-
February 22nd, 2006, 01:37 AM
#1
Junior Member
Found this in Hj this
Found this in Hj this and then googled it but found nothing, what the... c:\windows\system32\ikayyc.exe reg_run. It may b something that windows needs but the google search found nothing on the web. curious!?!
Does anyone know what this is?
Such is life,
- Ned kelly
-
February 22nd, 2006, 02:14 AM
#2
www.hijackthis.de
c:\windows\system32\ikayyc.exe - Unknown - Check with an antivirus scanner
I'll do some more checking but...
cheers
Please go ahead and post your whole hijack this log. It may be related to something like betterinternet, aurora, etc.
Connection refused, try again later.
-
February 22nd, 2006, 02:41 AM
#3
Junior Member
Logfile of HijackThis v1.99.1
Scan saved at 12:34:12 PM, on 22/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Margaret\My Documents\Hijack this ad remover\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.optusnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ikayyc.exe reg_run
O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094285104671
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
There it is. I hope its in there some where & thnx for the quick reply Relyt
[winsync]c:\windows\system32\ikayyc.exe reg_run , deos the [winsync] have anything to do with windows ?
Such is life,
- Ned kelly
-
February 22nd, 2006, 03:02 AM
#4
Good Evening
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\ikayyc.exe reg_run
Can't find anything on ikayyc.exe, however looking at the whole line, I can tell you that "winsync"
is an application that keeps your clock up to date by comparing it to online sources.
It would be interesting to have your firewall not allow an outbound connection on it and then if it asks permission, see where it attempts to connect to.
cheers
Connection refused, try again later.
-
February 22nd, 2006, 04:06 AM
#5
Actually, I ran your HJT log through hjt.iamnotageek.com, and here are the results: http://hjt.iamnotageek.com/parse.php?log=182804
When I hovered over the one you specified it says that winsync is added by a variant of the qoologic trojan, but it also says to investigate further. Why don't you try running an online AV see if you have any trojans by any chance.
WARNING: THIS SIGNATURE IS SHAREWARE PLEASE REGISTER THIS SIGNATURE BY SENDING ME MONEY TO SEE THE COMPLETE SIGNATURE!
-
February 22nd, 2006, 04:45 AM
#6
Did you install the Precision Time application? That may be part of the problem. In any case, I'd be going into the Add/Remove Programs and getting rid of some things that weren't necessary, just in case.
The Yahoo Toolbar may be enabling some naughty behaviors.
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
You can kill that. It is just the nagging reminder to update or register your Creative Labs stuff. Killable.
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
You have some third-party USB drivers not supported by Windows?????
http://www.liutilities.com/products/...rary/sisusbrg/
http://www.liutilities.com/products/...brary/keyhook/
Is this some Acer hardware attached to the system? Or, maybe your DSL/Cable modem driver support?
Looks like you have some good things in the system, but you may have some stuff that needs cleaning out.
A safe-mode virus and spyware scan would be in the cards.
-
February 22nd, 2006, 08:39 AM
#7
Description:
WinSync.exe is a time synchronization software from Truetime. This process will synchronize your computer's clock by accessing the Internet with time servers. This is a non-essential process. Disabling or enabling this is down to user preference
winsync.exe (WinSync) - Details
The winsync.exe process will keep the clock on your computer accurate by checking it against multiple sources on the internet. If you find this function useful you should leave this process running.
winsync.exe is an application that does NOT appear to be a security risk
The Spy Bot database currently registers winsync.exe to TrueTime Winsync.
Whenever you have a concern about a file like winsync.exe, feel free to visit our free spyware removal page to help verify your file is not a security risk.
The Spy Bot database is updated often, but inaccuracies may still exist, often caused by viruses named after valid files such as WinSync. Always verify your results just to play it safe.
Why do you want a time sync prog? when windows already has the service installed..oh and half the crapware just puts a icon in the tray and activates the WIn32 time service .. and charge you for the pleasure.. (not talking about the Spyware crap yet)
so the Winsync seems clear.. I would recommend at having a look at where it is on your hdd..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
February 22nd, 2006, 09:55 AM
#8
Junior Member
Greetings to all thank you 4 your time
Yes this is a Acer T310 and it is my mums,i have been cleaning it out for a couple o days.
The fact that it is Acer that would explain the non windows supported USB drivers but will it also explain the winsync prog as neither of us installed it.
But then wouldn't we know what it is
Gonna get rid of the updreg.exe
I am going to do an online scan, any recomendations?
I have been to the link supplied by Raion:very helpfull, Much obliged.
It has not tried to acess the net since i blocked the thing .
if only it would ,then i'd know more.
It appears that i might be looking at nothing but u never know!
winsync i had figured out but thought it (the prog) might have been trying to mask itself like
under winsync like Isass.exe & lsass.exe,hence the post, i have looked a bit before i leaped
and am still looking.
Thanx
Matt
P.S am gonna try Panda O/L scan and see what happens!
Such is life,
- Ned kelly
-
February 22nd, 2006, 01:24 PM
#9
Junior Member
Well it appears that it was some sort of pest and the tea timer on SB S&D scared it away.
I have been losing faith in spybot but on install on this pc,ikayyc.exe reg_run got outa dodge
real smart.
Sorry for wasting everybodies time and thanks for all the input,
i didn't run spybot because i keep getting an error in the scan on my home pc,and Hjt cant see anything,
but i think that will take some more investigation b4 i post on that one
but spybot did the job here.
Relyt,Raion&Rapier57
Cheers guys
gratefully
Matt
Such is life,
- Ned kelly
-
February 23rd, 2006, 04:44 AM
#10
Junior Member
Its still there and i have deleted it with Hjt and when i booted up,spybot tea timer tells me that the old datails are being deleted with no new data to replace it,I ask it to remember the the decision but as soon as i scan it is back.
The only thing i havent done is a clean in safe mode.
Which i will do now.
Cant find it on the hard drive either?????????
Such is life,
- Ned kelly
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|