Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Windows Security Alert-crssr?


  • Please log in to reply
6 replies to this topic

#1 Guest_knoxvillejag_*

Guest_knoxvillejag_*

  • Guests
  • OFFLINE
  •  

Posted 07 September 2007 - 07:12 AM

First--This is a work computer and I can not enter safe mode! I have run spybot sd and adaware, and deleted everthing they identified.

Any help with this log is greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:56 AM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\Citrix\ICACLI~1\ssonsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\merck connectivity analyzer\mca.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\oracle\Ora_Client\bin\omtsreco.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\CcmWindow\CcmWindow.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\WINDOWS\system32\Wnex7DO.exe
C:\Program Files\AClient\Bin\XCDiffCache.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpPenMon.exe
C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\AClient\Bin\XCGSTask.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Connected\CBSysTray.exe
C:\WINDOWS\Temporary Internet Files\Content.IE5\0DO14BAD\stinger[1].exe
C:\WINDOWS\explorer.exe
c:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\NIZINSKI\Desktop\SECURITY STUFF\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.merck.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.merck.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Merck & Co., Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://fsnetprd.merck.com/proxy/uszo/fsconfig.ins
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Watcher-WatchDog] C:\WINDOWS\system32\Wnex7DO.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Afaria Client File Differencing] C:\Program Files\AClient\Bin\XCDiffCache.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpPenMon] TpPenMon.exe
O4 - HKLM\..\Run: [IBMTBCTL] "C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE" /r
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WMPfix] C:\Core\Install\apps\WMPfix\WMPfix.exe
O4 - HKLM\..\Run: [UserSettings] C:\FTS\UTILS\UserSettings.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKLM\..\RunOnce: [capset] cmd.exe /c set > c:\core\utils\set.txt
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DoNotDelete] C:\WINDOWS\system32\explore.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\RunOnce: [My Computer] C:\core\install\apps\MYComputer\MYComputer.EXE
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: info.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Afaria Client Generic Scheduler.lnk = C:\Program Files\AClient\Bin\XCGSTask.exe
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: info.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://my.merck.com
O15 - Trusted Zone: *.adp.com
O15 - Trusted Zone: *.aeat.es
O15 - Trusted Zone: aim.airplus.com
O15 - Trusted Zone: blicdb.banyu.co.jp
O15 - Trusted Zone: cdi.banyu.co.jp
O15 - Trusted Zone: home.banyu.co.jp
O15 - Trusted Zone: homedb.banyu.co.jp
O15 - Trusted Zone: *.bizkaia.net
O15 - Trusted Zone: merck-db.buckwebsolutions.com
O15 - Trusted Zone: *.digsigtrust.com
O15 - Trusted Zone: *.easymatch.com
O15 - Trusted Zone: *.ezdrug.kfda.go.kr
O15 - Trusted Zone: *.global-serve.com
O15 - Trusted Zone: Imsrxfocus.Imshealth.com
O15 - Trusted Zone: ftp.ingenixps.com
O15 - Trusted Zone: online.invokesolutions.com
O15 - Trusted Zone: *.izenpe.com
O15 - Trusted Zone: *.kfda.go.kr
O15 - Trusted Zone: *.medproid.com
O15 - Trusted Zone: apcrnprd.merck.com
O15 - Trusted Zone: apcrntst.merck.com
O15 - Trusted Zone: apss.merck.com
O15 - Trusted Zone: apss-it.merck.com
O15 - Trusted Zone: apss-ut.merck.com
O15 - Trusted Zone: ariba.merck.com
O15 - Trusted Zone: ariba-ut.merck.com
O15 - Trusted Zone: brdocpr1.merck.com
O15 - Trusted Zone: camtaphhbi.merck.com
O15 - Trusted Zone: camtaphhbi3.merck.com
O15 - Trusted Zone: CAMTAPHHBI4.merck.com
O15 - Trusted Zone: CAMTAPHHBI5.merck.com
O15 - Trusted Zone: cdpdev1.merck.com
O15 - Trusted Zone: cdppro1.merck.com
O15 - Trusted Zone: cdppro2.merck.com
O15 - Trusted Zone: CDPPRO3.merck.com
O15 - Trusted Zone: cdptime.merck.com
O15 - Trusted Zone: cdptrl1.merck.com
O15 - Trusted Zone: clm.merck.com
O15 - Trusted Zone: clm-it.merck.com
O15 - Trusted Zone: cognos8.merck.com
O15 - Trusted Zone: cognos8dev.merck.com
O15 - Trusted Zone: cognos8test.merck.com
O15 - Trusted Zone: cognosap73.merck.com
O15 - Trusted Zone: cognoscb.merck.com
O15 - Trusted Zone: cognosdv7.merck.com
O15 - Trusted Zone: cognosit7.merck.com
O15 - Trusted Zone: cognospr7.merck.com
O15 - Trusted Zone: CRNLOAD.merck.com
O15 - Trusted Zone: crnstn.merck.com
O15 - Trusted Zone: crntest.merck.com
O15 - Trusted Zone: crse0a10.merck.com
O15 - Trusted Zone: ecd.merck.com
O15 - Trusted Zone: EntProjMan.merck.com
O15 - Trusted Zone: EntProjMan-tr.merck.com
O15 - Trusted Zone: EntProjMan-ut.merck.com
O15 - Trusted Zone: epm.merck.com
O15 - Trusted Zone: epm-ut.merck.com
O15 - Trusted Zone: eRoom.merck.com
O15 - Trusted Zone: eRoomNA.merck.com
O15 - Trusted Zone: eRoomtest.merck.com
O15 - Trusted Zone: fermcell.merck.com
O15 - Trusted Zone: finance.merck.com
O15 - Trusted Zone: finance2.merck.com
O15 - Trusted Zone: home.merck.com
O15 - Trusted Zone: icts.merck.com
O15 - Trusted Zone: ictsdev.merck.com
O15 - Trusted Zone: ictsqa.merck.com
O15 - Trusted Zone: ictstr.merck.com
O15 - Trusted Zone: jbtbsa.merck.com
O15 - Trusted Zone: mercktrials.merck.com
O15 - Trusted Zone: mercktrials-dev.merck.com
O15 - Trusted Zone: mercktrials-int.merck.com
O15 - Trusted Zone: mercktrials-uat.merck.com
O15 - Trusted Zone: midascds.merck.com
O15 - Trusted Zone: midascdsap.merck.com
O15 - Trusted Zone: midascdsaptest.merck.com
O15 - Trusted Zone: Midascdsdev.merck.com
O15 - Trusted Zone: midascdsemea.merck.com
O15 - Trusted Zone: midascdsemeatest.merck.com
O15 - Trusted Zone: Midascdstest.merck.com
O15 - Trusted Zone: Midascdsuat.merck.com
O15 - Trusted Zone: midasdm.merck.com
O15 - Trusted Zone: Midasdmdev.merck.com
O15 - Trusted Zone: Midasdmtest.merck.com
O15 - Trusted Zone: Midasdmuat.merck.com
O15 - Trusted Zone: midastmf.merck.com
O15 - Trusted Zone: Midastmfdev.merck.com
O15 - Trusted Zone: Midastmftest.merck.com
O15 - Trusted Zone: Midastmfuat.merck.com
O15 - Trusted Zone: mmdqpmods.merck.com
O15 - Trusted Zone: mmdqpmods-ut.merck.com
O15 - Trusted Zone: msc.merck.com
O15 - Trusted Zone: msc-ut.merck.com
O15 - Trusted Zone: msdtrials.merck.com
O15 - Trusted Zone: msdtrials-dev.merck.com
O15 - Trusted Zone: msdtrials-int.merck.com
O15 - Trusted Zone: msdtrials-uat.merck.com
O15 - Trusted Zone: my.merck.com
O15 - Trusted Zone: my-ut.merck.com
O15 - Trusted Zone: myCDP.merck.com
O15 - Trusted Zone: myCDP2.merck.com
O15 - Trusted Zone: omcadm.merck.com
O15 - Trusted Zone: omcadm-it.merck.com
O15 - Trusted Zone: omcadm-ut.merck.com
O15 - Trusted Zone: ondemand.merck.com
O15 - Trusted Zone: onewebauthor.merck.com
O15 - Trusted Zone: onewebdevauthor.merck.com
O15 - Trusted Zone: onewebtestauthor.merck.com
O15 - Trusted Zone: peopledirect.merck.com
O15 - Trusted Zone: print.merck.com
O15 - Trusted Zone: projects.merck.com
O15 - Trusted Zone: projectserver.merck.com
O15 - Trusted Zone: prrpl379.merck.com
O15 - Trusted Zone: ryt09200.merck.com
O15 - Trusted Zone: sharepoint.merck.com
O15 - Trusted Zone: softwareondemand.merck.com
O15 - Trusted Zone: teamsites.merck.com
O15 - Trusted Zone: triappli.merck.com
O15 - Trusted Zone: tridata.merck.com
O15 - Trusted Zone: trifmj.merck.com
O15 - Trusted Zone: trihome.merck.com
O15 - Trusted Zone: trimol.merck.com
O15 - Trusted Zone: trioas.merck.com
O15 - Trusted Zone: tripharm.merck.com
O15 - Trusted Zone: usctap0111.merck.com
O15 - Trusted Zone: usctap0112.merck.com
O15 - Trusted Zone: usctap0174a.merck.com
O15 - Trusted Zone: usctap0329.merck.com
O15 - Trusted Zone: ushhis.merck.com
O15 - Trusted Zone: ushhis-it.merck.com
O15 - Trusted Zone: ushhis-uat.merck.com
O15 - Trusted Zone: usmedsa.merck.com
O15 - Trusted Zone: usmedsa-it.merck.com
O15 - Trusted Zone: usmedsa-uat.merck.com
O15 - Trusted Zone: USRYAP0007.merck.com
O15 - Trusted Zone: usseap0005.merck.com
O15 - Trusted Zone: uswpap0083.merck.com
O15 - Trusted Zone: uswpap0186.merck.com
O15 - Trusted Zone: uswpap0187.merck.com
O15 - Trusted Zone: uswpap0188.merck.com
O15 - Trusted Zone: uswsap0137.merck.com
O15 - Trusted Zone: uswsap0138.merck.com
O15 - Trusted Zone: uswsap0182.merck.com
O15 - Trusted Zone: uswsap0188.merck.com
O15 - Trusted Zone: uswsap0358.merck.com
O15 - Trusted Zone: uswsap0362.merck.com
O15 - Trusted Zone: uswsap0363.merck.com
O15 - Trusted Zone: uswsap0416.merck.com
O15 - Trusted Zone: uswsap0419.merck.com
O15 - Trusted Zone: uswsap0462.merck.com
O15 - Trusted Zone: uxwsdv07.merck.com
O15 - Trusted Zone: uxwspr03.merck.com
O15 - Trusted Zone: uxwspr07.merck.com
O15 - Trusted Zone: webcast.merck.com
O15 - Trusted Zone: webcast-it.merck.com
O15 - Trusted Zone: webcastcorp.merck.com
O15 - Trusted Zone: webcastcorp-it.merck.com
O15 - Trusted Zone: webcastmmd.merck.com
O15 - Trusted Zone: webcastmmd-it.merck.com
O15 - Trusted Zone: webcastmrl.merck.com
O15 - Trusted Zone: webcastmrl-it.merck.com
O15 - Trusted Zone: webcastushh.merck.com
O15 - Trusted Zone: webcastushh-it.merck.com
O15 - Trusted Zone: webconfig.merck.com
O15 - Trusted Zone: webconfig-it.merck.com
O15 - Trusted Zone: webinstall.merck.com
O15 - Trusted Zone: webinstallxp.merck.com
O15 - Trusted Zone: wf1.merck.com
O15 - Trusted Zone: wf2.merck.com
O15 - Trusted Zone: wf3.merck.com
O15 - Trusted Zone: wf4.merck.com
O15 - Trusted Zone: wf6.merck.com
O15 - Trusted Zone: wf7.merck.com
O15 - Trusted Zone: *.merckp4g.com
O15 - Trusted Zone: *.mercktrials.com
O15 - Trusted Zone: *.msdcareers.com
O15 - Trusted Zone: *.msdtrials.com
O15 - Trusted Zone: *.outtask.com
O15 - Trusted Zone: *.paysonnel.com
O15 - Trusted Zone: myproject.quintiles.com
O15 - Trusted Zone: www.dms1.sensitechdms.com
O15 - Trusted Zone: merck.sumtotalsystems.com
O15 - Trusted Zone: totalrm.sumtotalsystems.com
O15 - Trusted Zone: *.taleo.net
O15 - Trusted Zone: meetings.teliris.com
O15 - Trusted Zone: *.webex.com
O15 - Trusted Zone: *.zapper.net
O15 - Trusted Zone: *.adp.com (HKLM)
O15 - Trusted Zone: *.aeat.es (HKLM)
O15 - Trusted Zone: aim.airplus.com (HKLM)
O15 - Trusted Zone: blicdb.banyu.co.jp (HKLM)
O15 - Trusted Zone: cdi.banyu.co.jp (HKLM)
O15 - Trusted Zone: home.banyu.co.jp (HKLM)
O15 - Trusted Zone: homedb.banyu.co.jp (HKLM)
O15 - Trusted Zone: *.bizkaia.net (HKLM)
O15 - Trusted Zone: merck-db.buckwebsolutions.com (HKLM)
O15 - Trusted Zone: *.digsigtrust.com (HKLM)
O15 - Trusted Zone: *.easymatch.com (HKLM)
O15 - Trusted Zone: *.ezdrug.kfda.go.kr (HKLM)
O15 - Trusted Zone: *.global-serve.com (HKLM)
O15 - Trusted Zone: Imsrxfocus.Imshealth.com (HKLM)
O15 - Trusted Zone: ftp.ingenixps.com (HKLM)
O15 - Trusted Zone: online.invokesolutions.com (HKLM)
O15 - Trusted Zone: *.izenpe.com (HKLM)
O15 - Trusted Zone: *.kfda.go.kr (HKLM)
O15 - Trusted Zone: *.medproid.com (HKLM)
O15 - Trusted Zone: apcrnprd.merck.com (HKLM)
O15 - Trusted Zone: apcrntst.merck.com (HKLM)
O15 - Trusted Zone: apss.merck.com (HKLM)
O15 - Trusted Zone: apss-it.merck.com (HKLM)
O15 - Trusted Zone: apss-ut.merck.com (HKLM)
O15 - Trusted Zone: ariba.merck.com (HKLM)
O15 - Trusted Zone: ariba-ut.merck.com (HKLM)
O15 - Trusted Zone: brdocpr1.merck.com (HKLM)
O15 - Trusted Zone: camtaphhbi.merck.com (HKLM)
O15 - Trusted Zone: camtaphhbi3.merck.com (HKLM)
O15 - Trusted Zone: CAMTAPHHBI4.merck.com (HKLM)
O15 - Trusted Zone: CAMTAPHHBI5.merck.com (HKLM)
O15 - Trusted Zone: cdpdev1.merck.com (HKLM)
O15 - Trusted Zone: cdppro1.merck.com (HKLM)
O15 - Trusted Zone: cdppro2.merck.com (HKLM)
O15 - Trusted Zone: CDPPRO3.merck.com (HKLM)
O15 - Trusted Zone: cdptime.merck.com (HKLM)
O15 - Trusted Zone: cdptrl1.merck.com (HKLM)
O15 - Trusted Zone: clm.merck.com (HKLM)
O15 - Trusted Zone: clm-it.merck.com (HKLM)
O15 - Trusted Zone: cognos8.merck.com (HKLM)
O15 - Trusted Zone: cognos8dev.merck.com (HKLM)
O15 - Trusted Zone: cognos8test.merck.com (HKLM)
O15 - Trusted Zone: cognosap73.merck.com (HKLM)
O15 - Trusted Zone: cognoscb.merck.com (HKLM)
O15 - Trusted Zone: cognosdv7.merck.com (HKLM)
O15 - Trusted Zone: cognosit7.merck.com (HKLM)
O15 - Trusted Zone: cognospr7.merck.com (HKLM)
O15 - Trusted Zone: CRNLOAD.merck.com (HKLM)
O15 - Trusted Zone: crnstn.merck.com (HKLM)
O15 - Trusted Zone: crntest.merck.com (HKLM)
O15 - Trusted Zone: crse0a10.merck.com (HKLM)
O15 - Trusted Zone: ecd.merck.com (HKLM)
O15 - Trusted Zone: EntProjMan.merck.com (HKLM)
O15 - Trusted Zone: EntProjMan-tr.merck.com (HKLM)
O15 - Trusted Zone: EntProjMan-ut.merck.com (HKLM)
O15 - Trusted Zone: epm.merck.com (HKLM)
O15 - Trusted Zone: epm-ut.merck.com (HKLM)
O15 - Trusted Zone: eRoom.merck.com (HKLM)
O15 - Trusted Zone: eRoomNA.merck.com (HKLM)
O15 - Trusted Zone: eRoomtest.merck.com (HKLM)
O15 - Trusted Zone: fermcell.merck.com (HKLM)
O15 - Trusted Zone: finance.merck.com (HKLM)
O15 - Trusted Zone: finance2.merck.com (HKLM)
O15 - Trusted Zone: home.merck.com (HKLM)
O15 - Trusted Zone: icts.merck.com (HKLM)
O15 - Trusted Zone: ictsdev.merck.com (HKLM)
O15 - Trusted Zone: ictsqa.merck.com (HKLM)
O15 - Trusted Zone: ictstr.merck.com (HKLM)
O15 - Trusted Zone: jbtbsa.merck.com (HKLM)
O15 - Trusted Zone: mercktrials.merck.com (HKLM)
O15 - Trusted Zone: mercktrials-dev.merck.com (HKLM)
O15 - Trusted Zone: mercktrials-int.merck.com (HKLM)
O15 - Trusted Zone: mercktrials-uat.merck.com (HKLM)
O15 - Trusted Zone: midascds.merck.com (HKLM)
O15 - Trusted Zone: midascdsap.merck.com (HKLM)
O15 - Trusted Zone: midascdsaptest.merck.com (HKLM)
O15 - Trusted Zone: Midascdsdev.merck.com (HKLM)
O15 - Trusted Zone: midascdsemea.merck.com (HKLM)
O15 - Trusted Zone: midascdsemeatest.merck.com (HKLM)
O15 - Trusted Zone: Midascdstest.merck.com (HKLM)
O15 - Trusted Zone: Midascdsuat.merck.com (HKLM)
O15 - Trusted Zone: midasdm.merck.com (HKLM)
O15 - Trusted Zone: Midasdmdev.merck.com (HKLM)
O15 - Trusted Zone: Midasdmtest.merck.com (HKLM)
O15 - Trusted Zone: Midasdmuat.merck.com (HKLM)
O15 - Trusted Zone: midastmf.merck.com (HKLM)
O15 - Trusted Zone: Midastmfdev.merck.com (HKLM)
O15 - Trusted Zone: Midastmftest.merck.com (HKLM)
O15 - Trusted Zone: Midastmfuat.merck.com (HKLM)
O15 - Trusted Zone: mmdqpmods.merck.com (HKLM)
O15 - Trusted Zone: mmdqpmods-ut.merck.com (HKLM)
O15 - Trusted Zone: msc.merck.com (HKLM)
O15 - Trusted Zone: msc-ut.merck.com (HKLM)
O15 - Trusted Zone: msdtrials.merck.com (HKLM)
O15 - Trusted Zone: msdtrials-dev.merck.com (HKLM)
O15 - Trusted Zone: msdtrials-int.merck.com (HKLM)
O15 - Trusted Zone: msdtrials-uat.merck.com (HKLM)
O15 - Trusted Zone: my.merck.com (HKLM)
O15 - Trusted Zone: my-ut.merck.com (HKLM)
O15 - Trusted Zone: myCDP.merck.com (HKLM)
O15 - Trusted Zone: myCDP2.merck.com (HKLM)
O15 - Trusted Zone: omcadm.merck.com (HKLM)
O15 - Trusted Zone: omcadm-it.merck.com (HKLM)
O15 - Trusted Zone: omcadm-ut.merck.com (HKLM)
O15 - Trusted Zone: ondemand.merck.com (HKLM)
O15 - Trusted Zone: onewebauthor.merck.com (HKLM)
O15 - Trusted Zone: onewebdevauthor.merck.com (HKLM)
O15 - Trusted Zone: onewebtestauthor.merck.com (HKLM)
O15 - Trusted Zone: peopledirect.merck.com (HKLM)
O15 - Trusted Zone: print.merck.com (HKLM)
O15 - Trusted Zone: projects.merck.com (HKLM)
O15 - Trusted Zone: projectserver.merck.com (HKLM)
O15 - Trusted Zone: prrpl379.merck.com (HKLM)
O15 - Trusted Zone: ryt09200.merck.com (HKLM)
O15 - Trusted Zone: sharepoint.merck.com (HKLM)
O15 - Trusted Zone: softwareondemand.merck.com (HKLM)
O15 - Trusted Zone: teamsites.merck.com (HKLM)
O15 - Trusted Zone: triappli.merck.com (HKLM)
O15 - Trusted Zone: tridata.merck.com (HKLM)
O15 - Trusted Zone: trifmj.merck.com (HKLM)
O15 - Trusted Zone: trihome.merck.com (HKLM)
O15 - Trusted Zone: trimol.merck.com (HKLM)
O15 - Trusted Zone: trioas.merck.com (HKLM)
O15 - Trusted Zone: tripharm.merck.com (HKLM)
O15 - Trusted Zone: usctap0111.merck.com (HKLM)
O15 - Trusted Zone: usctap0112.merck.com (HKLM)
O15 - Trusted Zone: usctap0174a.merck.com (HKLM)
O15 - Trusted Zone: usctap0329.merck.com (HKLM)
O15 - Trusted Zone: ushhis.merck.com (HKLM)
O15 - Trusted Zone: ushhis-it.merck.com (HKLM)
O15 - Trusted Zone: ushhis-uat.merck.com (HKLM)
O15 - Trusted Zone: usmedsa.merck.com (HKLM)
O15 - Trusted Zone: usmedsa-it.merck.com (HKLM)
O15 - Trusted Zone: usmedsa-uat.merck.com (HKLM)
O15 - Trusted Zone: USRYAP0007.merck.com (HKLM)
O15 - Trusted Zone: usseap0005.merck.com (HKLM)
O15 - Trusted Zone: uswpap0083.merck.com (HKLM)
O15 - Trusted Zone: uswpap0186.merck.com (HKLM)
O15 - Trusted Zone: uswpap0187.merck.com (HKLM)
O15 - Trusted Zone: uswpap0188.merck.com (HKLM)
O15 - Trusted Zone: uswsap0137.merck.com (HKLM)
O15 - Trusted Zone: uswsap0138.merck.com (HKLM)
O15 - Trusted Zone: uswsap0182.merck.com (HKLM)
O15 - Trusted Zone: uswsap0188.merck.com (HKLM)
O15 - Trusted Zone: uswsap0358.merck.com (HKLM)
O15 - Trusted Zone: uswsap0362.merck.com (HKLM)
O15 - Trusted Zone: uswsap0363.merck.com (HKLM)
O15 - Trusted Zone: uswsap0416.merck.com (HKLM)
O15 - Trusted Zone: uswsap0419.merck.com (HKLM)
O15 - Trusted Zone: uswsap0462.merck.com (HKLM)
O15 - Trusted Zone: uxwsdv07.merck.com (HKLM)
O15 - Trusted Zone: uxwspr03.merck.com (HKLM)
O15 - Trusted Zone: uxwspr07.merck.com (HKLM)
O15 - Trusted Zone: webcast.merck.com (HKLM)
O15 - Trusted Zone: webcast-it.merck.com (HKLM)
O15 - Trusted Zone: webcastcorp.merck.com (HKLM)
O15 - Trusted Zone: webcastcorp-it.merck.com (HKLM)
O15 - Trusted Zone: webcastmmd.merck.com (HKLM)
O15 - Trusted Zone: webcastmmd-it.merck.com (HKLM)
O15 - Trusted Zone: webcastmrl.merck.com (HKLM)
O15 - Trusted Zone: webcastmrl-it.merck.com (HKLM)
O15 - Trusted Zone: webcastushh.merck.com (HKLM)
O15 - Trusted Zone: webcastushh-it.merck.com (HKLM)
O15 - Trusted Zone: webconfig.merck.com (HKLM)
O15 - Trusted Zone: webconfig-it.merck.com (HKLM)
O15 - Trusted Zone: webinstall.merck.com (HKLM)
O15 - Trusted Zone: webinstallxp.merck.com (HKLM)
O15 - Trusted Zone: wf1.merck.com (HKLM)
O15 - Trusted Zone: wf2.merck.com (HKLM)
O15 - Trusted Zone: wf3.merck.com (HKLM)
O15 - Trusted Zone: wf4.merck.com (HKLM)
O15 - Trusted Zone: wf6.merck.com (HKLM)
O15 - Trusted Zone: wf7.merck.com (HKLM)
O15 - Trusted Zone: *.merckp4g.com (HKLM)
O15 - Trusted Zone: *.mercktrials.com (HKLM)
O15 - Trusted Zone: *.msdcareers.com (HKLM)
O15 - Trusted Zone: *.msdtrials.com (HKLM)
O15 - Trusted Zone: *.outtask.com (HKLM)
O15 - Trusted Zone: *.paysonnel.com (HKLM)
O15 - Trusted Zone: myproject.quintiles.com (HKLM)
O15 - Trusted Zone: www.dms1.sensitechdms.com (HKLM)
O15 - Trusted Zone: merck.sumtotalsystems.com (HKLM)
O15 - Trusted Zone: totalrm.sumtotalsystems.com (HKLM)
O15 - Trusted Zone: *.taleo.net (HKLM)
O15 - Trusted Zone: meetings.teliris.com (HKLM)
O15 - Trusted Zone: *.webex.com (HKLM)
O15 - Trusted Zone: *.zapper.net (HKLM)
O16 - DPF: {CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = merck.com
O17 - HKLM\Software\..\Telephony: DomainName = merck.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{983A66FC-8249-43C3-B830-EE2A728CFE54}: Domain = merck.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{983A66FC-8249-43C3-B830-EE2A728CFE54}: NameServer = 54.48.1.240,54.48.1.239
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3252BEB-FA75-49C5-9D34-8346DB0F0D4B}: NameServer = 69.78.96.14 66.174.95.44
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = merck.com
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Merck Connectivity Analyzer - - c:\program files\merck connectivity analyzer\mca.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\Ora_Client\bin\omtsreco.exe
O23 - Service: OracleOra_Client_HomeClientCache - Unknown owner - C:\oracle\Ora_Client\bin\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE

--
End of file - 28501 bytes

Edited by knoxvillejag, 07 September 2007 - 08:14 AM.


BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  

Posted 07 September 2007 - 08:40 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum knoxvillejag :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 Guest_knoxvillejag_*

Guest_knoxvillejag_*

  • Guests
  • OFFLINE
  •  

Posted 07 September 2007 - 09:31 AM

Richie--thanks for your assistance. Here is the information you requested.

ComboFix 07-09-07 - "Nizinski" 2007-09-07 10:11:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.980 [GMT -4:00]


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_IPPFLT


((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 )))))))))))))))))))))))))))))))


2007-09-07 09:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-07 08:31 4,292 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-07 08:29 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-07 08:29 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-07 08:29 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-07 08:29 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-06 23:30 <DIR> d-------- C:\DOCUME~1\NIZINSKI\APPLIC~1\Uniblue
2007-09-05 22:43 <DIR> d-------- C:\WINDOWS\pss
2007-09-05 20:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-29 19:45 101,339 --a------ C:\WINDOWS\system32\d3d.dll
2007-08-15 20:50 <DIR> d-------- C:\DOCUME~1\NIZINSKI\APPLIC~1\Apple Computer
2007-08-15 19:38 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-15 19:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-07 10:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Merck Connectivity Analyzer
2007-09-07 10:21 --------- d-------- C:\Program Files\Symantec AntiVirus
2007-09-07 09:43 --------- d-------- C:\Program Files\Insight
2007-09-07 09:37 --------- d-------- C:\Program Files\CWController
2007-09-07 09:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FTSCRE
2007-09-05 17:20 --------- d-------- C:\Program Files\Connected
2007-08-15 19:42 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-15 19:42 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-15 19:37 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-24 14:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-26 02:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-12 16:29 86528 --a------ C:\WINDOWS\system32\AutoItX.dll
2007-06-12 14:23 1911 --a------ C:\WINDOWS\system32\SMBIOS.bin


((((((((((((((((((((((((((((( snapshot_2007-09-07_ 95955.98 )))))))))))))))))))))))))))))))))))))))))

----a-w 16,384 2007-09-07 14:18:27 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-07 14:18:27 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-07 14:18:27 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----atw 16,384 2007-09-07 14:19:34 C:\WINDOWS\Temp\Perflib_Perfdata_5d8.dat
----atw 16,384 2007-09-07 14:22:44 C:\WINDOWS\Temp\Perflib_Perfdata_c2c.dat
----a-w 851,968 2007-09-07 14:24:35 C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat
---------
----a-w 16,384 2007-09-07 13:52:37 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-07 13:52:37 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-07 13:52:37 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w 851,968 2007-09-07 13:58:35 C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Distillr\Acrotray.exe" [2006-01-12 20:52]
"Watcher-WatchDog"="C:\WINDOWS\system32\Wnex7DO.exe" [2004-05-20 17:11]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"Afaria Client File Differencing"="C:\Program Files\AClient\Bin\XCDiffCache.exe" [2005-05-23 12:58]
"TrackPointSrv"="tp4serv.exe" [2005-02-18 06:51 C:\WINDOWS\system32\tp4serv.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-03-10 13:16]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 09:19]
"TpPenMon"="TpPenMon.exe" [2005-10-13 22:09 C:\WINDOWS\system32\TpPenMon.exe]
"IBMTBCTL"="C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.exe" [2006-08-14 01:55]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-04-13 04:01]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-13 04:01]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-25 19:03]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 12:33]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-26 22:51]
"WMPfix"="C:\Core\Install\apps\WMPfix\WMPfix.exe" []
"UserSettings"="C:\FTS\UTILS\UserSettings.exe" [2005-10-26 13:47]
"ControlCenter"="C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" [2006-04-25 19:03]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-15 16:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-02-22 08:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" []
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"My Computer"=C:\core\install\apps\MYComputer\MYComputer.EXE

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TabletWizard"=%windir%\help\wizard.hta

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2005-07-07 12:30:29]
Afaria Client Generic Scheduler.lnk - C:\Program Files\AClient\Bin\XCGSTask.exe [2002-07-16 10:39:27]
Connected TaskBar Icon.LNK - C:\Program Files\Connected\CBSysTray.exe [2007-06-12 16:39:42]

C:\DOCUME~1\NIZINSKI\STARTM~1\Programs\Startup\
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2006-05-25 10:38:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"=1 (0x1)
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"=1 (0x1)
"NoResolveSearch"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"NoFavoritesMenu"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"EnforceShellExtensionSecurity"=0 (0x0)
"NoNetConnectDisconnect"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoInstrumentation"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoStartMenuMyMusic"=1 (0x1)
"NoSMMyPictures"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2005-02-03 13:37 24673 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll 2004-08-04 00:56 47104 C:\Program Files\Common Files\Microsoft Shared\INK\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-04-25 19:20 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
TabBtnWL.dll 2002-08-29 03:41 11776 C:\WINDOWS\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 22:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
tpgwlnot.dll 2004-08-04 00:56 30208 C:\WINDOWS\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 19:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe
R2 CcmWindow;SMS Change Window Controller;"C:\WINDOWS\system32\CcmWindow\CcmWindow.exe"
R2 Merck Connectivity Analyzer;Merck Connectivity Analyzer;c:\program files\merck connectivity analyzer\mca.exe
R2 paldrv;paldrv;\??\C:\WINDOWS\system32\pal_drv.sys
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys
R2 SmiHlp;SMI helper driver;\??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys
R3 AtmelTpm;AtmelTpm;C:\WINDOWS\system32\DRIVERS\AtmelTpm.sys
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys
R3 HBtnKey;IBM Tablet PC Keyboard Buttons HID Driver;C:\WINDOWS\system32\DRIVERS\tkbtnpn.sys
R3 prepdrvr;SMS Process Event Driver;\??\C:\WINDOWS\system32\CCM\prepdrv.sys
R3 pwi_bus;Curitel PC Card Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\pwi_bus.sys
R3 pwi_mdfl;Curitel PC Card Filter;C:\WINDOWS\system32\DRIVERS\pwi_mdfl.sys
R3 pwi_mdm;Curitel PC Card Drivers;C:\WINDOWS\system32\DRIVERS\pwi_mdm.sys
R3 pwi_oflt;Curitel PC Card OHCI Filter;C:\WINDOWS\system32\DRIVERS\pwi_oflt.sys
R3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);C:\WINDOWS\system32\DRIVERS\pwi_serd.sys
R3 SMNDIS5;SMNDIS5 NDIS Protocol Driver;\??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys
R3 Tp4Track;IBM PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys
R3 WacomPen;Wacom Serial Pen HID Driver;C:\WINDOWS\system32\DRIVERS\wacompen.sys
S3 ess;ESS Audio Driver (WDM);C:\WINDOWS\system32\drivers\ess.sys
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys
S3 OracleOra_Client_HomeClientCache;OracleOra_Client_HomeClientCache;C:\oracle\Ora_Client\bin\ONRSD.EXE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9cb977e-5bc1-11dc-b30e-545543445200}]
AutoRun\command- D:\merckVaccine.exe

*Newly Created Service* - IPPFLT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MobileSyncControl]
msiexec /i {E7CA8328-7DB2-44F8-BFFC-0BAA0EE543A2} /qb-!

Contents of the 'Scheduled Tasks' folder
"2007-07-02 19:43:48 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-07 02:47:46 C:\WINDOWS\Tasks\PMTask.job"
"2007-09-07 14:24:00 C:\WINDOWS\Tasks\Theft Loss Protection.job"
- C:\Program Files\Intellisync Mobile Suite\Client\ClientSys.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-07 10:22:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\AppCert
C:\WINDOWS\system32\drivers\hd_dirs.cfg
C:\WINDOWS\system32\drivers\hd_files.cfg
C:\WINDOWS\system32\drivers\hd_rkeys.cfg
C:\WINDOWS\system32\drivers\hd_rvals.cfg
C:\WINDOWS\system32\drivers\hd_self.cfg
C:\WINDOWS\system32\drivers\ippflt.sys

scan completed successfully
hidden files: 7

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ippflt]
"ImagePath"="system32\Drivers\ippflt.sys"

Completion time: 2007-09-07 10:25:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-07 10:25
C:\ComboFix2.txt ... 2007-09-07 10:00

--- E O F ---

HJT LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27, on 2007-09-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\merck connectivity analyzer\mca.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\oracle\Ora_Client\bin\omtsreco.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\CcmWindow\CcmWindow.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Citrix\ICACLI~1\ssonsvr.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\WINDOWS\system32\Wnex7DO.exe
C:\Program Files\AClient\Bin\XCDiffCache.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpPenMon.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\PROGRA~1\AClient\Bin\XCGSTask.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat\AcrobatInfo.exe
C:\Documents and Settings\NIZINSKI\My Documents\SECURITY STUFF\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.merck.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://fsnetprd.merck.com/proxy/uszo/fsconfig.ins
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Watcher-WatchDog] C:\WINDOWS\system32\Wnex7DO.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Afaria Client File Differencing] C:\Program Files\AClient\Bin\XCDiffCache.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpPenMon] TpPenMon.exe
O4 - HKLM\..\Run: [IBMTBCTL] "C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE" /r
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WMPfix] C:\Core\Install\apps\WMPfix\WMPfix.exe
O4 - HKLM\..\Run: [UserSettings] C:\FTS\UTILS\UserSettings.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\RunOnce: [My Computer] C:\core\install\apps\MYComputer\MYComputer.EXE
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Afaria Client Generic Scheduler.lnk = C:\Program Files\AClient\Bin\XCGSTask.exe
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://my.merck.com
O15 - Trusted Zone: *.adp.com
O15 - Trusted Zone: *.aeat.es
O15 - Trusted Zone: aim.airplus.com
O15 - Trusted Zone: blicdb.banyu.co.jp
O15 - Trusted Zone: cdi.banyu.co.jp
O15 - Trusted Zone: home.banyu.co.jp
O15 - Trusted Zone: homedb.banyu.co.jp
O15 - Trusted Zone: *.bizkaia.net
O15 - Trusted Zone: merck-db.buckwebsolutions.com
O15 - Trusted Zone: *.digsigtrust.com
O15 - Trusted Zone: *.easymatch.com
O15 - Trusted Zone: *.ezdrug.kfda.go.kr
O15 - Trusted Zone: *.global-serve.com
O15 - Trusted Zone: Imsrxfocus.Imshealth.com
O15 - Trusted Zone: ftp.ingenixps.com
O15 - Trusted Zone: online.invokesolutions.com
O15 - Trusted Zone: *.izenpe.com
O15 - Trusted Zone: *.kfda.go.kr
O15 - Trusted Zone: *.medproid.com
O15 - Trusted Zone: apcrnprd.merck.com
O15 - Trusted Zone: apcrntst.merck.com
O15 - Trusted Zone: apss.merck.com
O15 - Trusted Zone: apss-it.merck.com
O15 - Trusted Zone: apss-ut.merck.com
O15 - Trusted Zone: ariba.merck.com
O15 - Trusted Zone: ariba-ut.merck.com
O15 - Trusted Zone: brdocpr1.merck.com
O15 - Trusted Zone: camtaphhbi.merck.com
O15 - Trusted Zone: camtaphhbi3.merck.com
O15 - Trusted Zone: CAMTAPHHBI4.merck.com
O15 - Trusted Zone: CAMTAPHHBI5.merck.com
O15 - Trusted Zone: cdpdev1.merck.com
O15 - Trusted Zone: cdppro1.merck.com
O15 - Trusted Zone: cdppro2.merck.com
O15 - Trusted Zone: CDPPRO3.merck.com
O15 - Trusted Zone: cdptime.merck.com
O15 - Trusted Zone: cdptrl1.merck.com
O15 - Trusted Zone: clm.merck.com
O15 - Trusted Zone: clm-it.merck.com
O15 - Trusted Zone: cognos8.merck.com
O15 - Trusted Zone: cognos8dev.merck.com
O15 - Trusted Zone: cognos8test.merck.com
O15 - Trusted Zone: cognosap73.merck.com
O15 - Trusted Zone: cognoscb.merck.com
O15 - Trusted Zone: cognosdv7.merck.com
O15 - Trusted Zone: cognosit7.merck.com
O15 - Trusted Zone: cognospr7.merck.com
O15 - Trusted Zone: CRNLOAD.merck.com
O15 - Trusted Zone: crnstn.merck.com
O15 - Trusted Zone: crntest.merck.com
O15 - Trusted Zone: crse0a10.merck.com
O15 - Trusted Zone: ecd.merck.com
O15 - Trusted Zone: EntProjMan.merck.com
O15 - Trusted Zone: EntProjMan-tr.merck.com
O15 - Trusted Zone: EntProjMan-ut.merck.com
O15 - Trusted Zone: epm.merck.com
O15 - Trusted Zone: epm-ut.merck.com
O15 - Trusted Zone: eRoom.merck.com
O15 - Trusted Zone: eRoomNA.merck.com
O15 - Trusted Zone: eRoomtest.merck.com
O15 - Trusted Zone: fermcell.merck.com
O15 - Trusted Zone: finance.merck.com
O15 - Trusted Zone: finance2.merck.com
O15 - Trusted Zone: home.merck.com
O15 - Trusted Zone: icts.merck.com
O15 - Trusted Zone: ictsdev.merck.com
O15 - Trusted Zone: ictsqa.merck.com
O15 - Trusted Zone: ictstr.merck.com
O15 - Trusted Zone: jbtbsa.merck.com
O15 - Trusted Zone: mercktrials.merck.com
O15 - Trusted Zone: mercktrials-dev.merck.com
O15 - Trusted Zone: mercktrials-int.merck.com
O15 - Trusted Zone: mercktrials-uat.merck.com
O15 - Trusted Zone: midascds.merck.com
O15 - Trusted Zone: midascdsap.merck.com
O15 - Trusted Zone: midascdsaptest.merck.com
O15 - Trusted Zone: Midascdsdev.merck.com
O15 - Trusted Zone: midascdsemea.merck.com
O15 - Trusted Zone: midascdsemeatest.merck.com
O15 - Trusted Zone: Midascdstest.merck.com
O15 - Trusted Zone: Midascdsuat.merck.com
O15 - Trusted Zone: midasdm.merck.com
O15 - Trusted Zone: Midasdmdev.merck.com
O15 - Trusted Zone: Midasdmtest.merck.com
O15 - Trusted Zone: Midasdmuat.merck.com
O15 - Trusted Zone: midastmf.merck.com
O15 - Trusted Zone: Midastmfdev.merck.com
O15 - Trusted Zone: Midastmftest.merck.com
O15 - Trusted Zone: Midastmfuat.merck.com
O15 - Trusted Zone: mmdqpmods.merck.com
O15 - Trusted Zone: mmdqpmods-ut.merck.com
O15 - Trusted Zone: msc.merck.com
O15 - Trusted Zone: msc-ut.merck.com
O15 - Trusted Zone: msdtrials.merck.com
O15 - Trusted Zone: msdtrials-dev.merck.com
O15 - Trusted Zone: msdtrials-int.merck.com
O15 - Trusted Zone: msdtrials-uat.merck.com
O15 - Trusted Zone: my.merck.com
O15 - Trusted Zone: my-ut.merck.com
O15 - Trusted Zone: myCDP.merck.com
O15 - Trusted Zone: myCDP2.merck.com
O15 - Trusted Zone: omcadm.merck.com
O15 - Trusted Zone: omcadm-it.merck.com
O15 - Trusted Zone: omcadm-ut.merck.com
O15 - Trusted Zone: ondemand.merck.com
O15 - Trusted Zone: onewebauthor.merck.com
O15 - Trusted Zone: onewebdevauthor.merck.com
O15 - Trusted Zone: onewebtestauthor.merck.com
O15 - Trusted Zone: peopledirect.merck.com
O15 - Trusted Zone: print.merck.com
O15 - Trusted Zone: projects.merck.com
O15 - Trusted Zone: projectserver.merck.com
O15 - Trusted Zone: prrpl379.merck.com
O15 - Trusted Zone: ryt09200.merck.com
O15 - Trusted Zone: sharepoint.merck.com
O15 - Trusted Zone: softwareondemand.merck.com
O15 - Trusted Zone: teamsites.merck.com
O15 - Trusted Zone: triappli.merck.com
O15 - Trusted Zone: tridata.merck.com
O15 - Trusted Zone: trifmj.merck.com
O15 - Trusted Zone: trihome.merck.com
O15 - Trusted Zone: trimol.merck.com
O15 - Trusted Zone: trioas.merck.com
O15 - Trusted Zone: tripharm.merck.com
O15 - Trusted Zone: usctap0111.merck.com
O15 - Trusted Zone: usctap0112.merck.com
O15 - Trusted Zone: usctap0174a.merck.com
O15 - Trusted Zone: usctap0329.merck.com
O15 - Trusted Zone: ushhis.merck.com
O15 - Trusted Zone: ushhis-it.merck.com
O15 - Trusted Zone: ushhis-uat.merck.com
O15 - Trusted Zone: usmedsa.merck.com
O15 - Trusted Zone: usmedsa-it.merck.com
O15 - Trusted Zone: usmedsa-uat.merck.com
O15 - Trusted Zone: USRYAP0007.merck.com
O15 - Trusted Zone: usseap0005.merck.com
O15 - Trusted Zone: uswpap0083.merck.com
O15 - Trusted Zone: uswpap0186.merck.com
O15 - Trusted Zone: uswpap0187.merck.com
O15 - Trusted Zone: uswpap0188.merck.com
O15 - Trusted Zone: uswsap0137.merck.com
O15 - Trusted Zone: uswsap0138.merck.com
O15 - Trusted Zone: uswsap0182.merck.com
O15 - Trusted Zone: uswsap0188.merck.com
O15 - Trusted Zone: uswsap0358.merck.com
O15 - Trusted Zone: uswsap0362.merck.com
O15 - Trusted Zone: uswsap0363.merck.com
O15 - Trusted Zone: uswsap0416.merck.com
O15 - Trusted Zone: uswsap0419.merck.com
O15 - Trusted Zone: uswsap0462.merck.com
O15 - Trusted Zone: uxwsdv07.merck.com
O15 - Trusted Zone: uxwspr03.merck.com
O15 - Trusted Zone: uxwspr07.merck.com
O15 - Trusted Zone: webcast.merck.com
O15 - Trusted Zone: webcast-it.merck.com
O15 - Trusted Zone: webcastcorp.merck.com
O15 - Trusted Zone: webcastcorp-it.merck.com
O15 - Trusted Zone: webcastmmd.merck.com
O15 - Trusted Zone: webcastmmd-it.merck.com
O15 - Trusted Zone: webcastmrl.merck.com
O15 - Trusted Zone: webcastmrl-it.merck.com
O15 - Trusted Zone: webcastushh.merck.com
O15 - Trusted Zone: webcastushh-it.merck.com
O15 - Trusted Zone: webconfig.merck.com
O15 - Trusted Zone: webconfig-it.merck.com
O15 - Trusted Zone: webinstall.merck.com
O15 - Trusted Zone: webinstallxp.merck.com
O15 - Trusted Zone: wf1.merck.com
O15 - Trusted Zone: wf2.merck.com
O15 - Trusted Zone: wf3.merck.com
O15 - Trusted Zone: wf4.merck.com
O15 - Trusted Zone: wf6.merck.com
O15 - Trusted Zone: wf7.merck.com
O15 - Trusted Zone: *.merckp4g.com
O15 - Trusted Zone: *.mercktrials.com
O15 - Trusted Zone: *.msdcareers.com
O15 - Trusted Zone: *.msdtrials.com
O15 - Trusted Zone: *.outtask.com
O15 - Trusted Zone: *.paysonnel.com
O15 - Trusted Zone: myproject.quintiles.com
O15 - Trusted Zone: www.dms1.sensitechdms.com
O15 - Trusted Zone: merck.sumtotalsystems.com
O15 - Trusted Zone: totalrm.sumtotalsystems.com
O15 - Trusted Zone: *.taleo.net
O15 - Trusted Zone: meetings.teliris.com
O15 - Trusted Zone: *.webex.com
O15 - Trusted Zone: *.zapper.net
O15 - Trusted Zone: *.adp.com (HKLM)
O15 - Trusted Zone: *.aeat.es (HKLM)
O15 - Trusted Zone: aim.airplus.com (HKLM)
O15 - Trusted Zone: blicdb.banyu.co.jp (HKLM)
O15 - Trusted Zone: cdi.banyu.co.jp (HKLM)
O15 - Trusted Zone: home.banyu.co.jp (HKLM)
O15 - Trusted Zone: homedb.banyu.co.jp (HKLM)
O15 - Trusted Zone: *.bizkaia.net (HKLM)
O15 - Trusted Zone: merck-db.buckwebsolutions.com (HKLM)
O15 - Trusted Zone: *.digsigtrust.com (HKLM)
O15 - Trusted Zone: *.easymatch.com (HKLM)
O15 - Trusted Zone: *.ezdrug.kfda.go.kr (HKLM)
O15 - Trusted Zone: *.global-serve.com (HKLM)
O15 - Trusted Zone: Imsrxfocus.Imshealth.com (HKLM)
O15 - Trusted Zone: ftp.ingenixps.com (HKLM)
O15 - Trusted Zone: online.invokesolutions.com (HKLM)
O15 - Trusted Zone: *.izenpe.com (HKLM)
O15 - Trusted Zone: *.kfda.go.kr (HKLM)
O15 - Trusted Zone: *.medproid.com (HKLM)
O15 - Trusted Zone: apcrnprd.merck.com (HKLM)
O15 - Trusted Zone: apcrntst.merck.com (HKLM)
O15 - Trusted Zone: apss.merck.com (HKLM)
O15 - Trusted Zone: apss-it.merck.com (HKLM)
O15 - Trusted Zone: apss-ut.merck.com (HKLM)
O15 - Trusted Zone: ariba.merck.com (HKLM)
O15 - Trusted Zone: ariba-ut.merck.com (HKLM)
O15 - Trusted Zone: brdocpr1.merck.com (HKLM)
O15 - Trusted Zone: camtaphhbi.merck.com (HKLM)
O15 - Trusted Zone: camtaphhbi3.merck.com (HKLM)
O15 - Trusted Zone: CAMTAPHHBI4.merck.com (HKLM)
O15 - Trusted Zone: CAMTAPHHBI5.merck.com (HKLM)
O15 - Trusted Zone: cdpdev1.merck.com (HKLM)
O15 - Trusted Zone: cdppro1.merck.com (HKLM)
O15 - Trusted Zone: cdppro2.merck.com (HKLM)
O15 - Trusted Zone: CDPPRO3.merck.com (HKLM)
O15 - Trusted Zone: cdptime.merck.com (HKLM)
O15 - Trusted Zone: cdptrl1.merck.com (HKLM)
O15 - Trusted Zone: clm.merck.com (HKLM)
O15 - Trusted Zone: clm-it.merck.com (HKLM)
O15 - Trusted Zone: cognos8.merck.com (HKLM)
O15 - Trusted Zone: cognos8dev.merck.com (HKLM)
O15 - Trusted Zone: cognos8test.merck.com (HKLM)
O15 - Trusted Zone: cognosap73.merck.com (HKLM)
O15 - Trusted Zone: cognoscb.merck.com (HKLM)
O15 - Trusted Zone: cognosdv7.merck.com (HKLM)
O15 - Trusted Zone: cognosit7.merck.com (HKLM)
O15 - Trusted Zone: cognospr7.merck.com (HKLM)
O15 - Trusted Zone: CRNLOAD.merck.com (HKLM)
O15 - Trusted Zone: crnstn.merck.com (HKLM)
O15 - Trusted Zone: crntest.merck.com (HKLM)
O15 - Trusted Zone: crse0a10.merck.com (HKLM)
O15 - Trusted Zone: ecd.merck.com (HKLM)
O15 - Trusted Zone: EntProjMan.merck.com (HKLM)
O15 - Trusted Zone: EntProjMan-tr.merck.com (HKLM)
O15 - Trusted Zone: EntProjMan-ut.merck.com (HKLM)
O15 - Trusted Zone: epm.merck.com (HKLM)
O15 - Trusted Zone: epm-ut.merck.com (HKLM)
O15 - Trusted Zone: eRoom.merck.com (HKLM)
O15 - Trusted Zone: eRoomNA.merck.com (HKLM)
O15 - Trusted Zone: eRoomtest.merck.com (HKLM)
O15 - Trusted Zone: fermcell.merck.com (HKLM)
O15 - Trusted Zone: finance.merck.com (HKLM)
O15 - Trusted Zone: finance2.merck.com (HKLM)
O15 - Trusted Zone: home.merck.com (HKLM)
O15 - Trusted Zone: icts.merck.com (HKLM)
O15 - Trusted Zone: ictsdev.merck.com (HKLM)
O15 - Trusted Zone: ictsqa.merck.com (HKLM)
O15 - Trusted Zone: ictstr.merck.com (HKLM)
O15 - Trusted Zone: jbtbsa.merck.com (HKLM)
O15 - Trusted Zone: mercktrials.merck.com (HKLM)
O15 - Trusted Zone: mercktrials-dev.merck.com (HKLM)
O15 - Trusted Zone: mercktrials-int.merck.com (HKLM)
O15 - Trusted Zone: mercktrials-uat.merck.com (HKLM)
O15 - Trusted Zone: midascds.merck.com (HKLM)
O15 - Trusted Zone: midascdsap.merck.com (HKLM)
O15 - Trusted Zone: midascdsaptest.merck.com (HKLM)
O15 - Trusted Zone: Midascdsdev.merck.com (HKLM)
O15 - Trusted Zone: midascdsemea.merck.com (HKLM)
O15 - Trusted Zone: midascdsemeatest.merck.com (HKLM)
O15 - Trusted Zone: Midascdstest.merck.com (HKLM)
O15 - Trusted Zone: Midascdsuat.merck.com (HKLM)
O15 - Trusted Zone: midasdm.merck.com (HKLM)
O15 - Trusted Zone: Midasdmdev.merck.com (HKLM)
O15 - Trusted Zone: Midasdmtest.merck.com (HKLM)
O15 - Trusted Zone: Midasdmuat.merck.com (HKLM)
O15 - Trusted Zone: midastmf.merck.com (HKLM)
O15 - Trusted Zone: Midastmfdev.merck.com (HKLM)
O15 - Trusted Zone: Midastmftest.merck.com (HKLM)
O15 - Trusted Zone: Midastmfuat.merck.com (HKLM)
O15 - Trusted Zone: mmdqpmods.merck.com (HKLM)
O15 - Trusted Zone: mmdqpmods-ut.merck.com (HKLM)
O15 - Trusted Zone: msc.merck.com (HKLM)
O15 - Trusted Zone: msc-ut.merck.com (HKLM)
O15 - Trusted Zone: msdtrials.merck.com (HKLM)
O15 - Trusted Zone: msdtrials-dev.merck.com (HKLM)
O15 - Trusted Zone: msdtrials-int.merck.com (HKLM)
O15 - Trusted Zone: msdtrials-uat.merck.com (HKLM)
O15 - Trusted Zone: my.merck.com (HKLM)
O15 - Trusted Zone: my-ut.merck.com (HKLM)
O15 - Trusted Zone: myCDP.merck.com (HKLM)
O15 - Trusted Zone: myCDP2.merck.com (HKLM)
O15 - Trusted Zone: omcadm.merck.com (HKLM)
O15 - Trusted Zone: omcadm-it.merck.com (HKLM)
O15 - Trusted Zone: omcadm-ut.merck.com (HKLM)
O15 - Trusted Zone: ondemand.merck.com (HKLM)
O15 - Trusted Zone: onewebauthor.merck.com (HKLM)
O15 - Trusted Zone: onewebdevauthor.merck.com (HKLM)
O15 - Trusted Zone: onewebtestauthor.merck.com (HKLM)
O15 - Trusted Zone: peopledirect.merck.com (HKLM)
O15 - Trusted Zone: print.merck.com (HKLM)
O15 - Trusted Zone: projects.merck.com (HKLM)
O15 - Trusted Zone: projectserver.merck.com (HKLM)
O15 - Trusted Zone: prrpl379.merck.com (HKLM)
O15 - Trusted Zone: ryt09200.merck.com (HKLM)
O15 - Trusted Zone: sharepoint.merck.com (HKLM)
O15 - Trusted Zone: softwareondemand.merck.com (HKLM)
O15 - Trusted Zone: teamsites.merck.com (HKLM)
O15 - Trusted Zone: triappli.merck.com (HKLM)
O15 - Trusted Zone: tridata.merck.com (HKLM)
O15 - Trusted Zone: trifmj.merck.com (HKLM)
O15 - Trusted Zone: trihome.merck.com (HKLM)
O15 - Trusted Zone: trimol.merck.com (HKLM)
O15 - Trusted Zone: trioas.merck.com (HKLM)
O15 - Trusted Zone: tripharm.merck.com (HKLM)
O15 - Trusted Zone: usctap0111.merck.com (HKLM)
O15 - Trusted Zone: usctap0112.merck.com (HKLM)
O15 - Trusted Zone: usctap0174a.merck.com (HKLM)
O15 - Trusted Zone: usctap0329.merck.com (HKLM)
O15 - Trusted Zone: ushhis.merck.com (HKLM)
O15 - Trusted Zone: ushhis-it.merck.com (HKLM)
O15 - Trusted Zone: ushhis-uat.merck.com (HKLM)
O15 - Trusted Zone: usmedsa.merck.com (HKLM)
O15 - Trusted Zone: usmedsa-it.merck.com (HKLM)
O15 - Trusted Zone: usmedsa-uat.merck.com (HKLM)
O15 - Trusted Zone: USRYAP0007.merck.com (HKLM)
O15 - Trusted Zone: usseap0005.merck.com (HKLM)
O15 - Trusted Zone: uswpap0083.merck.com (HKLM)
O15 - Trusted Zone: uswpap0186.merck.com (HKLM)
O15 - Trusted Zone: uswpap0187.merck.com (HKLM)
O15 - Trusted Zone: uswpap0188.merck.com (HKLM)
O15 - Trusted Zone: uswsap0137.merck.com (HKLM)
O15 - Trusted Zone: uswsap0138.merck.com (HKLM)
O15 - Trusted Zone: uswsap0182.merck.com (HKLM)
O15 - Trusted Zone: uswsap0188.merck.com (HKLM)
O15 - Trusted Zone: uswsap0358.merck.com (HKLM)
O15 - Trusted Zone: uswsap0362.merck.com (HKLM)
O15 - Trusted Zone: uswsap0363.merck.com (HKLM)
O15 - Trusted Zone: uswsap0416.merck.com (HKLM)
O15 - Trusted Zone: uswsap0419.merck.com (HKLM)
O15 - Trusted Zone: uswsap0462.merck.com (HKLM)
O15 - Trusted Zone: uxwsdv07.merck.com (HKLM)
O15 - Trusted Zone: uxwspr03.merck.com (HKLM)
O15 - Trusted Zone: uxwspr07.merck.com (HKLM)
O15 - Trusted Zone: webcast.merck.com (HKLM)
O15 - Trusted Zone: webcast-it.merck.com (HKLM)
O15 - Trusted Zone: webcastcorp.merck.com (HKLM)
O15 - Trusted Zone: webcastcorp-it.merck.com (HKLM)
O15 - Trusted Zone: webcastmmd.merck.com (HKLM)
O15 - Trusted Zone: webcastmmd-it.merck.com (HKLM)
O15 - Trusted Zone: webcastmrl.merck.com (HKLM)
O15 - Trusted Zone: webcastmrl-it.merck.com (HKLM)
O15 - Trusted Zone: webcastushh.merck.com (HKLM)
O15 - Trusted Zone: webcastushh-it.merck.com (HKLM)
O15 - Trusted Zone: webconfig.merck.com (HKLM)
O15 - Trusted Zone: webconfig-it.merck.com (HKLM)
O15 - Trusted Zone: webinstall.merck.com (HKLM)
O15 - Trusted Zone: webinstallxp.merck.com (HKLM)
O15 - Trusted Zone: wf1.merck.com (HKLM)
O15 - Trusted Zone: wf2.merck.com (HKLM)
O15 - Trusted Zone: wf3.merck.com (HKLM)
O15 - Trusted Zone: wf4.merck.com (HKLM)
O15 - Trusted Zone: wf6.merck.com (HKLM)
O15 - Trusted Zone: wf7.merck.com (HKLM)
O15 - Trusted Zone: *.merckp4g.com (HKLM)
O15 - Trusted Zone: *.mercktrials.com (HKLM)
O15 - Trusted Zone: *.msdcareers.com (HKLM)
O15 - Trusted Zone: *.msdtrials.com (HKLM)
O15 - Trusted Zone: *.outtask.com (HKLM)
O15 - Trusted Zone: *.paysonnel.com (HKLM)
O15 - Trusted Zone: myproject.quintiles.com (HKLM)
O15 - Trusted Zone: www.dms1.sensitechdms.com (HKLM)
O15 - Trusted Zone: merck.sumtotalsystems.com (HKLM)
O15 - Trusted Zone: totalrm.sumtotalsystems.com (HKLM)
O15 - Trusted Zone: *.taleo.net (HKLM)
O15 - Trusted Zone: meetings.teliris.com (HKLM)
O15 - Trusted Zone: *.webex.com (HKLM)
O15 - Trusted Zone: *.zapper.net (HKLM)
O16 - DPF: {CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = merck.com
O17 - HKLM\Software\..\Telephony: DomainName = merck.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3252BEB-FA75-49C5-9D34-8346DB0F0D4B}: NameServer = 69.78.96.14 66.174.95.44
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = merck.com
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Merck Connectivity Analyzer - - c:\program files\merck connectivity analyzer\mca.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\Ora_Client\bin\omtsreco.exe
O23 - Service: OracleOra_Client_HomeClientCache - Unknown owner - C:\oracle\Ora_Client\bin\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE

--
End of file - 27828 bytes

I will wait for your instructions.

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 07 September 2007 - 09:55 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O16 - DPF: {CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} -

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,on the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#5 Guest_knoxvillejag_*

Guest_knoxvillejag_*

  • Guests
  • OFFLINE
  •  

Posted 07 September 2007 - 01:08 PM

The Superanti spyware keeps crashing the system,you have encountered a serious error and windows need st oshut donw (blue screen of death??)0----can't read it it shuts down to quickly. Something about an error in non paged area???

I will continue to try to get you that log.

The WIMDOWS SECURITY UPDATE popup has stopped--thanks.

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07, on 2007-09-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Citrix\ICACLI~1\ssonsvr.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\WINDOWS\system32\Wnex7DO.exe
C:\Program Files\AClient\Bin\XCDiffCache.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpPenMon.exe
C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\oracle\Ora_Client\bin\omtsreco.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\CcmWindow\CcmWindow.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\PROGRA~1\AClient\Bin\XCGSTask.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\NIZINSKI\My Documents\SECURITY STUFF\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.merck.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.merck.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://fsnetprd.merck.com/proxy/uszo/fsconfig.ins
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Watcher-WatchDog] C:\WINDOWS\system32\Wnex7DO.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Afaria Client File Differencing] C:\Program Files\AClient\Bin\XCDiffCache.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpPenMon] TpPenMon.exe
O4 - HKLM\..\Run: [IBMTBCTL] "C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE" /r
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [WMPfix] C:\Core\Install\apps\WMPfix\WMPfix.exe
O4 - HKLM\..\Run: [UserSettings] C:\FTS\UTILS\UserSettings.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\ThinkVantage Fingerprint Software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [My Computer] C:\core\install\apps\MYComputer\MYComputer.EXE
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Afaria Client Generic Scheduler.lnk = C:\Program Files\AClient\Bin\XCGSTask.exe
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://my.merck.com
O15 - Trusted Zone: *.adp.com
O15 - Trusted Zone: *.aeat.es
O15 - Trusted Zone: aim.airplus.com
O15 - Trusted Zone: blicdb.banyu.co.jp
O15 - Trusted Zone: cdi.banyu.co.jp
O15 - Trusted Zone: home.banyu.co.jp
O15 - Trusted Zone: homedb.banyu.co.jp
O15 - Trusted Zone: *.bizkaia.net
O15 - Trusted Zone: merck-db.buckwebsolutions.com
O15 - Trusted Zone: *.digsigtrust.com
O15 - Trusted Zone: *.easymatch.com
O15 - Trusted Zone: *.ezdrug.kfda.go.kr
O15 - Trusted Zone: *.global-serve.com
O15 - Trusted Zone: Imsrxfocus.Imshealth.com
O15 - Trusted Zone: ftp.ingenixps.com
O15 - Trusted Zone: online.invokesolutions.com
O15 - Trusted Zone: *.izenpe.com
O15 - Trusted Zone: *.kfda.go.kr
O15 - Trusted Zone: *.medproid.com
O15 - Trusted Zone: apcrnprd.merck.com
O15 - Trusted Zone: apcrntst.merck.com
O15 - Trusted Zone: apss.merck.com
O15 - Trusted Zone: apss-it.merck.com
O15 - Trusted Zone: apss-ut.merck.com
O15 - Trusted Zone: ariba.merck.com
O15 - Trusted Zone: ariba-ut.merck.com
O15 - Trusted Zone: brdocpr1.merck.com
O15 - Trusted Zone: camtaphhbi.merck.com
O15 - Trusted Zone: camtaphhbi3.merck.com
O15 - Trusted Zone: CAMTAPHHBI4.merck.com
O15 - Trusted Zone: CAMTAPHHBI5.merck.com
O15 - Trusted Zone: cdpdev1.merck.com
O15 - Trusted Zone: cdppro1.merck.com
O15 - Trusted Zone: cdppro2.merck.com
O15 - Trusted Zone: CDPPRO3.merck.com
O15 - Trusted Zone: cdptime.merck.com
O15 - Trusted Zone: cdptrl1.merck.com
O15 - Trusted Zone: clm.merck.com
O15 - Trusted Zone: clm-it.merck.com
O15 - Trusted Zone: cognos8.merck.com
O15 - Trusted Zone: cognos8dev.merck.com
O15 - Trusted Zone: cognos8test.merck.com
O15 - Trusted Zone: cognosap73.merck.com
O15 - Trusted Zone: cognoscb.merck.com
O15 - Trusted Zone: cognosdv7.merck.com
O15 - Trusted Zone: cognosit7.merck.com
O15 - Trusted Zone: cognospr7.merck.com
O15 - Trusted Zone: CRNLOAD.merck.com
O15 - Trusted Zone: crnstn.merck.com
O15 - Trusted Zone: crntest.merck.com
O15 - Trusted Zone: crse0a10.merck.com
O15 - Trusted Zone: ecd.merck.com
O15 - Trusted Zone: EntProjMan.merck.com
O15 - Trusted Zone: EntProjMan-tr.merck.com
O15 - Trusted Zone: EntProjMan-ut.merck.com
O15 - Trusted Zone: epm.merck.com
O15 - Trusted Zone: epm-ut.merck.com
O15 - Trusted Zone: eRoom.merck.com
O15 - Trusted Zone: eRoomNA.merck.com
O15 - Trusted Zone: eRoomtest.merck.com
O15 - Trusted Zone: fermcell.merck.com
O15 - Trusted Zone: finance.merck.com
O15 - Trusted Zone: finance2.merck.com
O15 - Trusted Zone: home.merck.com
O15 - Trusted Zone: icts.merck.com
O15 - Trusted Zone: ictsdev.merck.com
O15 - Trusted Zone: ictsqa.merck.com
O15 - Trusted Zone: ictstr.merck.com
O15 - Trusted Zone: jbtbsa.merck.com
O15 - Trusted Zone: mercktrials.merck.com
O15 - Trusted Zone: mercktrials-dev.merck.com
O15 - Trusted Zone: mercktrials-int.merck.com
O15 - Trusted Zone: mercktrials-uat.merck.com
O15 - Trusted Zone: midascds.merck.com
O15 - Trusted Zone: midascdsap.merck.com
O15 - Trusted Zone: midascdsaptest.merck.com
O15 - Trusted Zone: Midascdsdev.merck.com
O15 - Trusted Zone: midascdsemea.merck.com
O15 - Trusted Zone: midascdsemeatest.merck.com
O15 - Trusted Zone: Midascdstest.merck.com
O15 - Trusted Zone: Midascdsuat.merck.com
O15 - Trusted Zone: midasdm.merck.com
O15 - Trusted Zone: Midasdmdev.merck.com
O15 - Trusted Zone: Midasdmtest.merck.com
O15 - Trusted Zone: Midasdmuat.merck.com
O15 - Trusted Zone: midastmf.merck.com
O15 - Trusted Zone: Midastmfdev.merck.com
O15 - Trusted Zone: Midastmftest.merck.com
O15 - Trusted Zone: Midastmfuat.merck.com
O15 - Trusted Zone: mmdqpmods.merck.com
O15 - Trusted Zone: mmdqpmods-ut.merck.com
O15 - Trusted Zone: msc.merck.com
O15 - Trusted Zone: msc-ut.merck.com
O15 - Trusted Zone: msdtrials.merck.com
O15 - Trusted Zone: msdtrials-dev.merck.com
O15 - Trusted Zone: msdtrials-int.merck.com
O15 - Trusted Zone: msdtrials-uat.merck.com
O15 - Trusted Zone: my.merck.com
O15 - Trusted Zone: my-ut.merck.com
O15 - Trusted Zone: myCDP.merck.com
O15 - Trusted Zone: myCDP2.merck.com
O15 - Trusted Zone: omcadm.merck.com
O15 - Trusted Zone: omcadm-it.merck.com
O15 - Trusted Zone: omcadm-ut.merck.com
O15 - Trusted Zone: ondemand.merck.com
O15 - Trusted Zone: onewebauthor.merck.com
O15 - Trusted Zone: onewebdevauthor.merck.com
O15 - Trusted Zone: onewebtestauthor.merck.com
O15 - Trusted Zone: peopledirect.merck.com
O15 - Trusted Zone: print.merck.com
O15 - Trusted Zone: projects.merck.com
O15 - Trusted Zone: projectserver.merck.com
O15 - Trusted Zone: prrpl379.merck.com
O15 - Trusted Zone: ryt09200.merck.com
O15 - Trusted Zone: sharepoint.merck.com
O15 - Trusted Zone: softwareondemand.merck.com
O15 - Trusted Zone: teamsites.merck.com
O15 - Trusted Zone: triappli.merck.com
O15 - Trusted Zone: tridata.merck.com
O15 - Trusted Zone: trifmj.merck.com
O15 - Trusted Zone: trihome.merck.com
O15 - Trusted Zone: trimol.merck.com
O15 - Trusted Zone: trioas.merck.com
O15 - Trusted Zone: tripharm.merck.com
O15 - Trusted Zone: usctap0111.merck.com
O15 - Trusted Zone: usctap0112.merck.com
O15 - Trusted Zone: usctap0174a.merck.com
O15 - Trusted Zone: usctap0329.merck.com
O15 - Trusted Zone: ushhis.merck.com
O15 - Trusted Zone: ushhis-it.merck.com
O15 - Trusted Zone: ushhis-uat.merck.com
O15 - Trusted Zone: usmedsa.merck.com
O15 - Trusted Zone: usmedsa-it.merck.com
O15 - Trusted Zone: usmedsa-uat.merck.com
O15 - Trusted Zone: USRYAP0007.merck.com
O15 - Trusted Zone: usseap0005.merck.com
O15 - Trusted Zone: uswpap0083.merck.com
O15 - Trusted Zone: uswpap0186.merck.com
O15 - Trusted Zone: uswpap0187.merck.com
O15 - Trusted Zone: uswpap0188.merck.com
O15 - Trusted Zone: uswsap0137.merck.com
O15 - Trusted Zone: uswsap0138.merck.com
O15 - Trusted Zone: uswsap0182.merck.com
O15 - Trusted Zone: uswsap0188.merck.com
O15 - Trusted Zone: uswsap0358.merck.com
O15 - Trusted Zone: uswsap0362.merck.com
O15 - Trusted Zone: uswsap0363.merck.com
O15 - Trusted Zone: uswsap0416.merck.com
O15 - Trusted Zone: uswsap0419.merck.com
O15 - Trusted Zone: uswsap0462.merck.com
O15 - Trusted Zone: uxwsdv07.merck.com
O15 - Trusted Zone: uxwspr03.merck.com
O15 - Trusted Zone: uxwspr07.merck.com
O15 - Trusted Zone: webcast.merck.com
O15 - Trusted Zone: webcast-it.merck.com
O15 - Trusted Zone: webcastcorp.merck.com
O15 - Trusted Zone: webcastcorp-it.merck.com
O15 - Trusted Zone: webcastmmd.merck.com
O15 - Trusted Zone: webcastmmd-it.merck.com
O15 - Trusted Zone: webcastmrl.merck.com
O15 - Trusted Zone: webcastmrl-it.merck.com
O15 - Trusted Zone: webcastushh.merck.com
O15 - Trusted Zone: webcastushh-it.merck.com
O15 - Trusted Zone: webconfig.merck.com
O15 - Trusted Zone: webconfig-it.merck.com
O15 - Trusted Zone: webinstall.merck.com
O15 - Trusted Zone: webinstallxp.merck.com
O15 - Trusted Zone: wf1.merck.com
O15 - Trusted Zone: wf2.merck.com
O15 - Trusted Zone: wf3.merck.com
O15 - Trusted Zone: wf4.merck.com
O15 - Trusted Zone: wf6.merck.com
O15 - Trusted Zone: wf7.merck.com
O15 - Trusted Zone: *.merckp4g.com
O15 - Trusted Zone: *.mercktrials.com
O15 - Trusted Zone: *.msdcareers.com
O15 - Trusted Zone: *.msdtrials.com
O15 - Trusted Zone: *.outtask.com
O15 - Trusted Zone: *.paysonnel.com
O15 - Trusted Zone: myproject.quintiles.com
O15 - Trusted Zone: www.dms1.sensitechdms.com
O15 - Trusted Zone: merck.sumtotalsystems.com
O15 - Trusted Zone: totalrm.sumtotalsystems.com
O15 - Trusted Zone: *.taleo.net
O15 - Trusted Zone: meetings.teliris.com
O15 - Trusted Zone: *.webex.com
O15 - Trusted Zone: *.zapper.net
O15 - Trusted Zone: *.adp.com (HKLM)
O15 - Trusted Zone: *.aeat.es (HKLM)
O15 - Trusted Zone: aim.airplus.com (HKLM)
O15 - Trusted Zone: blicdb.banyu.co.jp (HKLM)
O15 - Trusted Zone: cdi.banyu.co.jp (HKLM)
O15 - Trusted Zone: home.banyu.co.jp (HKLM)
O15 - Trusted Zone: homedb.banyu.co.jp (HKLM)
O15 - Trusted Zone: *.bizkaia.net (HKLM)
O15 - Trusted Zone: merck-db.buckwebsolutions.com (HKLM)
O15 - Trusted Zone: *.digsigtrust.com (HKLM)
O15 - Trusted Zone: *.easymatch.com (HKLM)
O15 - Trusted Zone: *.ezdrug.kfda.go.kr (HKLM)
O15 - Trusted Zone: *.global-serve.com (HKLM)
O15 - Trusted Zone: Imsrxfocus.Imshealth.com (HKLM)
O15 - Trusted Zone: ftp.ingenixps.com (HKLM)
O15 - Trusted Zone: online.invokesolutions.com (HKLM)
O15 - Trusted Zone: *.izenpe.com (HKLM)
O15 - Trusted Zone: *.kfda.go.kr (HKLM)
O15 - Trusted Zone: *.medproid.com (HKLM)
O15 - Trusted Zone: apcrnprd.merck.com (HKLM)
O15 - Trusted Zone: apcrntst.merck.com (HKLM)
O15 - Trusted Zone: apss.merck.com (HKLM)
O15 - Trusted Zone: apss-it.merck.com (HKLM)
O15 - Trusted Zone: apss-ut.merck.com (HKLM)
O15 - Trusted Zone: ariba.merck.com (HKLM)
O15 - Trusted Zone: ariba-ut.merck.com (HKLM)
O15 - Trusted Zone: brdocpr1.merck.com (HKLM)
O15 - Trusted Zone: camtaphhbi.merck.com (HKLM)
O15 - Trusted Zone: camtaphhbi3.merck.com (HKLM)
O15 - Trusted Zone: CAMTAPHHBI4.merck.com (HKLM)
O15 - Trusted Zone: CAMTAPHHBI5.merck.com (HKLM)
O15 - Trusted Zone: cdpdev1.merck.com (HKLM)
O15 - Trusted Zone: cdppro1.merck.com (HKLM)
O15 - Trusted Zone: cdppro2.merck.com (HKLM)
O15 - Trusted Zone: CDPPRO3.merck.com (HKLM)
O15 - Trusted Zone: cdptime.merck.com (HKLM)
O15 - Trusted Zone: cdptrl1.merck.com (HKLM)
O15 - Trusted Zone: clm.merck.com (HKLM)
O15 - Trusted Zone: clm-it.merck.com (HKLM)
O15 - Trusted Zone: cognos8.merck.com (HKLM)
O15 - Trusted Zone: cognos8dev.merck.com (HKLM)
O15 - Trusted Zone: cognos8test.merck.com (HKLM)
O15 - Trusted Zone: cognosap73.merck.com (HKLM)
O15 - Trusted Zone: cognoscb.merck.com (HKLM)
O15 - Trusted Zone: cognosdv7.merck.com (HKLM)
O15 - Trusted Zone: cognosit7.merck.com (HKLM)
O15 - Trusted Zone: cognospr7.merck.com (HKLM)
O15 - Trusted Zone: CRNLOAD.merck.com (HKLM)
O15 - Trusted Zone: crnstn.merck.com (HKLM)
O15 - Trusted Zone: crntest.merck.com (HKLM)
O15 - Trusted Zone: crse0a10.merck.com (HKLM)
O15 - Trusted Zone: ecd.merck.com (HKLM)
O15 - Trusted Zone: EntProjMan.merck.com (HKLM)
O15 - Trusted Zone: EntProjMan-tr.merck.com (HKLM)
O15 - Trusted Zone: EntProjMan-ut.merck.com (HKLM)
O15 - Trusted Zone: epm.merck.com (HKLM)
O15 - Trusted Zone: epm-ut.merck.com (HKLM)
O15 - Trusted Zone: eRoom.merck.com (HKLM)
O15 - Trusted Zone: eRoomNA.merck.com (HKLM)
O15 - Trusted Zone: eRoomtest.merck.com (HKLM)
O15 - Trusted Zone: fermcell.merck.com (HKLM)
O15 - Trusted Zone: finance.merck.com (HKLM)
O15 - Trusted Zone: finance2.merck.com (HKLM)
O15 - Trusted Zone: home.merck.com (HKLM)
O15 - Trusted Zone: icts.merck.com (HKLM)
O15 - Trusted Zone: ictsdev.merck.com (HKLM)
O15 - Trusted Zone: ictsqa.merck.com (HKLM)
O15 - Trusted Zone: ictstr.merck.com (HKLM)
O15 - Trusted Zone: jbtbsa.merck.com (HKLM)
O15 - Trusted Zone: mercktrials.merck.com (HKLM)
O15 - Trusted Zone: mercktrials-dev.merck.com (HKLM)
O15 - Trusted Zone: mercktrials-int.merck.com (HKLM)
O15 - Trusted Zone: mercktrials-uat.merck.com (HKLM)
O15 - Trusted Zone: midascds.merck.com (HKLM)
O15 - Trusted Zone: midascdsap.merck.com (HKLM)
O15 - Trusted Zone: midascdsaptest.merck.com (HKLM)
O15 - Trusted Zone: Midascdsdev.merck.com (HKLM)
O15 - Trusted Zone: midascdsemea.merck.com (HKLM)
O15 - Trusted Zone: midascdsemeatest.merck.com (HKLM)
O15 - Trusted Zone: Midascdstest.merck.com (HKLM)
O15 - Trusted Zone: Midascdsuat.merck.com (HKLM)
O15 - Trusted Zone: midasdm.merck.com (HKLM)
O15 - Trusted Zone: Midasdmdev.merck.com (HKLM)
O15 - Trusted Zone: Midasdmtest.merck.com (HKLM)
O15 - Trusted Zone: Midasdmuat.merck.com (HKLM)
O15 - Trusted Zone: midastmf.merck.com (HKLM)
O15 - Trusted Zone: Midastmfdev.merck.com (HKLM)
O15 - Trusted Zone: Midastmftest.merck.com (HKLM)
O15 - Trusted Zone: Midastmfuat.merck.com (HKLM)
O15 - Trusted Zone: mmdqpmods.merck.com (HKLM)
O15 - Trusted Zone: mmdqpmods-ut.merck.com (HKLM)
O15 - Trusted Zone: msc.merck.com (HKLM)
O15 - Trusted Zone: msc-ut.merck.com (HKLM)
O15 - Trusted Zone: msdtrials.merck.com (HKLM)
O15 - Trusted Zone: msdtrials-dev.merck.com (HKLM)
O15 - Trusted Zone: msdtrials-int.merck.com (HKLM)
O15 - Trusted Zone: msdtrials-uat.merck.com (HKLM)
O15 - Trusted Zone: my.merck.com (HKLM)
O15 - Trusted Zone: my-ut.merck.com (HKLM)
O15 - Trusted Zone: myCDP.merck.com (HKLM)
O15 - Trusted Zone: myCDP2.merck.com (HKLM)
O15 - Trusted Zone: omcadm.merck.com (HKLM)
O15 - Trusted Zone: omcadm-it.merck.com (HKLM)
O15 - Trusted Zone: omcadm-ut.merck.com (HKLM)
O15 - Trusted Zone: ondemand.merck.com (HKLM)
O15 - Trusted Zone: onewebauthor.merck.com (HKLM)
O15 - Trusted Zone: onewebdevauthor.merck.com (HKLM)
O15 - Trusted Zone: onewebtestauthor.merck.com (HKLM)
O15 - Trusted Zone: peopledirect.merck.com (HKLM)
O15 - Trusted Zone: print.merck.com (HKLM)
O15 - Trusted Zone: projects.merck.com (HKLM)
O15 - Trusted Zone: projectserver.merck.com (HKLM)
O15 - Trusted Zone: prrpl379.merck.com (HKLM)
O15 - Trusted Zone: ryt09200.merck.com (HKLM)
O15 - Trusted Zone: sharepoint.merck.com (HKLM)
O15 - Trusted Zone: softwareondemand.merck.com (HKLM)
O15 - Trusted Zone: teamsites.merck.com (HKLM)
O15 - Trusted Zone: triappli.merck.com (HKLM)
O15 - Trusted Zone: tridata.merck.com (HKLM)
O15 - Trusted Zone: trifmj.merck.com (HKLM)
O15 - Trusted Zone: trihome.merck.com (HKLM)
O15 - Trusted Zone: trimol.merck.com (HKLM)
O15 - Trusted Zone: trioas.merck.com (HKLM)
O15 - Trusted Zone: tripharm.merck.com (HKLM)
O15 - Trusted Zone: usctap0111.merck.com (HKLM)
O15 - Trusted Zone: usctap0112.merck.com (HKLM)
O15 - Trusted Zone: usctap0174a.merck.com (HKLM)
O15 - Trusted Zone: usctap0329.merck.com (HKLM)
O15 - Trusted Zone: ushhis.merck.com (HKLM)
O15 - Trusted Zone: ushhis-it.merck.com (HKLM)
O15 - Trusted Zone: ushhis-uat.merck.com (HKLM)
O15 - Trusted Zone: usmedsa.merck.com (HKLM)
O15 - Trusted Zone: usmedsa-it.merck.com (HKLM)
O15 - Trusted Zone: usmedsa-uat.merck.com (HKLM)
O15 - Trusted Zone: USRYAP0007.merck.com (HKLM)
O15 - Trusted Zone: usseap0005.merck.com (HKLM)
O15 - Trusted Zone: uswpap0083.merck.com (HKLM)
O15 - Trusted Zone: uswpap0186.merck.com (HKLM)
O15 - Trusted Zone: uswpap0187.merck.com (HKLM)
O15 - Trusted Zone: uswpap0188.merck.com (HKLM)
O15 - Trusted Zone: uswsap0137.merck.com (HKLM)
O15 - Trusted Zone: uswsap0138.merck.com (HKLM)
O15 - Trusted Zone: uswsap0182.merck.com (HKLM)
O15 - Trusted Zone: uswsap0188.merck.com (HKLM)
O15 - Trusted Zone: uswsap0358.merck.com (HKLM)
O15 - Trusted Zone: uswsap0362.merck.com (HKLM)
O15 - Trusted Zone: uswsap0363.merck.com (HKLM)
O15 - Trusted Zone: uswsap0416.merck.com (HKLM)
O15 - Trusted Zone: uswsap0419.merck.com (HKLM)
O15 - Trusted Zone: uswsap0462.merck.com (HKLM)
O15 - Trusted Zone: uxwsdv07.merck.com (HKLM)
O15 - Trusted Zone: uxwspr03.merck.com (HKLM)
O15 - Trusted Zone: uxwspr07.merck.com (HKLM)
O15 - Trusted Zone: webcast.merck.com (HKLM)
O15 - Trusted Zone: webcast-it.merck.com (HKLM)
O15 - Trusted Zone: webcastcorp.merck.com (HKLM)
O15 - Trusted Zone: webcastcorp-it.merck.com (HKLM)
O15 - Trusted Zone: webcastmmd.merck.com (HKLM)
O15 - Trusted Zone: webcastmmd-it.merck.com (HKLM)
O15 - Trusted Zone: webcastmrl.merck.com (HKLM)
O15 - Trusted Zone: webcastmrl-it.merck.com (HKLM)
O15 - Trusted Zone: webcastushh.merck.com (HKLM)
O15 - Trusted Zone: webcastushh-it.merck.com (HKLM)
O15 - Trusted Zone: webconfig.merck.com (HKLM)
O15 - Trusted Zone: webconfig-it.merck.com (HKLM)
O15 - Trusted Zone: webinstall.merck.com (HKLM)
O15 - Trusted Zone: webinstallxp.merck.com (HKLM)
O15 - Trusted Zone: wf1.merck.com (HKLM)
O15 - Trusted Zone: wf2.merck.com (HKLM)
O15 - Trusted Zone: wf3.merck.com (HKLM)
O15 - Trusted Zone: wf4.merck.com (HKLM)
O15 - Trusted Zone: wf6.merck.com (HKLM)
O15 - Trusted Zone: wf7.merck.com (HKLM)
O15 - Trusted Zone: *.merckp4g.com (HKLM)
O15 - Trusted Zone: *.mercktrials.com (HKLM)
O15 - Trusted Zone: *.msdcareers.com (HKLM)
O15 - Trusted Zone: *.msdtrials.com (HKLM)
O15 - Trusted Zone: *.outtask.com (HKLM)
O15 - Trusted Zone: *.paysonnel.com (HKLM)
O15 - Trusted Zone: myproject.quintiles.com (HKLM)
O15 - Trusted Zone: www.dms1.sensitechdms.com (HKLM)
O15 - Trusted Zone: merck.sumtotalsystems.com (HKLM)
O15 - Trusted Zone: totalrm.sumtotalsystems.com (HKLM)
O15 - Trusted Zone: *.taleo.net (HKLM)
O15 - Trusted Zone: meetings.teliris.com (HKLM)
O15 - Trusted Zone: *.webex.com (HKLM)
O15 - Trusted Zone: *.zapper.net (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = merck.com
O17 - HKLM\Software\..\Telephony: DomainName = merck.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B3252BEB-FA75-49C5-9D34-8346DB0F0D4B}: NameServer = 66.174.95.44 69.78.96.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = merck.com
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Merck Connectivity Analyzer - - c:\program files\merck connectivity analyzer\mca.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\Ora_Client\bin\omtsreco.exe
O23 - Service: OracleOra_Client_HomeClientCache - Unknown owner - C:\oracle\Ora_Client\bin\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE

--
End of file - 27907 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  

Posted 12 September 2007 - 12:15 PM

Download DelDomains.zip and extract/unzip it to your desktop:
Now right click on Deldomains.inf then click on 'Install'.
After right clicking on Deldomains.inf 'Install' it will have appeared nothing happened,this is normal.

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

Post a new Hijackthis log in your next reply.
Let me know how your pc is running now please.

Edited by RichieUK, 12 September 2007 - 12:15 PM.

Posted Image
Posted Image

#7 Guest_knoxvillejag_*

Guest_knoxvillejag_*

  • Guests
  • OFFLINE
  •  

Posted 01 October 2007 - 02:00 PM

Sorry for the delay. My computer crashed (I guess) and I can't access it anymore.so I am sending this from a different computer.

The computer will lock up/freeze on the "this is a protected computer--anyone gaining unauthorized access..."

This is right before it is suppossed to load my settings. At one time, I had a screen that said no operating system found!!, but haven't been able to replicate that. I downloaded a recovery disc for the machine, but the reboot will not get past that screen to view the disc.

I took the harddrive out and put it in an identical laptop, and it worked fine!. It isn't the hard drive. I tried the "hard drive from the "non working machine" and installed in the new laptop, and it froze also.

Any suggestions? I tried enterering safemode, but the screen turns black, it says safemode in all 4 corners, but nothing else will happen.

Please help!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users