Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page my computer's infected with icmntr.exe
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 11-29-2007, 11:32 AM   #1 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 5
OS: windows vista


my computer's infected with icmntr.exe
it's causing pop-ups and my computer to run slowly. I really need my computer and I can't afford for it to be down for a long time. Its also causing a weird security toolbar on my internet explorer. I need help pleasee!! The file's called icmntr.exe, and it's in a folder called "Video Ad Ons". HELP!!
lgr2115 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 12-01-2007, 08:14 PM   #2 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: my computer's infected with icmntr.exe
Download SDFix and save it to your desktop.


Please then reboot your computer in Safe Mode by doing the following :
Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.

It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.

Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum.


=========================================

This will help to identify any malware on your system.
Please download Combofix from HERE or HERE

Save ComboFix to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Copy and Paste the contents of that log in your next reply with a new hijackthis log. Do not use Code or html unless asked for.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-02-2007, 06:20 PM   #3 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 5
OS: windows vista


Re: my computer's infected with icmntr.exe
When I clicked on the link you gave me to download SDFix, it said that SDFix.zip could not be found on this server, but SDFix.exe could. So I downloaded that and you can't right-click and do the "Extract All". But I have the two logs you asked for:

ComboFix Log:

ComboFix 07-11-29.3 - Lauren 2007-12-02 20:00:55.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.161 [GMT -5:00]
Running from: C:\Users\Lauren\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-02 19:52 . 2007-12-02 19:52 1,375,449 --a------ C:\SDFix.zip
2007-12-01 17:48 . 2007-12-01 17:48 <DIR> d-------- C:\Users\All Users\GoBit Games
2007-12-01 17:48 . 2007-12-01 17:48 <DIR> d-------- C:\ProgramData\GoBit Games
2007-12-01 17:47 . 2007-12-02 17:36 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-11-30 20:31 . 2007-12-02 19:54 8,405,015 --a------ C:\Windows\TempFile
2007-11-30 20:30 . 2007-11-30 20:30 <DIR> d-------- C:\Windows\System32\RNBOSENT
2007-11-30 20:30 . 2001-06-22 00:39 49,664 --a------ C:\Windows\System32\SNTI386.DLL
2007-11-30 20:30 . 2001-06-22 00:39 18,432 --a------ C:\Windows\System32\RNBOVDD.DLL
2007-11-30 20:30 . 2001-06-22 00:39 9,949 --------- C:\Windows\System32\SENTINEL.HLP
2007-11-30 20:21 . 2007-11-30 20:21 <DIR> d-------- C:\Program Files\Alias
2007-11-30 20:16 . 2007-11-30 20:18 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
2007-11-30 20:16 . 2007-11-30 20:35 <DIR> d-------- C:\FLEXM
2007-11-15 11:23 . 2007-11-15 11:23 2,923,520 --a------ C:\Windows\explorer.exe
2007-11-08 17:46 . 2007-11-08 17:46 <DIR> d-------- C:\Users\All Users\HipSoft
2007-11-08 17:46 . 2007-11-08 17:46 <DIR> d-------- C:\ProgramData\HipSoft
2007-11-08 00:53 . 2007-11-08 00:53 <DIR> d-------- C:\Users\All Users\Escape From Paradise
2007-11-08 00:53 . 2007-11-08 00:53 <DIR> d-------- C:\ProgramData\Escape From Paradise
2007-11-07 23:13 . 2007-11-07 23:13 <DIR> d-------- C:\Users\All Users\Trymedia
2007-11-07 23:13 . 2007-11-07 23:13 <DIR> d-------- C:\ProgramData\Trymedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 00:11 --------- d-----w C:\ProgramData\PlayFirst
2007-12-01 22:09 --------- d-----w C:\Program Files\GanttProject
2007-12-01 21:43 --------- d-----w C:\Program Files\Samurize
2007-12-01 01:16 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-11-29 05:25 --------- d-----w C:\Program Files\Norton Security Scan
2007-11-29 05:24 --------- d-----w C:\Program Files\SIFXINST
2007-11-29 05:22 --------- d-----w C:\Program Files\DivX
2007-11-28 04:42 --------- d-----w C:\ProgramData\WildTangent
2007-11-25 05:45 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-15 16:23 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 16:23 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-15 16:23 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-15 16:23 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-15 16:23 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-15 16:23 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-11-15 16:23 3,471,032 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-15 16:23 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-15 16:23 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-15 16:23 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-15 16:23 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-15 16:23 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-15 16:23 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-15 16:23 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-15 16:22 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-15 16:19 --------- d-----w C:\Program Files\Windows Mail
2007-11-02 20:00 --------- d-----w C:\Program Files\iTunes
2007-11-02 20:00 --------- d-----w C:\Program Files\iPod
2007-11-02 19:44 --------- d-----w C:\ProgramData\McAfee
2007-11-02 19:44 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-02 19:44 --------- d-----w C:\Program Files\AIM
2007-11-02 18:35 --------- d-----w C:\ProgramData\AOL OCP
2007-11-02 18:35 --------- d-----w C:\ProgramData\AOL
2007-11-02 18:35 --------- d-----w C:\Program Files\AIM6
2007-11-02 18:34 --------- d-----w C:\Program Files\Common Files\Nullsoft
2007-11-02 18:33 --------- d-----w C:\ProgramData\AOL Downloads
2007-10-31 22:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-20 00:56 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-10-20 00:54 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-10-20 00:54 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-10-19 00:29 --------- d-----w C:\Program Files\DWG TrueView 2008
2007-10-19 00:28 --------- d-----w C:\Windows\system32\config\systemprofile\AppData\Roaming\Autodesk
2007-10-19 00:26 --------- d-----w C:\ProgramData\Autodesk
2007-10-18 09:06 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-10-12 19:33 --------- d-----w C:\Program Files\Ruckus Player
2007-10-12 19:32 --------- d-----w C:\Program Files\Bonjour
2007-10-10 21:35 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-10 21:35 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-10 21:35 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-10 21:35 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-10 21:31 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-10 21:31 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-10 21:30 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-10 21:30 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-10 21:30 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-10 21:29 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-03 00:46 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2007-09-12 23:19 8,982,497 ----a-w C:\Users\Lauren\ganttproject-2.0.4.exe
2007-09-05 05:52 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-09-05 05:52 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-09-05 05:52 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-09-05 05:52 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-09-05 05:52 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-09-05 05:52 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-09-05 05:51 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-09-05 05:51 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-09-05 05:51 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-09-05 05:51 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-09-05 05:51 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-09-05 05:51 134,656 ----a-w C:\Windows\System32\dps.dll
2007-09-05 05:51 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-09-05 05:51 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-08-30 20:37 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2007-11-28_21.54.05.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-29 05:11:09 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-12-03 00:53:32 67,584 --s-a-w C:\Windows\bootstat.dat
- 2007-11-27 11:58:11 140,288 ----a-w C:\Windows\catchme.exe
+ 2007-11-27 08:58:11 140,288 ----a-w C:\Windows\catchme.exe
- 2007-11-15 16:30:11 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2007-12-01 01:32:16 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2007-11-15 16:30:06 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2007-12-01 01:32:15 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2007-11-15 16:30:06 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2007-12-01 01:32:16 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2007-12-01 01:28:33 40,960 ----a-r C:\Windows\Installer\{C2C99466-8BD9-48CB-9E36-727E63E5D2F3}\lmtools.9778550C_E26A_4334_B4D1_F54578B97625.exe
+ 2007-12-01 01:18:48 40,960 ----a-r C:\Windows\Installer\{C76FE689-6457-47C9-BACE-AA17060A9813}\lmtools.9778550C_E26A_4334_B4D1_F54578B97625.exe
- 1997-11-19 22:49:58 303,616 ----a-w C:\Windows\IsUninst.exe
+ 1998-07-30 21:51:24 305,152 ----a-w C:\Windows\IsUninst.exe
- 2007-06-17 08:11:58 51,200 ----a-w C:\Windows\NirCmd.exe
+ 2007-06-17 05:11:58 51,200 ----a-w C:\Windows\NirCmd.exe
- 2007-11-28 10:11:07 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-12-02 19:50:50 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-11-29 05:12:56 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-12-03 00:55:36 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2007-11-28 10:11:07 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2007-12-02 19:50:50 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2007-11-29 05:12:50 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-12-03 00:55:42 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2007-11-29 05:13:57 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-03 00:54:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-11-29 05:13:57 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-03 00:54:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-29 05:13:57 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-03 00:54:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-11-29 05:51:08 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2007-12-03 01:00:49 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2005-07-28 16:18:40 685,056 ----a-w C:\Windows\System32\drivers\hardlock.sys
+ 2001-06-22 05:39:02 73,728 ----a-w C:\Windows\System32\drivers\SENTINEL.SYS
+ 2001-06-22 05:39:02 20,032 ----a-r C:\Windows\System32\drivers\SNTNLUSB.SYS
+ 2004-07-06 21:37:44 7,168 ----a-w C:\Windows\System32\DriverStore\FileRepository\akshasp.inf_2dd33527\akscoinst.dll
+ 2005-07-21 02:08:26 327,808 ----a-w C:\Windows\System32\DriverStore\FileRepository\akshasp.inf_2dd33527\akshasp.sys
+ 2005-07-28 16:18:40 685,056 ----a-w C:\Windows\System32\DriverStore\FileRepository\akshasp.inf_2dd33527\hardlock.sys
+ 2005-07-21 02:08:26 104,576 ----a-w C:\Windows\System32\DriverStore\FileRepository\aksusb.inf_88ef79db\aksclass.sys
+ 2005-07-21 02:08:28 100,096 ----a-w C:\Windows\System32\DriverStore\FileRepository\aksusb.inf_88ef79db\aksusb.sys
+ 2007-06-11 21:04:38 190,696 ----a-r C:\Windows\System32\Macromed\Flash\FlashUtil9d.exe
+ 2007-06-11 20:34:34 2,115,816 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32.dll
+ 2007-06-11 20:34:40 190,696 ----a-w C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-11-29 23:21:57 45,218 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_plugin.exe
- 2007-11-29 05:16:39 104,024 ----a-w C:\Windows\System32\perfc009.dat
+ 2007-12-03 01:00:36 104,024 ----a-w C:\Windows\System32\perfc009.dat
- 2007-11-29 05:16:39 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2007-12-03 01:00:36 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2001-06-22 05:39:02 32,768 ----a-r C:\Windows\System32\RNBOSENT\SETUPX86.EXE
+ 2001-06-22 05:39:02 20,032 ----a-r C:\Windows\System32\RNBOSENT\SNTNLUSB.SYS
+ 2005-07-21 02:08:26 104,576 ----a-w C:\Windows\System32\setup\aladdin\hasphl\aksclass.sys
+ 2004-07-06 21:37:44 7,168 ----a-w C:\Windows\System32\setup\aladdin\hasphl\akscoinst.dll
+ 2005-07-21 02:08:26 327,808 ----a-w C:\Windows\System32\setup\aladdin\hasphl\akshasp.sys
+ 2005-07-21 02:08:28 100,096 ----a-w C:\Windows\System32\setup\aladdin\hasphl\aksusb.sys
+ 2005-07-28 16:18:40 685,056 ----a-w C:\Windows\System32\setup\aladdin\hasphl\hardlock.sys
- 2007-07-23 02:39:27 279,552 ----a-w C:\Windows\System32\swreg.exe
+ 2007-07-22 23:39:27 279,552 ----a-w C:\Windows\System32\swreg.exe
- 2007-11-29 05:12:59 7,052 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2876608432-483462828-314405990-1000_UserData.bin
+ 2007-12-03 00:56:11 7,084 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2876608432-483462828-314405990-1000_UserData.bin
- 2007-11-29 05:12:59 66,522 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-03 00:56:10 66,842 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-11-29 05:21:28 43,486 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-12-03 00:55:45 43,976 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 07:35]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-31 13:04]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-04 17:26]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-04 17:26]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-04 17:26]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 15:37]
"SigmatelSysTrayApp"="sttray.exe" [2007-01-30 14:36 C:\Windows\sttray.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 17:58]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-03 16:13]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-31 12:50]
"NapsterShell"="C:\Program Files\Napster\napster.exe" []
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 18:04]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 19:12]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 08:34]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 08:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 16:42]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS
R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S.SYS
S3 GameConsoleService;GameConsoleService;"C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe"
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
LPDService LPDSVC

.
Contents of the 'Scheduled Tasks' folder
"2007-11-29 21:17:32 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 2015
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-02 20:07:28
C:\ComboFix2.txt ... 2007-11-29 01:03
.
--- E O F ---

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:08:10 PM, on 11/28/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=T-6815
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=PTB&M=T-6815
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: IE Custom Tools - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thi...wnloadCtrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Thank you so much, hope this helps :)
lgr2115 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-02-2007, 07:31 PM   #4 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: my computer's infected with icmntr.exe
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote:


Folder::
C:\Program Files\Video Add-on
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe

Restart your computer.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-03-2007, 02:55 PM   #5 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 5
OS: windows vista


Re: my computer's infected with icmntr.exe
Here are the logs:

ComboFix:

ComboFix 07-11-29.3 - Lauren 2007-12-03 16:41:58.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.311 [GMT -5:00]
Running from: C:\Users\Lauren\Desktop\ComboFix.exe
Command switches used :: C:\Users\Lauren\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-02 19:52 . 2007-12-02 19:52 1,375,449 --a------ C:\SDFix.zip
2007-12-01 17:48 . 2007-12-01 17:48 <DIR> d-------- C:\Users\All Users\GoBit Games
2007-12-01 17:48 . 2007-12-01 17:48 <DIR> d-------- C:\ProgramData\GoBit Games
2007-12-01 17:47 . 2007-12-02 17:36 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-11-30 20:31 . 2007-12-02 23:50 8,405,015 --a------ C:\Windows\TempFile
2007-11-30 20:30 . 2007-11-30 20:30 <DIR> d-------- C:\Windows\System32\RNBOSENT
2007-11-30 20:30 . 2001-06-22 00:39 49,664 --a------ C:\Windows\System32\SNTI386.DLL
2007-11-30 20:30 . 2001-06-22 00:39 18,432 --a------ C:\Windows\System32\RNBOVDD.DLL
2007-11-30 20:30 . 2001-06-22 00:39 9,949 --------- C:\Windows\System32\SENTINEL.HLP
2007-11-30 20:21 . 2007-11-30 20:21 <DIR> d-------- C:\Program Files\Alias
2007-11-30 20:16 . 2007-11-30 20:18 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
2007-11-30 20:16 . 2007-11-30 20:35 <DIR> d-------- C:\FLEXM
2007-11-15 11:23 . 2007-11-15 11:23 2,923,520 --a------ C:\Windows\explorer.exe
2007-11-08 17:46 . 2007-11-08 17:46 <DIR> d-------- C:\Users\All Users\HipSoft
2007-11-08 17:46 . 2007-11-08 17:46 <DIR> d-------- C:\ProgramData\HipSoft
2007-11-08 00:53 . 2007-11-08 00:53 <DIR> d-------- C:\Users\All Users\Escape From Paradise
2007-11-08 00:53 . 2007-11-08 00:53 <DIR> d-------- C:\ProgramData\Escape From Paradise
2007-11-07 23:13 . 2007-11-07 23:13 <DIR> d-------- C:\Users\All Users\Trymedia
2007-11-07 23:13 . 2007-11-07 23:13 <DIR> d-------- C:\ProgramData\Trymedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 01:49 --------- d-----w C:\Program Files\DivX
2007-12-02 00:11 --------- d-----w C:\ProgramData\PlayFirst
2007-12-01 22:09 --------- d-----w C:\Program Files\GanttProject
2007-12-01 21:43 --------- d-----w C:\Program Files\Samurize
2007-12-01 01:16 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-11-29 05:25 --------- d-----w C:\Program Files\Norton Security Scan
2007-11-29 05:24 --------- d-----w C:\Program Files\SIFXINST
2007-11-28 04:42 --------- d-----w C:\ProgramData\WildTangent
2007-11-25 05:45 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-15 16:23 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 16:23 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-15 16:23 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-15 16:23 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-15 16:23 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-15 16:23 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-11-15 16:23 3,471,032 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-15 16:23 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-15 16:23 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-15 16:23 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-15 16:23 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-15 16:23 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-15 16:23 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-15 16:23 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-15 16:22 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-15 16:19 --------- d-----w C:\Program Files\Windows Mail
2007-11-02 20:00 --------- d-----w C:\Program Files\iTunes
2007-11-02 20:00 --------- d-----w C:\Program Files\iPod
2007-11-02 19:44 --------- d-----w C:\ProgramData\McAfee
2007-11-02 19:44 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-02 19:44 --------- d-----w C:\Program Files\AIM
2007-11-02 18:35 --------- d-----w C:\ProgramData\AOL OCP
2007-11-02 18:35 --------- d-----w C:\ProgramData\AOL
2007-11-02 18:35 --------- d-----w C:\Program Files\AIM6
2007-11-02 18:34 --------- d-----w C:\Program Files\Common Files\Nullsoft
2007-11-02 18:33 --------- d-----w C:\ProgramData\AOL Downloads
2007-10-31 22:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-20 00:56 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2007-10-20 00:56 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\Windows\System32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-10-19 00:29 --------- d-----w C:\Program Files\DWG TrueView 2008
2007-10-19 00:28 --------- d-----w C:\Windows\system32\config\systemprofile\AppData\Roaming\Autodesk
2007-10-19 00:26 --------- d-----w C:\ProgramData\Autodesk
2007-10-18 09:06 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-10-12 19:33 --------- d-----w C:\Program Files\Ruckus Player
2007-10-12 19:32 --------- d-----w C:\Program Files\Bonjour
2007-10-10 21:35 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-10 21:35 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-10 21:35 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-10 21:35 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-10 21:31 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-10-10 21:31 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-10-10 21:30 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-10 21:30 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-10 21:30 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-10-10 21:29 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-03 00:46 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2007-09-12 23:19 8,982,497 ----a-w C:\Users\Lauren\ganttproject-2.0.4.exe
2007-09-05 05:52 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-09-05 05:52 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-09-05 05:52 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-09-05 05:52 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-09-05 05:52 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-09-05 05:52 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-09-05 05:51 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-09-05 05:51 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-09-05 05:51 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-09-05 05:51 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-09-05 05:51 15,360 ----a-w C:\Windows\System32\pacerprf.dll
2007-09-05 05:51 134,656 ----a-w C:\Windows\System32\dps.dll
2007-09-05 05:51 13,824 ----a-w C:\Windows\System32\wshqos.dll
2007-09-05 05:51 13,824 ----a-w C:\Windows\System32\icsunattend.exe
2007-08-30 20:37 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2007-12-02_20.06.31.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-03 00:53:32 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-12-03 13:15:52 67,584 --s-a-w C:\Windows\bootstat.dat
- 2007-12-03 00:55:36 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2007-12-03 04:52:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2007-12-03 00:55:42 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2007-12-03 04:52:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2007-12-03 00:54:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-03 02:00:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-03 00:54:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-03 02:00:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-03 00:54:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-03 02:00:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-03 01:00:36 104,024 ----a-w C:\Windows\System32\perfc009.dat
+ 2007-12-03 04:56:35 104,024 ----a-w C:\Windows\System32\perfc009.dat
- 2007-12-03 01:00:36 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2007-12-03 04:56:35 618,648 ----a-w C:\Windows\System32\perfh009.dat
- 2007-12-03 00:56:11 7,084 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2876608432-483462828-314405990-1000_UserData.bin
+ 2007-12-03 04:53:28 7,488 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2876608432-483462828-314405990-1000_UserData.bin
- 2007-12-03 00:56:10 66,842 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-03 04:53:27 66,978 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-12-03 00:55:45 43,976 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-12-03 04:52:32 44,032 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 07:35]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-31 13:04]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-04-04 17:26]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-04 17:26]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-04 17:26]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 15:37]
"SigmatelSysTrayApp"="sttray.exe" [2007-01-30 14:36 C:\Windows\sttray.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 17:58]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-03 16:13]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-31 12:50]
"NapsterShell"="C:\Program Files\Napster\napster.exe" []
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 18:04]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 19:12]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 08:34]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 08:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 16:42]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS
R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S.SYS
S3 GameConsoleService;GameConsoleService;"C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe"
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
LPDService LPDSVC

.
Contents of the 'Scheduled Tasks' folder
"2007-11-29 21:17:32 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 16:46:53
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 16:47:56
C:\ComboFix2.txt ... 2007-12-02 20:07
C:\ComboFix3.txt ... 2007-11-29 01:03
.
--- E O F ---

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:08:10 PM, on 11/28/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.h...s=PTB&M=T-6815
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...s=PTB&M=T-6815
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - C:\Program Files\Video Add-on\isfmdl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: IE Custom Tools - {EFAF6EA3-615D-4F83-8748-2F7A576FCEA6} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thi...wnloadCtrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Thanks again
lgr2115 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-03-2007, 03:21 PM   #6 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: my computer's infected with icmntr.exe
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - C:\Program Files\Video Add-on\isfmdl.dll

==================

Go to http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-03-2007, 07:45 PM   #7 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 5
OS: windows vista


Re: my computer's infected with icmntr.exe
When I did the HijackThis scan, the thing you told me to check wasn't there. I'm not sure what to do, but I did the online scan anyways, and here's the file:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, December 03, 2007 9:42:37 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/12/2007
Kaspersky Anti-Virus database records: 471534
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 142978
Number of viruses found: 1
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 01:48:42

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Gateway_Specific.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Gateway_Specific_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Gateway_Specific_Vista.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Gateway_Specific_Vista_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Microsoft_Security.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Microsoft_Security_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Other.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Urgent.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.ilg Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1d19398af453166ff163389b3296b2b8_31fba4a9-f979-4b29-8b39-84e4bf48d861 Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.bak Object is locked skipped
C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\28F1216B.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\5893F8C8.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtETmp\7EBFBCDF.TMP Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BB80000\4FFD86C4.VBN Object is locked skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD0002F.VBN Object is locked skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00030.VBN Object is locked skipped
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD00031.VBN Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\dbc2e.ht1 Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\dbdam Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\dbdao Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\dbeam Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\dbeao Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\dbm Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\dbu2d.ht1 Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\dbvm.cf1 Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\dbvmh.ht1 Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\fii.cf1 Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\fiih.ht1 Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\hp Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\hpt2i.ht1 Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\rpm.cf1 Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\rpm1m.cf1 Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\rpm1mh.ht1 Object is locked skipped
C:\Users\Lauren\AppData\Local\Google\Google Desktop\b7a8e2850f1b\rpmh.ht1 Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\TEMPOR~1\Content.IE5\index.dat Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\TEMPOR~1\Content.MSO\msoD5C8.tmp Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\TEMPOR~1\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\TEMPOR~1\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoD5C8.tmp Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\UsrClass.dat{4cb71bf7-4839-11dc-a39f-001b7726eff2}.TM.blf Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\UsrClass.dat{4cb71bf7-4839-11dc-a39f-001b7726eff2}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows\UsrClass.dat{4cb71bf7-4839-11dc-a39f-001b7726eff2}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows Defender\FileTracker\{8DAE28E7-DCBB-4D9C-8A3B-74C72EA30461} Object is locked skipped
C:\Users\Lauren\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Lauren\AppData\Local\Mozilla\Firefox\Profiles\8js13yhh.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Lauren\AppData\Local\Mozilla\Firefox\Profiles\8js13yhh.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Lauren\AppData\Local\Mozilla\Firefox\Profiles\8js13yhh.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Lauren\AppData\Local\Mozilla\Firefox\Profiles\8js13yhh.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Lauren\AppData\Local\Temp\ppt393D.tmp Object is locked skipped
C:\Users\Lauren\AppData\Local\Temp\~DF4769.tmp Object is locked skipped
C:\Users\Lauren\AppData\Local\Temp\~DF729F.tmp Object is locked skipped
C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Lauren\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\8js13yhh.default\cert8.db Object is locked skipped
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\8js13yhh.default\history.dat Object is locked skipped
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\8js13yhh.default\key3.db Object is locked skipped
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\8js13yhh.default\parent.lock Object is locked skipped
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\8js13yhh.default\search.sqlite Object is locked skipped
C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\8js13yhh.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Lauren\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\50c2ce60-2c4848ac/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Users\Lauren\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\50c2ce60-2c4848ac/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Users\Lauren\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\50c2ce60-2c4848ac/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Users\Lauren\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\50c2ce60-2c4848ac ZIP: infected - 3 skipped
C:\Users\Lauren\NTUSER.DAT Object is locked skipped
C:\Users\Lauren\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Lauren\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Lauren\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Lauren\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Lauren\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\TempFile Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.


Thanks
lgr2115 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-03-2007, 09:36 PM   #8 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Re: my computer's infected with icmntr.exe
Just this bit of a cleanup and we are done...


Clear the Java Runtime Environment (JRE) cache:


Click Start > Control Panel.

Double-click the Java icon in the control panel.
-The Java Control Panel appears.

Click Settings under Temporary Internet Files.
-The Temporary Files Settings dialog box appears.

Click Delete Files.
-The Delete Temporary Files dialog box appears.
-There are three options on this window to clear the cache.


Delete Files

View Applications

View Applets


Click OK on Delete Temporary Files window.
-Note: This deletes all the Downloaded Applications and Applets from the cache.

Click OK on Temporary Files Settings window.

Close the Java Control Panel

==================

This will clear away any of the files and folders that were created by ComboFix.

Go to :
Start > Run then copy and paste the following highlighted text below and click OK.

Quote:

ComboFix /u
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-04-2007, 09:16 AM   #9 (permalink)
Registered User
 
Join Date: Nov 2007
Posts: 5
OS: windows vista


Re: my computer's infected with icmntr.exe
awesome...thank you so much!!!!! you were a huge help :)
lgr2115 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:15 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85