it is but pretty sure it's not zestfully clean...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:32, on 2008-12-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mnmsrvc.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Sierra Wireless\3G Wireless Module\Generic\Components\SWAutoLaunch.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\FaronicsAE\Faronics Anti-Executable\AEManager.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\BAMPrintScreen.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Apps\TeleDirect\System.VA\RestartSFAPrintAgents.exe
C:\Apps\TeleDirect\System.VA\RXAPI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\svchost.exe
c:\apps\teledirect\System.VA\REXXAgnt.exe
c:\apps\teledirect\System.VA\REXXPrnt.exe
c:\apps\teledirect\system.va\REXXAgtP.exe
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\lotus\notes\NCDaemon.exe
C:\Program Files\lotus\notes\ntaskldr.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\Quest Software\Toad for Oracle\toad.exe
C:\PROGRA~1\QUESTS~1\KNOWLE~1\KXpert.exe
C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe
C:\WINDOWS\system32\cls.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://evolution.ad.ypg.com/portal/fra/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 172.27.80.37 TDIPSERVER
O1 - Hosts: 172.27.80.37 SCRDB2D1 SCRDB2D1.tdpub.com # DB2D DDCS - Scarborough
O1 - Hosts: 172.27.80.37 SCRDDCS1 SCRDDCS1.tdpub.com # DB2 DDCS - Scarborough
O1 - Hosts: 172.27.80.37 KITDDCS1 KITDDCS1.tdpub.com # DB2 DDCS - Kitchener
O1 - Hosts: 172.27.80.37 ETODDCS1 ETODDCS1.tdpub.com # DB2 DDCS - Etobicoke
O1 - Hosts: 172.27.12.88 YPGIDSSUNF03
O1 - Hosts: 142.182.194.184 dm3cel.on.bell.ca
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BAMPrintScreen] BAMPrintScreen.exe
O4 - HKLM\..\Run: [SFA_Agent] C:\Apps\TeleDirect\System.VA\rexxagnt.exe C:\Apps\TeleDirect\Ica\Agent\Agent.rex
O4 - HKLM\..\Run: [SFA_Print_Agent] C:\Apps\TeleDirect\PrintContract\startprintdriver.cmd
O4 - HKLM\..\Run: [SFA_Agent_Check] C:\Apps\TeleDirect\System.VA\RestartSFAPrintAgents.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Facilis BYS] "C:\Program Files\Facilis BYS\FacilisBYS.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NalView.exe
O4 - Global Startup: McAfee Desktop Firewall Tray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://clientdabord-customerfirst-lc.intranet.ypg.com
O15 - Trusted Zone: http://clientdabord-customerfirst-os.intranet.ypg.com
O15 - Trusted Zone: *.ypg.com
O15 - Trusted IP range: http://172.27.142.62
O16 - DPF: {00D9C306-6B11-492A-9AFC-C53CE30849CF} (Siebel SmartScript) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/enu/19213/applets/SiebelAx_Smartscript.cab
O16 - DPF: {0D68687A-A2A3-46EB-9ED9-956C83875A6C} (Siebel Marketing HTML Editor) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_HTML_Editor.cab
O16 - DPF: {169ADD4B-EE8B-4B27-B332-2941A82DA7E2} (Siebel Microsite Layout Designer) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/fra/19213/applets/SiebelAx_Microsite_Layout.cab
O16 - DPF: {16C7BBB7-738A-47D7-956E-52DD9A166A9A} (Siebel Event Calendar) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_Calendar.cab
O16 - DPF: {1D922C61-16AB-4179-8302-6B8A688C88D0} (CSSAxContainerCtrl Class) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/fra/19213/applets/SiebelAx_Container_Control.cab
O16 - DPF: {353F130D-72DB-4F14-B750-625F90D75D1B} (Siebel Test Automation) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/fra/19213/applets/SiebelAx_Test_Automation.cab
O16 - DPF: {35B19FD9-097D-4D6D-AF85-5A02946816BA} (Siebel Callcenter Communications Toolbar) - http://clientdabord-customerfirst-os.in ... oolbar.cab
O16 - DPF: {3E8C4740-70C5-439E-AE2F-16234083E248} (Siebel High Interactivity Framework) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/enu/19213/applets/SiebelAx_HI_Client.cab
O16 - DPF: {48CE1C1F-092D-461C-A385-A0C3D19FE052} (Siebel iHelp) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/fra/19213/applets/SiebelAx_iHelp.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {5FCAD8CF-85C1-4FD9-BD04-995CBEBA5BEB} (Siebel Hospitality Gantt Chart) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/fra/19213/applets/SiebelAx_Hospitality_Gantt.cab
O16 - DPF: {60CD4076-F4B6-4F8B-AF3E-61B200346DD9} (Siebel High Interactivity Framework) - http://clientdabord-customerfirst-t2.in ... Client.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4652127515
O16 - DPF: {73EF83D1-DA75-4F58-8DB6-1CD6D8F9C8A1} (Siebel Calendar) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/enu/19213/applets/SiebelAx_Calendar.cab
O16 - DPF: {756E01C3-2CF9-4364-8724-B8C850CB0D50} (UInboxDynBtn Class) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/fra/19213/applets/SiebelAx_UInbox.cab
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - http://clientdabord-customerfirst.intra ... ration.cab
O16 - DPF: {96A3E5AB-C228-4D1D-B31F-712BA35EE470} (Siebel Gantt Chart) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/enu/19213/applets/SiebelAx_Gantt_Chart.cab
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - http://172.27.13.186:8080/qcbin/Spider90.ocx
O16 - DPF: {A40BF088-6281-40F9-A3FF-29DF08424620} (Siebel Gantt Chart) - http://clientdabord-customerfirst.intra ... _Chart.cab
O16 - DPF: {B16D2716-DE8D-4557-B118-6F7E6C4EEDFE} (Siebel High Interactivity Framework) - http://clientdabord-customerfirst-lc.in ... Client.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b55579.cab
O16 - DPF: {C5FEEC93-506D-4B41-A38B-3A59BF5B41AB} (Siebel Callcenter Communications Toolbar) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/enu/19213/applets/SiebelAx_CTI_Toolbar.cab
O16 - DPF: {C657D5D2-D725-4F0E-91A9-EA74647DCF84} (Siebel Marketing Allocation) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/enu/19213/applets/SiebelAx_Marketing_Allocation.cab
O16 - DPF: {D6CC2526-859B-40C0-8515-1A47946478B6} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/enu/19213/applets/SiebelAx_OutBound_mail.cab
O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} (Siebel High Interactivity Framework) - http://epmenard.ad.ypg.com/19230/applet ... Client.cab
O16 - DPF: {DE2C7216-C882-400E-BB47-EBB90237CAD1} (Siebel High Interactivity Framework) - http://clientdabord-customerfirst.intra ... Client.cab
O16 - DPF: {EFB7D763-97A3-11CF-AE19-00608CEADE00} (CIC Ink Control) - file:///C:/Program%20Files/Siebel/7.8/web%20client/PUBLIC/fra/19213/applets/iTools.cab
O16 - DPF: {EFCDF4EB-7CA2-4FAD-8718-765355FE29C9} (Siebel High Interactivity Framework) - http://clientdabord-customerfirst-dv.in ... Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.ypg.com
O17 - HKLM\Software\..\Telephony: DomainName = ad.ypg.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.ypg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.ypg.com
O20 - Winlogon Notify: LogonLauncher - C:\WINDOWS\SYSTEM32\LogLaun.dll
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: SWAutoLaunch - Unknown owner - C:\Program Files\Sierra Wireless\3G Wireless Module\Generic\Components\SWAutoLaunch.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe
O24 - Desktop Component 1: TSX Group - Java Ticker - http://www.tsx.com/HttpController?GetPa ... 2CXLX-T%2C

--
End of file - 15495 bytes


thanks!
epmenard
Active Member
 
Posts: 1
Joined: December 18th, 2008, 4:41 pm
Advertisement
Register to Remove

Re: Cleanup Required

Unread postby silver » December 29th, 2008, 5:34 am

Hi epmenard,

The forum rules do not allow us to work on business-related computers:
In General, we do not help in cleaning business or corporate computers. There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware. There may also be legal issues regarding any loss of business data that we do not wish to deal with.

So I am sorry we won't be able to help you in this case, and accordingly I have closed the topic.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware