Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please review my hijackThis report - thanks for your help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please review my hijackThis report - thanks for your help!

Unread postby wpidwell » December 17th, 2010, 4:10 pm

Thank you for reviewing my report - this was done due to my computer running slowly compared to my partners that are running the same programs.

Thanks!
Bill



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:27:55 PM, on 12/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\digtizer.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\PMService.exe
C:\Program Files\EquinoxITS\Agent\AgentMon.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\rpcld.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\EquinoxITS\Agent\KaUsrTsk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMenu.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
\pch.local\SysVol\pch.local\Policies\{19AE39DD-B6FC-441B-AEE9-D12674BCEDA6}\User\Scripts\Logon\cymdir.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe
C:\Documents and Settings\pidwellw\Local Settings\Apps\2.0\EV7PKV76.ONP\LKEDEEJR.R3D\imed...app_cabb2d6df4dda259_0009.0000_599c57cf51da9168\iMedica.Prm.Client.exe
C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
C:\Program Files\Juniper Networks\Network Connect 6.5.0\dsNetworkConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\PCH-DC1\users$\pidwellw\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=WtU ... 7m_-NCV0OY
O1 - Hosts: 159.212.70.161 secureaccess.intermountainhealthcare.org
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [EPA_EZ_GPO_Tool] C:\WINDOWS\system32\EZ_GPO_Tool.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KASHEQNTSR64379874393183] "C:\Program Files\EquinoxITS\Agent\KaUsrTsk.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us.fujitsu.com/computers
O15 - Trusted Zone: http://www.4medica.com
O15 - Trusted Zone: *.equinoxits.com
O15 - Trusted Zone: http://www.4medica.com (HKLM)
O15 - Trusted Zone: *.equinoxits.com (HKLM)
O15 - ESC Trusted Zone: http://get.adobe.com
O15 - ESC Trusted Zone: http://www.adobe.com
O15 - ESC Trusted Zone: http://wwwimages.adobe.com
O15 - ESC Trusted Zone: http://www.angryziber.com
O15 - ESC Trusted Zone: http://swamp.foofus.net
O15 - ESC Trusted Zone: http://www.lostpassword.com
O15 - ESC Trusted Zone: http://*.portableapps.com
O15 - ESC Trusted Zone: http://*.sourceforge.net
O15 - ESC Trusted Zone: http://www.teamcti.com
O15 - ESC Trusted Zone: http://www.terranovum.com
O15 - ESC Trusted Zone: http://m.webtrends.com
O15 - ESC Trusted Zone: http://get.adobe.com (HKLM)
O15 - ESC Trusted Zone: http://www.adobe.com (HKLM)
O15 - ESC Trusted Zone: http://wwwimages.adobe.com (HKLM)
O15 - ESC Trusted Zone: http://www.angryziber.com (HKLM)
O15 - ESC Trusted Zone: http://swamp.foofus.net (HKLM)
O15 - ESC Trusted Zone: http://www.lostpassword.com (HKLM)
O15 - ESC Trusted Zone: http://*.portableapps.com (HKLM)
O15 - ESC Trusted Zone: http://*.sourceforge.net (HKLM)
O15 - ESC Trusted Zone: http://www.teamcti.com (HKLM)
O15 - ESC Trusted Zone: http://www.terranovum.com (HKLM)
O15 - ESC Trusted Zone: http://m.webtrends.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.21.4
O15 - ESC Trusted IP range: http://192.168.21.109
O15 - ESC Trusted IP range: http://192.168.21.8
O15 - ESC Trusted IP range: http://192.168.21.30
O15 - ESC Trusted IP range: http://192.168.21.31
O15 - ESC Trusted IP range: http://192.168.20.71
O15 - ESC Trusted IP range: http://192.168.21.151
O15 - ESC Trusted IP range: http://192.168.21.35
O15 - ESC Trusted IP range: http://192.168.21.2
O15 - ESC Trusted IP range: http://192.168.21.200
O15 - ESC Trusted IP range: http://192.168.21.10
O15 - ESC Trusted IP range: http://192.168.21.12
O15 - ESC Trusted IP range: http://192.168.0.254
O15 - ESC Trusted IP range: http://192.168.21.110
O15 - ESC Trusted IP range: http://192.168.0.1
O15 - ESC Trusted IP range: http://192.168.21.4 (HKLM)
O15 - ESC Trusted IP range: http://192.168.21.109 (HKLM)
O15 - ESC Trusted IP range: http://192.168.21.8 (HKLM)
O15 - ESC Trusted IP range: http://192.168.21.30 (HKLM)
O15 - ESC Trusted IP range: http://192.168.21.31 (HKLM)
O15 - ESC Trusted IP range: http://192.168.20.71 (HKLM)
O15 - ESC Trusted IP range: http://192.168.21.151 (HKLM)
O15 - ESC Trusted IP range: http://192.168.21.35 (HKLM)
O15 - ESC Trusted IP range: http://192.168.21.2 (HKLM)
O15 - ESC Trusted IP range: http://192.168.21.200 (HKLM)
O15 - ESC Trusted IP range: http://192.168.21.10 (HKLM)
O15 - ESC Trusted IP range: http://192.168.21.12 (HKLM)
O15 - ESC Trusted IP range: http://192.168.0.254 (HKLM)
O15 - ESC Trusted IP range: http://192.168.21.110 (HKLM)
O15 - ESC Trusted IP range: http://192.168.0.1 (HKLM)
O16 - DPF: ImpaxCab - https://ihcweb-clin.co.ihc.com/ResultsR ... paxCab.CAB
O16 - DPF: {54FF454A-8F37-4406-8797-4C3607918A85} (Centricity Web ViewApp Control 3.0) - https://ihcweb-clin.co.ihc.com:8088/ami ... viewer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 7281381898
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://secureaccess.intermountainhealt ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://secureaccess.intermountainhealt ... Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pch.local
O17 - HKLM\Software\..\Telephony: DomainName = pch.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pch.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = co.ihc.com,ihc.com,intermountain.net,pch.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pch.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = co.ihc.com,ihc.com,intermountain.net,pch.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Energy Star(TM) EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINDOWS\system32\PMService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kaseya Agent (KAEQNTSR64379874393183) - Kaseya International Limited - C:\Program Files\EquinoxITS\Agent\AgentMon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: o2flash - O2Micro International - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Remote Procedure Call (RPC) LD (rpcld) - Absolute Software Corp. - C:\WINDOWS\system32\rpcld.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 15478 bytes
wpidwell
Active Member
 
Posts: 1
Joined: December 17th, 2010, 3:53 pm
Advertisement
Register to Remove

Re: Please review my hijackThis report - thanks for your hel

Unread postby Wingman » December 17th, 2010, 6:22 pm

Business Use Computer
It appears you are using your computer for business purposes or connecting to a business network.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.

This topic is now closed.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 288 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware