Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! - Malware Error - Webpages Open And Explorer Closes


  • This topic is locked This topic is locked
7 replies to this topic

#1 veritus

veritus

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 25 April 2008 - 01:33 PM

Hi Moderators,

Help needed - After starting the system, a few minutes later while browsing, web pages open automatically related to poker games, antispyware websites etc etc and sometime later, I get an error of Buffer Overrun etc and the Explorer closes.

I have tried Spybot and Adware 2007, but have been little help. I'm attaching the DSS Log below. Awaiting your replies.. Help please..

main.txt -

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-25 20:26:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:45 PM, on 25.Apr.08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\c4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\notes\ntmulti.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {1EF13F4F-E619-49C5-BD07-E7AEDFF102F7} - C:\WINDOWS\system32\urqOGWOG.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA} - C:\WINDOWS\system32\opnnommL.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [MyHelpService] C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpStart.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [defergui] c:/sdwork/defergui.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [8017f807] rundll32.exe "C:\WINDOWS\system32\yvjqpyfg.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BM8324cb9b] Rundll32.exe "C:\WINDOWS\system32\vdtgakjv.dll",s
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T26L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07FF049D-492C-4EBF-9473-93F1602DE3D0}: Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{07FF049D-492C-4EBF-9473-93F1602DE3D0}: NameServer = 9.184.192.240,9.182.181.77
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C219E8D-F1C6-400B-9E2A-3230E3481497}: Domain = in.ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com,in.ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{07FF049D-492C-4EBF-9473-93F1602DE3D0}: Domain = ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{07FF049D-492C-4EBF-9473-93F1602DE3D0}: NameServer = 9.184.192.240,9.182.181.77
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com,in.ibm.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: opnnommL - C:\WINDOWS\SYSTEM32\opnnommL.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\c4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 13835 bytes

-- Files created between 2008-03-25 and 2008-04-25 -----------------------------

2008-04-25 20:14:34 0 d-------- C:\WINDOWS\LastGood
2008-04-25 19:40:54 0 d-------- C:\Program Files\Trend Micro
2008-04-25 12:57:38 0 d-------- C:\Program Files\SpyZooka
2008-04-25 12:57:16 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-25 11:15:35 0 d-------- C:\Autoruns
2008-04-25 08:39:36 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-04-25 08:39:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-04-25 08:39:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\yahoo!
2008-04-25 07:26:54 100416 --a------ C:\WINDOWS\system32\dvbpvhxs.dll
2008-04-25 07:26:53 88640 --a------ C:\WINDOWS\system32\yvjqpyfg.dll
2008-04-25 07:24:03 96320 --a------ C:\WINDOWS\system32\vdtgakjv.dll
2008-04-25 07:21:52 96320 --a------ C:\WINDOWS\system32\pmddtmrm.dll
2008-04-24 21:09:39 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-04-24 15:42:03 0 d-------- C:\Program Files\Alwil Software
2008-04-24 15:35:24 6400 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-24 15:35:01 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-24 15:35:01 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-24 15:35:01 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-24 15:35:00 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-24 15:35:00 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-24 15:35:00 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-24 15:35:00 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-24 15:35:00 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-24 13:27:14 34816 --a------ C:\WINDOWS\system32\grsapx32.dll <Not Verified; Graphitti; Graphitti GRSAPX32>
2008-04-24 13:27:14 56832 --a------ C:\WINDOWS\system32\grfcxl32.dll <Not Verified; Graphitti; Graphitti GrFcxl32>
2008-04-24 13:27:07 3100672 --a------ C:\Program Files\Common Files\sapxlhelper.dll <Not Verified; SAP Technology,Inc; SAP Excel Helper ActiveXServer>
2008-04-24 13:27:06 192512 --a------ C:\Program Files\Common Files\sapconsr3.dll <Not Verified; SAP Tech Inc.; Consolidation ActiveX Server>
2008-04-24 13:27:05 626688 --a------ C:\Program Files\Common Files\sapconsaccess.dll <Not Verified; SAP AG; Active Excel>
2008-04-24 13:27:03 253952 --a------ C:\WINDOWS\system32\vrfc32.dll <Not Verified; SAP AG, Walldorf; VRFC32>
2008-04-24 13:27:03 368912 --a------ C:\WINDOWS\system32\Vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2008-04-24 13:27:03 415504 --a------ C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft« Access>
2008-04-24 13:26:09 835584 --a------ C:\WINDOWS\system32\icuuc34.dll <Not Verified; IBM Corporation and others; International Components for Unicode>
2008-04-24 13:26:09 733184 --a------ C:\WINDOWS\system32\icuin34.dll <Not Verified; IBM Corporation and others; International Components for Unicode>
2008-04-24 13:26:08 102400 --a------ C:\WINDOWS\system32\libsapu16vc80.dll <Not Verified; SAP AG; mySAP.com>
2008-04-24 13:26:08 4251648 --a------ C:\WINDOWS\system32\librfc32u.dll <Not Verified; SAP AG; SAP R/3>
2008-04-24 13:26:08 8847360 --a------ C:\WINDOWS\system32\icudt34.dll <Not Verified; IBM Corporation and others; International Components for Unicode>
2008-04-24 13:25:14 0 d-------- C:\Program Files\Common Files\ESRI
2008-04-24 13:25:12 1228800 --a------ C:\WINDOWS\system32\wdba.dll <Not Verified; SAP AG, Walldorf; SAP BW Business Explorer>
2008-04-24 13:23:48 51200 --a------ C:\WINDOWS\system32\h5tool32.dll
2008-04-24 13:23:48 95744 --a------ C:\WINDOWS\system32\h5rtf32.dll
2008-04-24 13:23:48 175616 --a------ C:\WINDOWS\system32\h5menu32.dll
2008-04-24 13:23:48 1064960 --a------ C:\WINDOWS\system32\h5krnl32.dll
2008-04-24 13:23:48 188928 --a------ C:\WINDOWS\system32\h5icon32.dll
2008-04-24 13:23:48 114688 --a------ C:\WINDOWS\system32\h5dlg32.dll <Not Verified; heilerSoftware; HighEdit Pro SDK 32bit>
2008-04-24 13:23:41 1650688 --a------ C:\WINDOWS\system32\SAPbtmp.dll <Not Verified; SAP AG, Walldorf; SAP Frontend for Windows>
2008-04-24 13:23:40 0 d-------- C:\Program Files\Common Files\SAP Shared
2008-04-24 13:01:25 0 d-------- C:\Program Files\SAP
2008-04-24 11:41:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-24 09:19:27 0 d-------- C:\Program Files\Lavasoft
2008-04-24 09:19:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-24 07:47:20 0 d-------- C:\Program Files\Enigma Software Group
2008-04-24 06:27:15 89152 --a------ C:\WINDOWS\system32\ivgdksis.dll
2008-04-24 06:24:15 93248 --a------ C:\WINDOWS\system32\tpserbfn.dll
2008-04-24 06:21:26 95808 --a------ C:\WINDOWS\system32\mbxdklme.dll
2008-04-23 17:00:02 0 d-------- C:\WINDOWS\pss
2008-04-23 16:11:19 216094 --ahs---- C:\WINDOWS\system32\GOWGOqru.ini2
2008-04-23 16:11:11 272384 --a------ C:\WINDOWS\system32\urqOGWOG.dll
2008-04-23 16:06:06 38400 --a------ C:\WINDOWS\system32\opnnommL.dll
2008-04-18 23:12:06 0 d-------- C:\Program Files\PowerISO
2008-04-12 20:49:38 0 d-------- C:\Documents and Settings\Administrator\dwhelper
2008-03-30 15:37:52 0 d-------- C:\Documents and Settings\Administrator\WebEx
2008-03-30 15:37:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\webex


-- Find3M Report ---------------------------------------------------------------

2008-04-25 20:12:49 0 d-------- C:\Program Files\Google
2008-04-25 19:57:08 0 d-------- C:\Program Files\C4ebreg
2008-04-25 19:55:47 40 --a------ C:\WINDOWS\system32\profile.dat
2008-04-25 19:53:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 19:45:39 0 d-------- C:\Program Files\AT&T Network Client
2008-04-25 12:57:16 0 d-------- C:\Program Files\Common Files
2008-04-25 12:44:57 0 d-------- C:\Program Files\WST
2008-04-24 14:33:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-24 13:23:28 0 d-------- C:\Program Files\sappc
2008-04-24 07:13:09 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-23 17:20:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-04-02 09:04:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-20 17:11:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-03-19 16:22:04 0 d-------- C:\Program Files\ATnotes
2008-03-18 13:46:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\scriptocean
2008-03-16 13:57:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\KompoZer
2008-03-14 14:29:56 0 d-------- C:\Program Files\Virtual Earth 3D
2008-03-07 17:10:34 0 d-------- C:\Program Files\IBM
2008-03-07 17:10:32 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-07 16:24:03 58592 --a------ C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-03-03 13:23:47 1158 --a------ C:\WINDOWS\mozver.dat
2008-02-20 20:13:07 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>
2008-02-19 11:49:40 15872 --a------ C:\WINDOWS\system32\vtssm32.dll
2008-02-19 11:49:23 3768320 --a------ C:\WINDOWS\system32\librfc32.dll <Not Verified; SAP AG; SAP R/3>
2008-02-19 11:45:55 1124864 --a------ C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
2008-02-19 11:45:55 1129984 --a------ C:\Program Files\Common Files\SAPActiveXL.xlt
2008-02-19 11:45:54 40960 --a------ C:\Program Files\Common Files\DigitalSignature.ocx <Not Verified; SAP-TECHNOLOGY; DigitalSignature>
2008-02-06 17:59:00 57344 --a------ C:\WINDOWS\isamunin.exe <Not Verified; IBM Corp.; >


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EF13F4F-E619-49C5-BD07-E7AEDFF102F7}]
23.Apr.08 04:11 PM 272384 --a------ C:\WINDOWS\system32\urqOGWOG.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}]
23.Apr.08 04:06 PM 38400 --a------ C:\WINDOWS\system32\opnnommL.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [04.Aug.04 07:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04.Aug.04 07:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04.Aug.04 07:00 AM]
"ISAMTray"="C:\Program Files\c4ebreg\isamtray.exe" [06.Feb.08 05:58 PM]
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [25.Feb.08 10:54 AM]
"stgclean"="c:\sdwork\w32main2.exe" [14.Apr.08 11:44 AM]
"Tpam.exe"="C:\Program Files\IBM\Personal Communications\tpam.exe" [06.Sep.05 11:07 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [16.Feb.07 02:42 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [16.Feb.07 02:41 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [16.Feb.07 02:41 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [16.Feb.07 02:40 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [16.Feb.07 02:40 PM]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [02.Oct.06 06:49 AM]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [19.Dec.06 09:44 PM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [19.Dec.06 09:44 PM]
"TpShocks"="TpShocks.exe" [07.Nov.05 01:14 PM C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [17.Oct.05 03:11 AM C:\WINDOWS\system32\TP4EX.exe]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [28.Oct.05 09:04 PM]
"MyHelpService"="C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpStart.exe" [13.Dec.05 08:05 PM]
"PSQLLauncher"="C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" [25.Apr.06 09:03 PM]
"C4EBReg"="C:\Program Files\c4ebreg\c4ebreg.exe" [06.Feb.08 05:58 PM]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [28.Nov.06 11:00 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20.May.05 05:41 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [06.May.05 11:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.Jul.07 12:30 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10.Oct.07 04:21 PM]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [10.Dec.06 07:36 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [19.Jul.06 03:56 PM]
"vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe" [27.Sep.06 05:03 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01.Jan.07 11:22 PM]
"defergui"="c:/sdwork/defergui.exe" [03.Mar.08 02:18 PM c:\sdwork\defergui.exe]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [15.Mar.08 01:50 AM]
"8017f807"="C:\WINDOWS\system32\yvjqpyfg.dll" [25.Apr.08 07:26 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04.Aug.04 07:00 AM]
"BM8324cb9b"="C:\WINDOWS\system32\vdtgakjv.dll" [25.Apr.08 07:24 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"="C:\Program Files\AT&T Network Client\NetSP.exe" [13.Jan.07 04:30 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.Aug.04 07:00 AM]
"ATnotes.exe"="C:\Program Files\ATnotes\ATnotes.exe" [05.Jan.05 04:45 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [07.Aug.07 2:34:32 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [28.Oct.07 5:13:43 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [05.May.07 6:48:07 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}"= C:\WINDOWS\system32\opnnommL.dll [23.Apr.08 04:06 PM 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 25.Dec.06 06:59 AM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok]
atmgrtok.dll 06.Sep.05 11:07 AM 53248 C:\Program Files\IBM\Personal Communications\atmgrtok.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnommL]
opnnommL.dll 23.Apr.08 04:06 PM 38400 C:\WINDOWS\system32\opnnommL.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
pcsinst.dll 06.Sep.05 08:43 PM 49152 C:\WINDOWS\system32\pcsinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 25.Apr.06 09:20 PM 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 05.Jul.05 08:15 PM 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 16.Feb.07 02:41 PM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqOGWOG
"Notification Packages"= scecli psqlpwd ACGina


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bed00d4-6110-11dc-be39-001a6b6afd91}]
AutoRun\command- .\Recycled\Driveinfo.exe
Open\Command- .\Recycled\Driveinfo.exe




-- End of Deckard's System Scanner: finished at 2008-04-25 20:27:25 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel« Core™ Duo CPU T2300 @ 1.66GHz
CPU 1: Intel« Core™ Duo CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1014.36 MiB / 487.36 MiB
Pagefile Memory (total/avail): 2440.97 MiB / 2014.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1936.43 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 21.93 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST980811AS - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
FirewallDisableNotify is set.

FW: Symantec Client Firewall v8.7.4.97 (Symantec Corporation)
AV: Symantec AntiVirus Corporate Edition v10.1.5.5000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\AT&T Network Client\\NetClient.exe"="C:\\Program Files\\AT&T Network Client\\NetClient.exe:*:Enabled:Network access client"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:YServer Module"
"C:\\Program Files\\IBM\\My Help\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\My Help\\jre\\bin\\javaw.exe:*:Enabled:Java launcher"
"C:\\Program Files\\IBM\\Sametime Connect\\jre\\bin\\sametime75.exe"="C:\\Program Files\\IBM\\Sametime Connect\\jre\\bin\\sametime75.exe:*:Enabled:Lotus Sametime Connect"
"C:\\Program Files\\sappc\\SAPgui\\saplogon.exe"="C:\\Program Files\\sappc\\SAPgui\\saplogon.exe:*:Enabled:SAP Logon for Windows"
"C:\\sdwork\\W32MAIN2.EXE"="C:\\sdwork\\W32MAIN2.EXE:*:Enabled:OSP Windows 32-bit ESD API"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\wamp\\Apache2\\bin\\httpd.exe"="C:\\wamp\\Apache2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\sdwork\\w32maing.exe"="C:\\sdwork\\w32maing.exe:*:Enabled:OSP Windows 32-bit ESD API"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ÁTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IBM-96E555E34E5
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\IBM-96E555E34E5
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\ThinkPad\Utilities;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\IBM\Infoprint Select;C:\Notes;C:\Program Files\XLView;C:\lotus\compnent;C:\Utilities;C:\Program Files\IBM\Personal Communications\;C:\Program Files\IBM\Trace Facility\;C:\Program Files\ThinkPad\ConnectUtilities;C:\WINDOWS\Downloaded Program Files
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCOMM_Root=C:\Program Files\IBM\Personal Communications\
PDBASE=C:\Program Files\IBM\Infoprint Select
PDHOST=
PD_SOCKET=6874
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
tvdebugflags=0x260
tvlogsessioncount=5000
USERDOMAIN=IBM-96E555E34E5
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -runfromtemp -l0x0009 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Windows XP Screen Saver --> rundll32.exe setupapi.dll,InstallHinfSection UninstallInstall 132 C:\WINDOWS\system32\3D Windows XP.inf
AAA Logo 1.2 --> "C:\Program Files\AAALOGO\unins000.exe"
Access IBM --> MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AFP Workbench for Windows --> MsiExec.exe /X{53A93780-6073-4207-A729-A99A30AFDE40}
AptiStock 1.12 --> "C:\Program Files\AptiStock\unins000.exe"
AT&T Network Client --> MsiExec.exe /I{2E21CBDA-1EDF-4C18-A561-DB53D683229F}
ATnotes Version 9.5 --> "C:\Program Files\ATnotes\unins000.exe"
AutoSL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2635BF5-3A28-4EF7-B428-0159CEF93901}\Setup.exe" -l0x9
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CutePDF Writer 2.6 --> C:\WINDOWS\system32\uninscpw.exe C:\Program Files\
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IBM 32-bit Runtime Environment for Java 2, v1.4.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1033
IBM Ayudame --> C:\WINDOWS\ai63f5.exe Patient
IBM Dynamic Content Delivery (DCDClient-ISSI) --> C:\Program Files\IBM\tivoli\dcd\client\ISSI\_uninst\uninstaller.exe
IBM Infoprint Select --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA36483F-5D79-4EFD-ACA7-161EE2474E17}\Setup.exe" -l0x9
IBM ISMA Peer-To-Peer --> rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 132 C:\WINDOWS\inf\p2pgui.inf
IBM Lotus Sametime Connect 7.5.1 --> MsiExec.exe /X{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91}
IBM Personal Communications --> MsiExec.exe /I{37C22E24-B794-4265-A38E-711BBF1C637A}
IBM Tivoli Storage Manager Client --> MsiExec.exe /I{7F87DF1C-6B8F-49F4-8EEF-7600128D99AE}
IBM_values_installer Screen Saver --> C:\WINDOWS\IBM_values_installer.scr /u
ILC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA96F3A1-F350-11D3-B354-002035C150E4}\setup.exe" -l0x9 -removeonly
InsertGeoMicroformat --> MsiExec.exe /I{2CBBA794-6004-4AEE-9F35-E149DC62BE63}
Intel« Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel« PRO Network Connections Drivers --> Prounstl.exe
Java 2 Runtime Environment, SE v1.4.2_14 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142140}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
KompoZer 0.77 --> "C:\Program Files\KompoZer\unins000.exe"
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Lotus Notes 7.0 --> MsiExec.exe /I{628789DC-75F8-4302-A268-27EF628E6906}
Lotus SmartSuite - English --> MsiExec.exe /I{536D6172-7453-7569-7465-392E38300409}
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English) --> MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Standard --> MsiExec.exe /X{90120409-6000-11D3-8CFE-0050048383C9}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft redistributable runtime DLLs VS2005 SP1(x86) --> MsiExec.exe /I{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}
Microsoft Report Viewer Redistributable 2005 --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Report Viewer Redistributable 2005\install.exe
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
My Help - Workstation Setup Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D968F83-A23F-40F7-937C-A3B5A0C44048}\setup.exe" -l0x9 -removeonly
My Help (IBM Corp.) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFF415AC-3883-4338-9365-DDCB74A0CFBA}\setup.exe" -l0x9 -removeonly
Nokia Connectivity Cable Driver --> MsiExec.exe /X{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7}
Nokia PC Connectivity Solution --> MsiExec.exe /I{588AA47B-9115-44D3-B2E5-4F10BC659D6C}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sametime Client v3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Lotus\Sametime Client\STCUnins.isu"
SAP Business Explorer --> "C:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /product="SAPBI" /uninstall
SAP GUI 7.10 --> "C:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /product="SAPGUI710" /uninstall
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SmartDraw 2007 --> C:\PROGRA~1\SMARTD~1\UNWISE.EXE C:\PROGRA~1\SMARTD~1\install.log
Snapshot Viewer --> C:\Program Files\Snapshot Viewer\Setup\Setup.exe /T snap90.stf
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Client Security --> MsiExec.exe /I{0698CECB-9072-47B1-AEA1-94CA350989B8}
System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad Bluetooth with Enhanced Data Rate Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
ThinkPad Configuration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\setup.exe" -l0x9 -AddRemove
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\setup.exe" -l0x9 anything
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\HXFSETUP.EXE -U -ITkp0588k.inf
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" -l0x9 UNINSTALL
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\setup.dll" -l0x9 UNINSTALLFROMSYS
ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.exe" -l0x9 anything
ThinkVantage Active Protection System --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\setup.exe" -l0x9 anything
TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\setup.exe"
ViewWorks --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Round Lake\ViewWorks\DeIsL1.isu" -c"C:\Program Files\Round Lake\ViewWorks\_ISREG32.DLL"
Virtual Earth 3D (Beta) --> MsiExec.exe /I{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}
Vista Ultimate Sounds For XP --> MsiExec.exe /I{1639B816-D900-481F-9C6A-DEB17F82333F}
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
WAMP5 1.7.0 --> c:\wamp\unins000.exe
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Western Australian Time Zone Update --> MsiExec.exe /X{902929E5-77E8-444E-B760-1B54FDBCEC0C}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /I{8C52F553-E555-4EF6-88E0-215CF70164D9}
Windows Live Writer --> MsiExec.exe /X{72007B92-8D31-4A9D-8FB0-D5F820DE7CE5}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Workstation Security Tool 2.2 --> "C:\Program Files\wst\unins000.exe"
World Community Grid Agent --> MsiExec.exe /X{3CEA3FEC-1AF5-4818-89D5-406F627E7337}
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type14814 / Error
Event Submitted/Written: 04/25/2008 07:57:19 PM
Event ID/Source: 5003 / TrueVector Service
Event Description:
TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: The system cannot find the file specified.

Event Record #/Type14793 / Error
Event Submitted/Written: 04/25/2008 01:21:58 PM
Event ID/Source: 5003 / TrueVector Service
Event Description:
TrueVector driver: Driver install or load failure: LoadNTDeviceDriver. Win32 error: The system cannot find the file specified.

Event Record #/Type14776 / Warning
Event Submitted/Written: 04/25/2008 00:29:30 PM
Event ID/Source: 6 / crypt32
Event Description:
Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes

Event Record #/Type14775 / Error
Event Submitted/Written: 04/25/2008 00:29:30 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type14774 / Error
Event Submitted/Written: 04/25/2008 00:29:30 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type43514 / Error
Event Submitted/Written: 04/25/2008 07:57:44 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type43513 / Error
Event Submitted/Written: 04/25/2008 07:57:44 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type43505 / Error
Event Submitted/Written: 04/25/2008 07:57:42 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error:
%%1058

Event Record #/Type43497 / Error
Event Submitted/Written: 04/25/2008 07:54:49 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Event Record #/Type43491 / Error
Event Submitted/Written: 04/25/2008 07:45:16 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}



-- End of Deckard's System Scanner: finished at 2008-04-25 20:26:10 ------------


Hoping to get your replies soon.. Thanks

Edited by veritus, 25 April 2008 - 01:39 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:34 PM

Posted 26 April 2008 - 02:41 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 veritus

veritus
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 28 April 2008 - 08:31 AM

Thanks a lot Sam,

ComboFix Log below: (my system looks a lot better, but just in case there's anything else)

ComboFix 08-04-24.1 - Administrator 2008-04-28 11:17:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.375 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dvbpvhxs.dll
C:\WINDOWS\system32\gfypqjvy.ini
C:\WINDOWS\system32\GOWGOqru.ini
C:\WINDOWS\system32\GOWGOqru.ini2
C:\WINDOWS\system32\hvexaqjy.dll
C:\WINDOWS\system32\ivgdksis.dll
C:\WINDOWS\system32\mbxdklme.dll
C:\WINDOWS\system32\opnnommL.dll
C:\WINDOWS\system32\pmddtmrm.dll
C:\WINDOWS\system32\qjgpklam.dll
C:\WINDOWS\system32\siskdgvi.ini
C:\WINDOWS\system32\tpserbfn.dll
C:\WINDOWS\system32\tvdonlmb.dll
C:\WINDOWS\system32\urqOGWOG.dll
C:\WINDOWS\system32\vdtgakjv.dll
C:\WINDOWS\system32\yjqaxevh.ini
C:\WINDOWS\system32\yvjqpyfg.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-04-26 06:37 . 2008-04-26 06:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-26 06:37 . 2008-04-26 06:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-25 20:22 . 2008-04-25 20:22 <DIR> d-------- C:\Deckard
2008-04-25 19:40 . 2008-04-25 19:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-25 12:57 . 2008-04-25 13:11 <DIR> d-------- C:\Program Files\SpyZooka
2008-04-25 12:57 . 2008-04-25 12:57 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-25 11:15 . 2008-04-25 11:23 <DIR> d-------- C:\Autoruns
2008-04-25 08:39 . 2008-04-25 08:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\yahoo!
2008-04-24 15:42 . 2008-04-24 15:42 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-24 15:35 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-24 15:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-24 15:35 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-24 15:35 . 2008-04-23 22:14 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-24 15:35 . 2008-04-23 22:14 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-04-24 15:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-24 15:35 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-24 15:35 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-24 15:35 . 2008-04-24 17:48 6,400 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-24 13:27 . 2008-02-19 11:45 3,100,672 --a------ C:\Program Files\Common Files\sapxlhelper.dll
2008-04-24 13:27 . 2008-02-19 11:45 626,688 --a------ C:\Program Files\Common Files\sapconsaccess.dll
2008-04-24 13:27 . 2008-02-19 11:45 415,504 --a------ C:\WINDOWS\system32\msrepl35.dll
2008-04-24 13:27 . 2008-02-19 11:45 368,912 --a------ C:\WINDOWS\system32\Vbar332.dll
2008-04-24 13:27 . 2008-02-19 11:45 253,952 --a------ C:\WINDOWS\system32\vrfc32.dll
2008-04-24 13:27 . 2008-02-19 11:45 192,512 --a------ C:\Program Files\Common Files\sapconsr3.dll
2008-04-24 13:27 . 2008-02-19 11:45 89,360 --a------ C:\WINDOWS\system32\Vb5db.dll
2008-04-24 13:27 . 2008-02-19 11:46 56,832 --a------ C:\WINDOWS\system32\grfcxl32.dll
2008-04-24 13:27 . 2008-02-19 11:46 34,816 --a------ C:\WINDOWS\system32\grsapx32.dll
2008-04-24 13:26 . 2008-02-19 11:49 8,847,360 --a------ C:\WINDOWS\system32\icudt34.dll
2008-04-24 13:26 . 2008-02-19 11:49 4,251,648 --a------ C:\WINDOWS\system32\librfc32u.dll
2008-04-24 13:26 . 2008-02-19 11:49 835,584 --a------ C:\WINDOWS\system32\icuuc34.dll
2008-04-24 13:26 . 2008-02-19 11:49 733,184 --a------ C:\WINDOWS\system32\icuin34.dll
2008-04-24 13:26 . 2008-02-19 11:49 102,400 --a------ C:\WINDOWS\system32\libsapu16vc80.dll
2008-04-24 13:26 . 2008-02-19 11:49 68,640 --a------ C:\WINDOWS\system32\Gauge32.OCX
2008-04-24 13:25 . 2008-04-24 13:25 <DIR> d-------- C:\Program Files\Common Files\ESRI
2008-04-24 13:25 . 2008-02-19 11:43 1,228,800 --a------ C:\WINDOWS\system32\wdba.dll
2008-04-24 13:24 . 2008-02-19 11:46 483,328 --a------ C:\WINDOWS\system32\sapfcpl.cpl
2008-04-24 13:23 . 2008-04-24 13:24 <DIR> d-------- C:\Program Files\Common Files\SAP Shared
2008-04-24 13:23 . 2008-02-19 11:49 1,650,688 --a------ C:\WINDOWS\system32\SAPbtmp.dll
2008-04-24 13:23 . 2008-02-19 11:45 1,064,960 --a------ C:\WINDOWS\system32\h5krnl32.dll
2008-04-24 13:23 . 2008-02-19 11:45 188,928 --a------ C:\WINDOWS\system32\h5icon32.dll
2008-04-24 13:23 . 2008-02-19 11:45 175,616 --a------ C:\WINDOWS\system32\h5menu32.dll
2008-04-24 13:23 . 2008-02-19 11:45 114,688 --a------ C:\WINDOWS\system32\h5dlg32.dll
2008-04-24 13:23 . 2008-02-19 11:45 95,744 --a------ C:\WINDOWS\system32\h5rtf32.dll
2008-04-24 13:23 . 2008-02-19 11:45 51,200 --a------ C:\WINDOWS\system32\h5tool32.dll
2008-04-24 13:01 . 2008-04-24 13:25 <DIR> d-------- C:\Program Files\SAP
2008-04-24 11:41 . 2008-04-24 11:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-24 09:19 . 2008-04-24 09:19 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-24 09:19 . 2008-04-25 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-24 07:47 . 2008-04-24 07:47 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-24 06:39 . 2004-08-04 07:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-24 06:22 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-24 06:22 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-24 06:22 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-24 06:22 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-24 06:21 . 2008-04-25 12:49 109,765 --a------ C:\WINDOWS\BM8324cb9b.xml
2008-04-18 23:12 . 2008-04-24 12:43 <DIR> d-------- C:\Program Files\PowerISO
2008-04-12 20:49 . 2008-04-12 20:49 <DIR> d-------- C:\Documents and Settings\Administrator\dwhelper
2008-03-30 15:37 . 2008-03-30 15:37 <DIR> d-------- C:\Documents and Settings\Administrator\WebEx
2008-03-30 15:37 . 2008-04-06 12:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\webex

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 09:24 --------- d-----w C:\Program Files\C4ebreg
2008-04-25 18:12 --------- d-----w C:\Program Files\Google
2008-04-25 17:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 17:45 --------- d-----w C:\Program Files\AT&T Network Client
2008-04-25 10:44 --------- d-----w C:\Program Files\WST
2008-04-24 12:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-24 11:23 --------- d-----w C:\Program Files\sappc
2008-04-24 05:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-02 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 15:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-03-19 14:22 --------- d-----w C:\Program Files\ATnotes
2008-03-18 11:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\scriptocean
2008-03-16 11:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\KompoZer
2008-03-14 12:29 --------- d-----w C:\Program Files\Virtual Earth 3D
2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-03-08 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-07 15:10 --------- d-----w C:\Program Files\IBM
2008-03-07 15:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-07 14:24 58,592 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-02-20 18:13 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2008-02-19 09:45 40,960 ----a-w C:\Program Files\Common Files\DigitalSignature.ocx
2008-02-19 09:45 1,129,984 ----a-w C:\Program Files\Common Files\SAPActiveXL.xlt
2008-02-19 09:45 1,124,864 ----a-w C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
2008-02-06 15:59 57,344 ----a-w C:\WINDOWS\isamunin.exe
2007-09-17 11:26 13 ---h--w C:\Documents and Settings\All Users\Application Data\1╠ě13.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 3,350 2008-04-28 08:41:09 C:\Program Files\IBM\tivoli\dcd\client\ISSI\bak\cds\ISXuninst1.bat.bak

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"="C:\Program Files\AT&T Network Client\NetSP.exe" [2007-01-13 04:30 24576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"ATnotes.exe"="C:\Program Files\ATnotes\ATnotes.exe" [2005-01-05 16:45 1015808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00 455168]
"ISAMTray"="C:\Program Files\c4ebreg\isamtray.exe" [2008-02-06 17:58 249856]
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [2008-02-25 10:54 211456]
"stgclean"="c:\sdwork\w32main2.exe" [2008-04-14 11:44 272896]
"Tpam.exe"="C:\Program Files\IBM\Personal Communications\tpam.exe" [2005-09-06 11:07 28672]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-02-16 14:42 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-02-16 14:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-16 14:41 118784]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-02-16 14:40 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-16 14:40 512000]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 06:49 94208]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-19 21:44 159744]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-19 21:44 208896]
"TpShocks"="TpShocks.exe" [2005-11-07 13:14 106496 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 03:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 21:04 864256]
"MyHelpService"="C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpStart.exe" [2005-12-13 20:05 151637]
"PSQLLauncher"="C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" [2006-04-25 21:03 31232]
"C4EBReg"="C:\Program Files\c4ebreg\c4ebreg.exe" [2008-02-06 17:58 372736]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-28 23:00 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 05:41 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 11:36 716800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 00:30 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 16:21 39792]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 19:36 536576]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 15:56 52896]
"vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 17:03 125168]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 23:22 3739648]
"defergui"="c:/sdwork/defergui.exe" [2008-03-03 14:18 138752 c:\sdwork\defergui.exe]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 07:00 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-08-07 14:34:32 45056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-10-28 17:13:43 1537064]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-05-05 06:48:07 45056]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2006-12-25 06:59 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok]
atmgrtok.dll 2005-09-06 11:07 53248 C:\Program Files\IBM\Personal Communications\atmgrtok.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
pcsinst.dll 2005-09-06 20:43 49152 C:\WINDOWS\system32\pcsinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-04-25 21:20 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 20:15 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2007-02-16 14:41 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"IBMconfig"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\AT&T Network Client\\NetClient.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\IBM\\My Help\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\IBM\\Sametime Connect\\jre\\bin\\sametime75.exe"=
"C:\\sdwork\\W32MAIN2.EXE"=
"C:\\wamp\\Apache2\\bin\\httpd.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\sdwork\\w32maing.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"500:UDP"= 500:UDP:500
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-11-30 17:58]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 05:57]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-12 21:03]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 14:18]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-12-19 21:44]
R2 AppnApi;AppnApi;C:\WINDOWS\system32\drivers\appnapi.sys [2005-09-06 11:07]
R2 DCDClient-ISSI;IBM DCD Standard Client (DCDClient-ISSI);C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe [2007-12-13 01:46]
R2 IBM_LLC2;IBM Personal Communications LLC2 Driver;C:\WINDOWS\system32\DRIVERS\llc2.sys [2005-09-06 11:07]
R2 ISAMSvc;IBM Standard Asset Manager Service;"C:\Program Files\c4ebreg\c4ebreg.exe" [2008-02-06 17:58]
R2 NsTrcNT;NsTrcNT;C:\WINDOWS\system32\drivers\nstrcnt.sys [2005-09-06 11:07]
R2 pdlnctdl;Twinax CUT Adapter;C:\WINDOWS\system32\drivers\pdlnctdl.sys [2005-09-06 11:07]
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);C:\WINDOWS\system32\drivers\pdlndldl.sys [2005-09-06 11:07]
R2 smihlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-25 21:00]
R3 agnfilt;AGN Filter Interface;C:\WINDOWS\system32\DRIVERS\agnfilt.sys [2006-05-19 06:16]
R3 Anydlc;Anydlc;C:\WINDOWS\system32\drivers\anydlc.sys [2005-09-06 11:07]
R3 Appn;Appn;C:\WINDOWS\system32\drivers\appn.sys [2005-09-06 11:07]
R3 AppnBase;AppnBase;C:\WINDOWS\system32\drivers\AppnBase.sys [2005-09-06 11:07]
R3 KLOGNT;KLOGNT;C:\WINDOWS\system32\drivers\klognt.sys [2005-09-06 11:07]
R3 pdlnacom;PDLC Adapter -- COM;C:\WINDOWS\system32\drivers\pdlnacom.sys [2005-09-06 11:07]
R3 pdlnafac;PDLC Adapter Factory;C:\WINDOWS\system32\drivers\pdlnafac.sys [2005-09-06 11:07]
R3 pdlnatcm;Twinax Adapter Common;C:\WINDOWS\system32\drivers\pdlnatcm.sys [2005-09-06 11:07]
R3 pdlnatdl;Twinax Adapter;C:\WINDOWS\system32\drivers\pdlnatdl.sys [2005-09-06 11:07]
R3 pdlncbas;PDLC CxM Classes;C:\WINDOWS\system32\drivers\pdlncbas.sys [2005-09-06 11:07]
R3 pdlncfwk;PDLC Connection Manager;C:\WINDOWS\system32\drivers\pdlncfwk.sys [2005-09-06 11:07]
R3 pdlndint;PDLC DLC Classes;C:\WINDOWS\system32\drivers\pdlndint.sys [2005-09-06 11:07]
R3 pdlndlpb;PDLC LAPB;C:\WINDOWS\system32\drivers\pdlndlpb.sys [2005-09-06 11:07]
R3 pdlndoem;PDLC OEM Interface;C:\WINDOWS\system32\drivers\pdlndoem.sys [2005-09-06 11:07]
R3 pdlndqll;PDLC QLLC;C:\WINDOWS\system32\drivers\pdlndqll.sys [2005-09-06 11:07]
R3 pdlndsdl;PDLC SDLC;C:\WINDOWS\system32\drivers\pdlndsdl.sys [2005-09-06 11:07]
R3 pdlndtdl;Twinax DLC;C:\WINDOWS\system32\drivers\pdlndtdl.sys [2005-09-06 11:07]
R3 pdlnebas;PDLC Environment;C:\WINDOWS\system32\drivers\pdlnebas.sys [2005-09-06 11:07]
R3 pdlnecfg;PDLC Configuration;C:\WINDOWS\system32\drivers\pdlnecfg.sys [2005-09-06 11:07]
R3 pdlnemap;PDLC Mapper;C:\WINDOWS\system32\drivers\pdlnemap.sys [2005-09-06 11:07]
R3 pdlnemsg;PDLC Message Driver;C:\WINDOWS\system32\drivers\pdlnemsg.sys [2005-09-06 11:07]
R3 pdlnepkt;PDLC Buffer Manager;C:\WINDOWS\system32\drivers\pdlnepkt.sys [2005-09-06 11:07]
R3 pdlnshay;PDLC Hayes At signalling;C:\WINDOWS\system32\drivers\pdlnshay.sys [2005-09-06 11:07]
R3 pdlnslea;PDLC SDLC Leased;C:\WINDOWS\system32\drivers\pdlnslea.sys [2005-09-06 11:07]
R3 pdlnsv25;PDLC V25bis signalling;C:\WINDOWS\system32\drivers\pdlnsv25.sys [2005-09-06 11:07]
R3 pdlnsx25;PDLC X.25;C:\WINDOWS\system32\drivers\pdlnsx25.sys [2005-09-06 11:07]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 03:30]
S2 MyHelp;My Help;C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe [2005-12-13 20:05]
S3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 09:18]
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2006-10-22 05:30]
S4 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2004-04-29 13:49]
S4 vtigercrm503;vtigercrm503;"C:\Program Files\vtigercrm5\apache\bin\Apache.exe" -k runservice []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-25 17:44:37 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 12:16:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
-> C:\WINDOWS\system32\tphklock.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\PROGRA~1\ThinkPad\UTILIT~1\US\PWRMGRRT.DLL
-> C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRIF.DLL
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\notes\ntmulti.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\drivers\ldlcserv.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
C:\Program Files\IBM\My Help\MyHelp.exe
C:\Program Files\IBM\My Help\jre\bin\javaw.exe
C:\Program Files\Webshots\Webshots.scr
.
**************************************************************************
.
Completion time: 2008-04-28 12:23:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-28 10:23:17

Pre-Run: 23,920,279,552 bytes free
Post-Run: 23,879,700,480 bytes free

329 --- E O F --- 2008-04-25 05:22:33

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:34 PM

Posted 28 April 2008 - 08:41 AM

That helped us out quite a bit.


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Please post a new log from combofix also.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 veritus

veritus
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 01 May 2008 - 07:02 AM

Thanks Sam,

Haven't seen many problems since last scan except for the odd Vundo Trojans.. Logs below..

Log for SuperAntiSypware..

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/01/2008 at 05:10 PM

Application Version : 4.0.1154

Core Rules Database Version : 3451
Trace Rules Database Version: 1443

Scan type : Complete Scan
Total Scan Time : 00:48:35

Memory items scanned : 650
Memory threats detected : 0
Registry items scanned : 7232
Registry threats detected : 0
File items scanned : 36452
File threats detected : 81

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@new-pcp[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.ural-banners.bb[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-kasperskylab.hitbox[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pacificpoker[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.clickxchange[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.weak[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@secure.systemerrorfixer[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sale.antispywaresuite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yadro[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pro-market[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad3.bannerbank[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rediffcom.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@antispywaresuite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@richmedia.yahoo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kontera[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bannerbank[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@systemerrorfixer[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad2.bannerbank[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sitestats.ets[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cnetasiapacific.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@winanonymous[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.admedia365[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@antispywaremaster[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.techguy[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adnetserver[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@directtrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@digg.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-ittoolbox.hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pacificpoker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partygaming.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partygaming.122.2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-kasperskylab.hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.dealtime[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cassava[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@shopping.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partypoker[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partypoker[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.techguy[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.techguy[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@anad.tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@accounts[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@linksynergy[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt

Adware.Vundo-Variant/H
C:\SYSTEM VOLUME INFORMATION\_RESTORE{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP305\A0066807.DLL

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP305\A0066810.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{01E266C2-86F5-40B2-9145-B4252FFF29C3}\RP305\A0066813.DLL


----------------------------------------------------------------------------------------------------------------------------------------
Log from ComboFix..

ComboFix 08-04-24.1 - Administrator 2008-05-01 17:23:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.433 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator\My Documents\Installs\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-05-01 16:17 . 2008-05-01 16:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-01 16:17 . 2008-05-01 16:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-26 10:07 . 2008-04-26 10:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-26 10:07 . 2008-04-26 10:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-25 23:52 . 2008-04-25 23:52 <DIR> d-------- C:\Deckard
2008-04-25 23:10 . 2008-04-25 23:10 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-25 16:27 . 2008-04-25 16:41 <DIR> d-------- C:\Program Files\SpyZooka
2008-04-25 16:27 . 2008-04-25 16:27 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-25 12:09 . 2008-04-25 12:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\yahoo!
2008-04-24 19:12 . 2008-04-24 19:12 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-24 19:05 . 2007-09-06 03:52 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-24 19:05 . 2006-04-27 21:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-24 19:05 . 2008-04-24 11:40 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-24 19:05 . 2008-04-24 01:44 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-24 19:05 . 2008-04-24 01:44 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-04-24 19:05 . 2003-06-06 00:43 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-24 19:05 . 2004-07-31 22:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-24 19:05 . 2007-10-04 04:06 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-24 19:05 . 2008-04-24 21:18 6,400 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-24 16:57 . 2008-02-19 15:15 3,100,672 --a------ C:\Program Files\Common Files\sapxlhelper.dll
2008-04-24 16:57 . 2008-02-19 15:15 626,688 --a------ C:\Program Files\Common Files\sapconsaccess.dll
2008-04-24 16:57 . 2008-02-19 15:15 415,504 --a------ C:\WINDOWS\system32\msrepl35.dll
2008-04-24 16:57 . 2008-02-19 15:15 368,912 --a------ C:\WINDOWS\system32\Vbar332.dll
2008-04-24 16:57 . 2008-02-19 15:15 253,952 --a------ C:\WINDOWS\system32\vrfc32.dll
2008-04-24 16:57 . 2008-02-19 15:15 192,512 --a------ C:\Program Files\Common Files\sapconsr3.dll
2008-04-24 16:57 . 2008-02-19 15:15 89,360 --a------ C:\WINDOWS\system32\Vb5db.dll
2008-04-24 16:57 . 2008-02-19 15:16 56,832 --a------ C:\WINDOWS\system32\grfcxl32.dll
2008-04-24 16:57 . 2008-02-19 15:16 34,816 --a------ C:\WINDOWS\system32\grsapx32.dll
2008-04-24 16:56 . 2008-02-19 15:19 8,847,360 --a------ C:\WINDOWS\system32\icudt34.dll
2008-04-24 16:56 . 2008-02-19 15:19 4,251,648 --a------ C:\WINDOWS\system32\librfc32u.dll
2008-04-24 16:56 . 2008-02-19 15:19 835,584 --a------ C:\WINDOWS\system32\icuuc34.dll
2008-04-24 16:56 . 2008-02-19 15:19 733,184 --a------ C:\WINDOWS\system32\icuin34.dll
2008-04-24 16:56 . 2008-02-19 15:19 102,400 --a------ C:\WINDOWS\system32\libsapu16vc80.dll
2008-04-24 16:56 . 2008-02-19 15:19 68,640 --a------ C:\WINDOWS\system32\Gauge32.OCX
2008-04-24 16:55 . 2008-04-24 16:55 <DIR> d-------- C:\Program Files\Common Files\ESRI
2008-04-24 16:55 . 2008-02-19 15:13 1,228,800 --a------ C:\WINDOWS\system32\wdba.dll
2008-04-24 16:54 . 2008-02-19 15:16 483,328 --a------ C:\WINDOWS\system32\sapfcpl.cpl
2008-04-24 16:53 . 2008-04-24 16:54 <DIR> d-------- C:\Program Files\Common Files\SAP Shared
2008-04-24 16:53 . 2008-02-19 15:19 1,650,688 --a------ C:\WINDOWS\system32\SAPbtmp.dll
2008-04-24 16:53 . 2008-02-19 15:15 1,064,960 --a------ C:\WINDOWS\system32\h5krnl32.dll
2008-04-24 16:53 . 2008-02-19 15:15 188,928 --a------ C:\WINDOWS\system32\h5icon32.dll
2008-04-24 16:53 . 2008-02-19 15:15 175,616 --a------ C:\WINDOWS\system32\h5menu32.dll
2008-04-24 16:53 . 2008-02-19 15:15 114,688 --a------ C:\WINDOWS\system32\h5dlg32.dll
2008-04-24 16:53 . 2008-02-19 15:15 95,744 --a------ C:\WINDOWS\system32\h5rtf32.dll
2008-04-24 16:53 . 2008-02-19 15:15 51,200 --a------ C:\WINDOWS\system32\h5tool32.dll
2008-04-24 16:31 . 2008-04-24 16:55 <DIR> d-------- C:\Program Files\SAP
2008-04-24 15:11 . 2008-04-24 15:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-24 12:49 . 2008-04-24 12:49 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-24 12:49 . 2008-04-25 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-24 11:17 . 2008-04-24 11:17 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-24 10:09 . 2004-08-04 10:30 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-24 09:52 . 2007-07-30 22:48 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-24 09:52 . 2007-07-30 22:49 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-24 09:52 . 2007-07-30 22:49 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-24 09:52 . 2007-07-30 22:48 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-24 09:51 . 2008-04-25 16:19 109,765 --a------ C:\WINDOWS\BM8324cb9b.xml
2008-04-19 02:42 . 2008-04-24 16:13 <DIR> d-------- C:\Program Files\PowerISO
2008-04-13 00:19 . 2008-04-13 00:19 <DIR> d-------- C:\Documents and Settings\Administrator\dwhelper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-01 11:47 --------- d-----w C:\Program Files\C4ebreg
2008-05-01 10:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-01 10:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-01 10:33 --------- d-----w C:\Program Files\WST
2008-05-01 07:51 --------- d-----w C:\Program Files\AT&T Network Client
2008-04-25 18:12 --------- d-----w C:\Program Files\Google
2008-04-24 11:23 --------- d-----w C:\Program Files\sappc
2008-04-24 05:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-06 10:06 --------- d-----w C:\Documents and Settings\Administrator\Application Data\webex
2008-04-02 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 15:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-03-19 14:22 --------- d-----w C:\Program Files\ATnotes
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 11:46 --------- d-----w C:\Documents and Settings\Administrator\Application Data\scriptocean
2008-03-16 11:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\KompoZer
2008-03-14 12:29 --------- d-----w C:\Program Files\Virtual Earth 3D
2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-03-08 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-07 15:10 --------- d-----w C:\Program Files\IBM
2008-03-07 15:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-07 14:24 58,592 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-02-20 18:13 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 09:49 3,768,320 ----a-w C:\WINDOWS\system32\librfc32.dll
2008-02-19 09:49 15,872 ----a-w C:\WINDOWS\system32\vtssm32.dll
2008-02-19 09:45 40,960 ----a-w C:\Program Files\Common Files\DigitalSignature.ocx
2008-02-19 09:45 1,129,984 ----a-w C:\Program Files\Common Files\SAPActiveXL.xlt
2008-02-19 09:45 1,124,864 ----a-w C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-06 15:59 57,344 ----a-w C:\WINDOWS\isamunin.exe
2008-02-04 17:23 693,792 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2007-09-17 11:26 13 ---h--w C:\Documents and Settings\All Users\Application Data\1╠ě13.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-28_12.22.57.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-28 09:24:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-01 11:47:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 14:32:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-05-01 10:47:38 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-05-01 10:47:38 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 02:30:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 02:30:00 161,792 ----a-w C:\WINDOWS\swreg.exe
- 2008-04-24 04:44:05 61,698 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-29 06:31:29 61,698 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-24 04:44:05 400,610 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-29 06:31:29 400,610 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-01 11:48:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_544.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 3,350 2008-04-30 12:17:24 C:\Program Files\IBM\tivoli\dcd\client\ISSI\bak\cds\ISXuninst1.bat.bak

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"="C:\Program Files\AT&T Network Client\NetSP.exe" [2007-01-13 08:00 24576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:30 15360]
"ATnotes.exe"="C:\Program Files\ATnotes\ATnotes.exe" [2005-01-05 20:15 1015808]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 10:30 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 10:30 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 10:30 455168]
"ISAMTray"="C:\Program Files\c4ebreg\isamtray.exe" [2008-02-06 21:28 249856]
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [2008-02-25 14:24 211456]
"stgclean"="c:\sdwork\w32main2.exe" [2008-04-14 15:14 272896]
"Tpam.exe"="C:\Program Files\IBM\Personal Communications\tpam.exe" [2005-09-06 14:37 28672]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-02-16 18:12 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-02-16 18:11 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-16 18:11 118784]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-02-16 18:10 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-16 18:10 512000]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 10:19 94208]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-20 01:14 159744]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-20 01:14 208896]
"TpShocks"="TpShocks.exe" [2005-11-07 16:44 106496 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 06:41 65536 C:\WINDOWS\system32\TP4EX.exe]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 00:34 864256]
"MyHelpService"="C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpStart.exe" [2005-12-13 23:35 151637]
"PSQLLauncher"="C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" [2006-04-26 00:33 31232]
"C4EBReg"="C:\Program Files\c4ebreg\c4ebreg.exe" [2008-02-06 21:28 372736]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-29 02:30 243248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06 716800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 23:06 536576]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 20:33 125168]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"defergui"="c:/sdwork/defergui.exe" [2008-03-03 10:18 138752 c:\sdwork\defergui.exe]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 05:20 233472]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 10:30 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-24 02:48 443968]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-08-07 18:04:32 45056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-10-28 20:43:43 1537064]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-05-05 10:18:07 45056]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2006-12-25 10:29 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok]
atmgrtok.dll 2005-09-06 14:37 53248 C:\Program Files\IBM\Personal Communications\atmgrtok.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
pcsinst.dll 2005-09-07 00:13 49152 C:\WINDOWS\system32\pcsinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-04-26 00:50 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2007-02-16 18:11 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"IBMconfig"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\AT&T Network Client\\NetClient.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\IBM\\My Help\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\IBM\\Sametime Connect\\jre\\bin\\sametime75.exe"=
"C:\\sdwork\\W32MAIN2.EXE"=
"C:\\wamp\\Apache2\\bin\\httpd.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\sdwork\\w32maing.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"500:UDP"= 500:UDP:500
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-11-30 21:28]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 17:48]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-12-20 01:14]
R2 AppnApi;AppnApi;C:\WINDOWS\system32\drivers\appnapi.sys [2005-09-06 14:37]
R2 DCDClient-ISSI;IBM DCD Standard Client (DCDClient-ISSI);C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe [2007-12-13 05:16]
R2 IBM_LLC2;IBM Personal Communications LLC2 Driver;C:\WINDOWS\system32\DRIVERS\llc2.sys [2005-09-06 14:37]
R2 ISAMSvc;IBM Standard Asset Manager Service;"C:\Program Files\c4ebreg\c4ebreg.exe" [2008-02-06 21:28]
R2 NsTrcNT;NsTrcNT;C:\WINDOWS\system32\drivers\nstrcnt.sys [2005-09-06 14:37]
R2 pdlnctdl;Twinax CUT Adapter;C:\WINDOWS\system32\drivers\pdlnctdl.sys [2005-09-06 14:37]
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);C:\WINDOWS\system32\drivers\pdlndldl.sys [2005-09-06 14:37]
R2 smihlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-26 00:30]
R3 agnfilt;AGN Filter Interface;C:\WINDOWS\system32\DRIVERS\agnfilt.sys [2006-05-19 09:46]
R3 Anydlc;Anydlc;C:\WINDOWS\system32\drivers\anydlc.sys [2005-09-06 14:37]
R3 Appn;Appn;C:\WINDOWS\system32\drivers\appn.sys [2005-09-06 14:37]
R3 AppnBase;AppnBase;C:\WINDOWS\system32\drivers\AppnBase.sys [2005-09-06 14:37]
R3 KLOGNT;KLOGNT;C:\WINDOWS\system32\drivers\klognt.sys [2005-09-06 14:37]
R3 pdlnacom;PDLC Adapter -- COM;C:\WINDOWS\system32\drivers\pdlnacom.sys [2005-09-06 14:37]
R3 pdlnafac;PDLC Adapter Factory;C:\WINDOWS\system32\drivers\pdlnafac.sys [2005-09-06 14:37]
R3 pdlnatcm;Twinax Adapter Common;C:\WINDOWS\system32\drivers\pdlnatcm.sys [2005-09-06 14:37]
R3 pdlnatdl;Twinax Adapter;C:\WINDOWS\system32\drivers\pdlnatdl.sys [2005-09-06 14:37]
R3 pdlncbas;PDLC CxM Classes;C:\WINDOWS\system32\drivers\pdlncbas.sys [2005-09-06 14:37]
R3 pdlncfwk;PDLC Connection Manager;C:\WINDOWS\system32\drivers\pdlncfwk.sys [2005-09-06 14:37]
R3 pdlndint;PDLC DLC Classes;C:\WINDOWS\system32\drivers\pdlndint.sys [2005-09-06 14:37]
R3 pdlndlpb;PDLC LAPB;C:\WINDOWS\system32\drivers\pdlndlpb.sys [2005-09-06 14:37]
R3 pdlndoem;PDLC OEM Interface;C:\WINDOWS\system32\drivers\pdlndoem.sys [2005-09-06 14:37]
R3 pdlndqll;PDLC QLLC;C:\WINDOWS\system32\drivers\pdlndqll.sys [2005-09-06 14:37]
R3 pdlndsdl;PDLC SDLC;C:\WINDOWS\system32\drivers\pdlndsdl.sys [2005-09-06 14:37]
R3 pdlndtdl;Twinax DLC;C:\WINDOWS\system32\drivers\pdlndtdl.sys [2005-09-06 14:37]
R3 pdlnebas;PDLC Environment;C:\WINDOWS\system32\drivers\pdlnebas.sys [2005-09-06 14:37]
R3 pdlnecfg;PDLC Configuration;C:\WINDOWS\system32\drivers\pdlnecfg.sys [2005-09-06 14:37]
R3 pdlnemap;PDLC Mapper;C:\WINDOWS\system32\drivers\pdlnemap.sys [2005-09-06 14:37]
R3 pdlnemsg;PDLC Message Driver;C:\WINDOWS\system32\drivers\pdlnemsg.sys [2005-09-06 14:37]
R3 pdlnepkt;PDLC Buffer Manager;C:\WINDOWS\system32\drivers\pdlnepkt.sys [2005-09-06 14:37]
R3 pdlnshay;PDLC Hayes At signalling;C:\WINDOWS\system32\drivers\pdlnshay.sys [2005-09-06 14:37]
R3 pdlnslea;PDLC SDLC Leased;C:\WINDOWS\system32\drivers\pdlnslea.sys [2005-09-06 14:37]
R3 pdlnsv25;PDLC V25bis signalling;C:\WINDOWS\system32\drivers\pdlnsv25.sys [2005-09-06 14:37]
R3 pdlnsx25;PDLC X.25;C:\WINDOWS\system32\drivers\pdlnsx25.sys [2005-09-06 14:37]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 07:00]
S2 MyHelp;My Help;C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe [2005-12-13 23:35]
S3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 12:48]
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2006-10-22 09:00]
S4 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2004-04-29 17:19]
S4 vtigercrm503;vtigercrm503;"C:\Program Files\vtigercrm5\apache\bin\Apache.exe" -k runservice []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-25 17:44:37 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 17:26:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-05-01 17:28:20
ComboFix-quarantined-files.txt 2008-05-01 11:58:05
ComboFix2.txt 2008-04-28 10:23:23

Pre-Run: 23,615,197,184 bytes free
Post-Run: 23,609,212,928 bytes free

293 --- E O F --- 2008-04-25 05:22:33

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:34 PM

Posted 01 May 2008 - 08:12 AM

Looks pretty good to me! :blink:


Let's go ahead and clean up a bit.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

    • Posted Image
  • When shown the disclaimer, Select "2"



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :wacko:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 veritus

veritus
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 02 May 2008 - 07:06 AM

Thanks a lot Sam for the help.
Best wishes to you all at Bleepingcomputer

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:10:34 PM

Posted 02 May 2008 - 08:22 AM

I'm glad I could help you out! :thumbsup:

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users