Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log


  • This topic is locked This topic is locked
3 replies to this topic

#1 fleamour

fleamour

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:10 AM

Posted 16 May 2008 - 12:22 PM

My wireless PCMCIA card has recently stopped working with the program error that prismsvr.exe has generated errors & will be closed by Windows. This error appears at every boot. Prismsvr.exe is to do with my Zoom network card. I was infected with troj_ccxr.b which Trend Micro could not remove, but I manually deleted the file at source. I was thinking of maybe resorting to a repair of Windows as a last resort. System scans as clean.

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-16 18:05:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:00, on 16/05/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\A2FREE\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINNT\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\RAM Def XT\ramdef.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\UtilityCtl01.exe
C:\Program Files\Zoom\Zoom Wireless-G PC Card\Wlanutl.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [RAMDef] C:\Program Files\RAM Def XT\ramdef.exe -tray
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Zoom Wireless-G PC Card.lnk = C:\Program Files\Zoom\Zoom Wireless-G PC Card\Wlanutl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188396122329
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\A2FREE\a2service.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: kvrt - Unknown owner - C:\Documents and Settings\All Users\Desktop\Kaspersky Lab Tool\kvrt.exe (file missing)
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINNT\system32\PRISMSVC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 10531 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BUFADPT - c:\winnt\system32\bufadpt.sys <Not Verified; BUFFALO INC.; BUFFALO Wireless LAN>
R1 FileDisk - c:\winnt\system32\drivers\filedisk.sys <Not Verified; Bo BrantÚn; filedisk>
R1 giveio - c:\winnt\system32\giveio.sys
R1 SASDIFSV - c:\docume~1\admini~1\locals~1\temp\superas\sasdifsv.sys (file missing)
R1 SASKUTIL - c:\docume~1\admini~1\locals~1\temp\superas\saskutil.sys (file missing)
R1 speedfan - c:\winnt\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R1 TPHKDRV - c:\winnt\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\winnt\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.3.0.6) - c:\winnt\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.3.0.6>
R2 ZDCNDIS5 (ZDCNDIS5 NDIS Protocol Driver) - c:\winnt\system32\zdcndis5.sys <Not Verified; ZDC., Inc. (ZDC); ZDC Rawether for Windows>
R3 WDHAALBA (WDHAALBAMiniPCI Winmodem) - c:\winnt\system32\drivers\wdhaalba.sys <Not Verified; 3Com Corporation; 3Com Mini PCI 56K Modem>

S2 ousbehci (NEC PCI to USB Enhanced Host Controller) - c:\winnt\system32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\winnt\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 AWINDIS5 (AWINDIS5 Protocol Driver) - c:\winnt\system32\awindis5.sys <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\winnt\system32\drivers\mcdbus.sys (file missing)
S3 NETGEAR_WG511_SERVICE (NETGEAR WG511T Wireless Adapter Service) - c:\winnt\system32\drivers\wg511nd5.sys (file missing)
S3 ousb2hub (OrangeWare USB 2.0 Root Hub Support) - c:\winnt\system32\drivers\ousb2hub.sys <Not Verified; OrangeWare Corporation; USB 2.0 Hub Driver>
S3 PPPoEWin (PPPoEWin Miniport) - c:\winnt\system32\drivers\pppoewin.sys (file missing)
S3 SASENUM - c:\docume~1\admini~1\locals~1\temp\superas\sasenum.sys (file missing)
S3 TVICHW32 - c:\winnt\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 ZMWGCB_PCI (Zoom Wireless-G PC Card Driver) - c:\winnt\system32\drivers\zmwgcb.sys (file missing)
S3 Zoom302 (Zoom 802.11g XG302 Driver) - c:\winnt\system32\drivers\wlancig.sys <Not Verified; Conexant Systems, Inc.; PRISM 802.11 Wireless LAN>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 a2free (a-squared Free Service) - "c:\docume~1\admini~1\locals~1\temp\a2free\a2service.exe" (file missing)
R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe <Not Verified; Lenovo Group Limited; ThinkVantage System Update Service>
R2 TpKmpSVC (IBM KCU Service) - c:\winnt\system32\tpkmpsvc.exe
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>

S2 kvrt - "c:\documents and settings\all users\desktop\kaspersky lab tool\kvrt.exe" -r (file missing)
S3 PRISMSVC - c:\winnt\system32\prismsvc.exe <Not Verified; Conexant Systems, Inc.; PRISM Wireless LAN>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {6BDD1FC5-810F-11D0-BEC7-08002BE2092F}
Description: IBM ThinkPad Fast Infrared Port
Device ID: ACPI\IBM0071\4&2658D0A0&0
Manufacturer: IBM
Name: IBM ThinkPad Fast Infrared Port
PNP Device ID: ACPI\IBM0071\4&2658D0A0&0
Service: NSCIRDA


-- Scheduled Tasks -------------------------------------------------------------

2008-05-16 17:49:40 1286 --a------ C:\WINNT\Tasks\BMMTask.job


-- Files created between 2008-04-16 and 2008-05-16 -----------------------------

2008-05-16 18:07:11 0 d-------- C:\Program Files\Trend Micro
2008-05-14 21:24:48 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_7a4.dat
2008-05-14 21:15:57 515616 --a------ C:\WINNT\system32\drivers\wlanCIG.sys <Not Verified; Conexant Systems, Inc.; PRISM 802.11 Wireless LAN>
2008-05-14 21:15:56 364630 --a------ C:\WINNT\system32\PRISMSVR.EXE <Not Verified; Conexant Systems, Inc.; PRISM Wireless LAN>
2008-05-14 21:15:56 61526 --a------ C:\WINNT\system32\PRISMSVC.EXE <Not Verified; Conexant Systems, Inc.; PRISM Wireless LAN>
2008-05-14 21:15:56 1396827 --a------ C:\WINNT\system32\PRISME5.DLL <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-05-14 21:15:56 450646 --a------ C:\WINNT\system32\PRISMAPI.DLL <Not Verified; Conexant Systems, Inc.; PRISM Wireless LAN>
2008-05-14 21:15:56 18380 --a------ C:\WINNT\system32\drivers\AEGISP.SYS <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.3.0.6>
2008-05-12 14:25:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-12 14:25:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 14:25:32 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 14:23:53 217088 --a------ C:\Documents and Settings\Administrator\sysclean.exe <Not Verified; Trend Micro Incorporated; SysClean Application>
2008-05-10 18:02:48 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_7d0.dat
2008-05-09 13:52:01 0 d-------- C:\Program Files\Lavasoft
2008-05-03 22:00:28 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_930.dat
2008-05-02 18:40:29 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_594.dat
2008-04-30 22:31:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_7fc.dat
2008-04-29 13:27:21 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_744.dat
2008-04-20 23:53:54 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_304.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-14 21:26:20 0 d-a------ C:\Program Files\Mozilla Thunderbird
2008-05-14 21:21:07 919566 ---h----- C:\WINNT\ShellIconCache
2008-05-12 16:57:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-12 16:50:31 0 d-a------ C:\Program Files\Zoom
2008-05-09 17:37:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-05-09 13:51:07 0 d-a------ C:\Program Files\Common Files\Wise Installation Wizard
2008-04-23 22:25:33 0 d-a------ C:\Program Files\SpeedFan
2008-04-15 14:04:16 0 d-a------ C:\Program Files\Google
2008-04-10 21:53:43 0 d-a------ C:\Program Files\Common Files
2008-04-10 21:41:27 0 ---h----- C:\CONFIG.SYS
2008-04-10 21:41:27 0 ---h----- C:\AUTOEXEC.BAT
2008-04-10 21:39:21 15712 --a------ C:\WINNT\system32\emptyregdb.dat
2008-04-10 20:38:53 0 d-a------ C:\Program Files\Windows NT
2008-04-06 22:57:14 0 d-a------ C:\Program Files\Windows Live Safety Center
2008-04-04 19:38:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-04-02 20:35:27 6799 --a------ C:\WINNT\mozver.dat
2008-04-02 20:35:25 0 d-a------ C:\Program Files\Panda Security
2008-04-01 18:07:48 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_540.dat
2008-03-26 18:09:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-03-20 15:41:29 0 --a------ C:\WINNT\r
2008-03-20 15:41:28 0 d-a------ C:\Program Files\Thomson
2008-03-20 15:32:00 0 d-a------ C:\Program Files\VoyagerTest
2008-03-20 15:30:36 2560 --a------ C:\WINNT\_MSRSTRT.EXE
2008-03-19 22:11:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_898.dat
2008-03-05 23:57:32 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2dc.dat
2008-03-02 14:48:24 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_51c.dat
2008-03-01 12:02:46 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4fc.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="tp4serv.exe" [13/07/05 03:55 C:\WINNT\system32\tp4serv.exe]
"Synchronization Manager"="mobsync.exe" [19/06/03 20:05 C:\WINNT\system32\mobsync.exe]
"TP4EX"="tp4ex.exe" [17/10/05 01:11 C:\WINNT\system32\TP4EX.exe]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [20/04/05 01:38 ]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [20/04/05 01:38 ]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [20/04/05 01:38 ]
"SoundFusion"="cwcprops.cpl" [10/04/01 12:42 C:\WINNT\system32\cwcprops.cpl]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [20/04/05 01:38 ]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [01/08/07 12:07 ]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [02/10/06 11:19 ]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [09/01/07 17:28 ]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [09/07/01 11:50 ]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [26/12/07 02:14 ]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [26/11/07 11:38 ]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [30/10/07 21:07 ]
"RAMDef"="C:\Program Files\RAM Def XT\ramdef.exe" [09/04/03 21:21 ]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [30/10/07 21:06 ]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [30/10/07 21:11 ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [15/04/08 14:05 ]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [11/06/07 08:06 ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/07 22:22 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [04/09/07 17:40 ]
"TPKMAPMN"="C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe" [21/09/07 16:45 ]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [11/10/05 19:25 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Zoom Wireless-G PC Card.lnk - C:\Program Files\Zoom\Zoom Wireless-G PC Card\Wlanutl.exe [14/05/2008 21:15:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
nwprovau.dll 01/09/06 06:49 140048 C:\WINNT\system32\NWPROVAU.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
PRISMAPI.DLL 11/10/06 13:33 450646 C:\WINNT\system32\PRISMAPI.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 06/07/05 00:45 28672 C:\WINNT\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 30/11/05 21:16 24576 C:\WINNT\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmw_run.exe]
kmw_run.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\superas\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]




-- End of Deckard's System Scanner: finished at 2008-05-16 18:09:32 ------------
ASRock Conroe (micro ATX) - Ubuntu 12.04/Win 7 Ultimate (x86)
Intel C2D E8400 3.0GHz/low profile Noctua (single fan)
4GB OCZ DDR2 RAM, GeForce GT220 1024MB

Vintage IBM-T21 laptop, Xubuntu Lucid LTS
512MB KingSpec RAM, 1GHz CPU [T22 Fan], Wireless-G PCMCIA, 7200RPM HDD

BC AdBot (Login to Remove)

 


#2 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 AM

Posted 10 June 2008 - 09:02 PM

Hello


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do an online scan with Kaspersky WebScanner

Click on Accept Button

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#3 fleamour

fleamour
  • Topic Starter

  • Members
  • 297 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:10 AM

Posted 11 June 2008 - 07:08 AM

Whoa!!! That was a long time!

I have since restored from backup which has solved the problem. Keep up the good work. :thumbsup:
ASRock Conroe (micro ATX) - Ubuntu 12.04/Win 7 Ultimate (x86)
Intel C2D E8400 3.0GHz/low profile Noctua (single fan)
4GB OCZ DDR2 RAM, GeForce GT220 1024MB

Vintage IBM-T21 laptop, Xubuntu Lucid LTS
512MB KingSpec RAM, 1GHz CPU [T22 Fan], Wireless-G PCMCIA, 7200RPM HDD

#4 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:02:10 AM

Posted 12 June 2008 - 05:16 AM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users