Options
Trojon in my Server!
Can somebody please advise me on how to get rid of these nasties?!
Logfile of HijackThis v1.99.1
Scan saved at 16:33:37, on 04/09/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ismserv.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PCODEC\isamonitor.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\PCODEC\isamini.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\MySoftware\MyInvoices\tracker.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\DOBE~1\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
C:\MySoftware\MyFileBackup\program\WebBackup.exe
C:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
E:\Executables\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emico-it.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.2/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.24.102.186:80
R3 - URLSearchHook: (no name) - {3442F933-6BF4-6722-A4AE-6843B164F6B8} - C:\WINDOWS\system32\hmmtiqn.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\PCODEC\isaddon.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {3442F933-6BF4-6722-A4AE-6843B164F6B8} - C:\WINDOWS\system32\hmmtiqn.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Protection Bar - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - C:\Program Files\PCODEC\iesplugin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series on serv01 (from XP01) in session 3] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P61 "EPSON Stylus CX3600 Series on serv01 (from XP01) in session 3" /O5 "TS001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series on serv01 (from XP01) in session 1] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P61 "EPSON Stylus CX3600 Series on serv01 (from XP01) in session 1" /O5 "TS001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Tracker] C:\MySoftware\MyInvoices\tracker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series on serv01 (from UMORPEX3KVFF5-L) in session 1] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P76 "EPSON Stylus Photo R340 Series on serv01 (from UMORPEX3KVFF5-L) in session 1" /O5 "TS002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series on serv01 (from UMORPEX3KVFF5-L) in session 2] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P76 "EPSON Stylus Photo R340 Series on serv01 (from UMORPEX3KVFF5-L) in session 2" /O5 "TS002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series on serv01 (from UMORPEX3KVFF5-L) in session 3] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P76 "EPSON Stylus Photo R340 Series on serv01 (from UMORPEX3KVFF5-L) in session 3" /O5 "TS002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: edonkey2000.exe.lnk = C:\Program Files\eDonkey v1.0\edonkey2000.exe
O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
O4 - Global Startup: MySoftware WebBackup.lnk = C:\MySoftware\MyFileBackup\program\WebBackup.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = randolo.com
O17 - HKLM\Software\..\Telephony: DomainName = randolo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BE8A710-9B22-4D4B-AB46-A99C5DCD3701}: NameServer = 192.168.0.2,212.159.13.49
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = randolo.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BE8A710-9B22-4D4B-AB46-A99C5DCD3701}: NameServer = 192.168.0.2,212.159.13.49
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Program Files\Common Files\Stibo\RS_ProtocolHandler.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
Thanks in advance - Rand.
Logfile of HijackThis v1.99.1
Scan saved at 16:33:37, on 04/09/2006
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ismserv.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PCODEC\isamonitor.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\PCODEC\isamini.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\MySoftware\MyInvoices\tracker.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\DOBE~1\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
C:\MySoftware\MyFileBackup\program\WebBackup.exe
C:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Systran\4_0\Premium\SYSTRA~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
E:\Executables\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emico-it.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.2/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.24.102.186:80
R3 - URLSearchHook: (no name) - {3442F933-6BF4-6722-A4AE-6843B164F6B8} - C:\WINDOWS\system32\hmmtiqn.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\PCODEC\isaddon.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: (no name) - {3442F933-6BF4-6722-A4AE-6843B164F6B8} - C:\WINDOWS\system32\hmmtiqn.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Protection Bar - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - C:\Program Files\PCODEC\iesplugin.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series on serv01 (from XP01) in session 3] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P61 "EPSON Stylus CX3600 Series on serv01 (from XP01) in session 3" /O5 "TS001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series on serv01 (from XP01) in session 1] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P61 "EPSON Stylus CX3600 Series on serv01 (from XP01) in session 1" /O5 "TS001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Tracker] C:\MySoftware\MyInvoices\tracker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series on serv01 (from UMORPEX3KVFF5-L) in session 1] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P76 "EPSON Stylus Photo R340 Series on serv01 (from UMORPEX3KVFF5-L) in session 1" /O5 "TS002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series on serv01 (from UMORPEX3KVFF5-L) in session 2] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P76 "EPSON Stylus Photo R340 Series on serv01 (from UMORPEX3KVFF5-L) in session 2" /O5 "TS002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series on serv01 (from UMORPEX3KVFF5-L) in session 3] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\E_FATIAJE.EXE /P76 "EPSON Stylus Photo R340 Series on serv01 (from UMORPEX3KVFF5-L) in session 3" /O5 "TS002" /M "Stylus Photo R340"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: edonkey2000.exe.lnk = C:\Program Files\eDonkey v1.0\edonkey2000.exe
O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
O4 - Global Startup: MySoftware WebBackup.lnk = C:\MySoftware\MyFileBackup\program\WebBackup.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = randolo.com
O17 - HKLM\Software\..\Telephony: DomainName = randolo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BE8A710-9B22-4D4B-AB46-A99C5DCD3701}: NameServer = 192.168.0.2,212.159.13.49
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = randolo.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BE8A710-9B22-4D4B-AB46-A99C5DCD3701}: NameServer = 192.168.0.2,212.159.13.49
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Program Files\Common Files\Stibo\RS_ProtocolHandler.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
Thanks in advance - Rand.
0
Comments
Scan started: Mon Sep 04 17:01:55 2006
File excluded 'C:\Documents and Settings\Administrator\Application Data\DOBE~1\svchost.exe'
C:\Documents and Settings\Administrator\Application Data\DOBE~1\svchost.exe: Trojan.PurityScan.BJ FOUND
-- summary --
Known viruses: 67591
Engine version: 0.88.4
Scanned directories: 456
Scanned files: 1195
Infected files: 1
Not moved: 1
Data scanned: 988.97 MB
Time: 339.016 sec (5 m 39 s)
Completed
Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
IMPORTANT: Do NOT run any other options until you are asked to do so!
=====
I would like to see another log from HijackThis.
- Run Hijackthis.
- Click on Open the Misc Tools section.
- Next click on Open uninstall manager.
- Press the Save list button. It will open a Notepad file.
- Copy & Paste the entire contents of that file in your in your next post.
=====Please post the files asked for above.