Free Malware Removal Forum

[mjgillen]

This is for a different computer, not the same computer as my previouis post.

My laptop is working well, EXCEPT when I visit certain sites, IE freezes. If you see something wrong in this .LOG file please let me know.

Thanks!
Michael

Logfile of HijackThis v1.99.0
Scan saved at 12:03:38 PM, on 6/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\apps\atria\bin\albd_server.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
c:\apps\atria\bin\cccredmgr.exe
C:\WINDOWS\System32\GEARSEC.EXE
c:\apps\atria\bin\lockmgr.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\VERITAS NetBackup Professional\System\NBPClientSvcush.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RegSrvc.exe
c:\qualcomm\riservicessetup\riwindowsservice.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\VERITAS NetBackup Professional\NBPClientush.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\mgillen\My Documents\My Received Files\SpyWare\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qualnet.qualcomm.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qualnet.qualcomm.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [smbdpmi] C:\PROGRA~1\UMS\utils\smbdpmi.exe
O4 - HKLM\..\Run: [dllInit ibmasstw.dll] "C:\Program Files\UMS\utils\DLLINIT.EXE" ibmasstw.dll
O4 - HKLM\..\Run: [AirCardEnabler] C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CCDoctorLogonTesting] "c:\apps\atria\bin\ccdoctor.exe" /LogonStartup
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p USB -pn "" -n 0 -l -sl 120000
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrustQC] C:\WINDOWS\System32\IE6sp1RegKey2.exe /s
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [ReadSpeed] C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\apps\msoffice\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: NetBackup Professional Client.lnk = ?
O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\apps\msoffice\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O14 - IERESET.INF: START_PAGE_URL=http://qualnet.qualcomm.com/
O15 - Trusted Zone: http://webiis1.qualcomm.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.qualcomm.com
O17 - HKLM\Software\..\Telephony: DomainName = na.qualcomm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.qualcomm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qualcomm.com,na.qualcomm.com,sa.qualcomm.com,eu.qualcomm.com,ap.qualcomm.com,corp.qualcomm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.qualcomm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = qualcomm.com,na.qualcomm.com,sa.qualcomm.com,eu.qualcomm.com,ap.qualcomm.com,corp.qualcomm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qualcomm.com,na.qualcomm.com,sa.qualcomm.com,eu.qualcomm.com,ap.qualcomm.com,corp.qualcomm.com
O23 - Service: Atria Location Broker - Unknown - c:\apps\atria\bin\albd_server.exe
O23 - Service: Access Manager Configuration Service - Unknown - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: Atria Cred Manager - Unknown - c:\apps\atria\bin\cccredmgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSEC.EXE
O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Atria Lock Manager - Unknown - c:\apps\atria\bin\lockmgr.exe
O23 - Service: Macromedia Licensing Service - Unknown - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: VERITAS NetBackup Professional Client Service - VERITAS Software Corporation - C:\Program Files\VERITAS NetBackup Professional\System\NBPClientSvcush.exe
O23 - Service: OracleOraHome81ClientCache - Unknown - C:\Apps\Ora81\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: RiWindowsService - - c:\qualcomm\riservicessetup\riwindowsservice.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SMSAPMkick - Unknown - C:\WINDOWS\System32\srvany.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: VERITAS NetBackup Professional Persistent Change Journal Service - VERITAS Software Corporation - C:\Program Files\Common Files\VERITAS Shared\ChangeLog\VChangeLogSvcu.exe

[ChrisRLG]

Well your log looks clean.

Can you list the URL's of the sites you are having problems with.

You machine is a little complicated because of the work programs etc. and it may be they that are stopping access.

[ChrisRLG]

You also have an old version of hijackthis - please use the downloads link at the top of this page to get the later version.

[mjgillen]

Hello ChrisRLG!

I am working with NonSuch on another computer and do not want to utilize the bandwidth so I will complete the work with NonSuch and then get back to you about this computer. Seems only fair considering the workload you guys have.

Thanks!
Michael

[ChrisRLG]

OK

When you are ready.

You can also use the 06 room inside the university for your own problems, as you are a trainee.