Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - W32/autorun.worm.gen!job (virus), Generic!atr (trojan),


  • This topic is locked This topic is locked
2 replies to this topic

#1 gsms123

gsms123

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:32 PM

Posted 24 May 2008 - 01:35 PM

Computer 1 - Thinkpad T61

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 24, 2008 1:20:54 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/05/2008
Kaspersky Anti-Virus database records: 799624
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 98612
Number of viruses found: 3
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 01:15:34

Infected Object Name / Virus Name / Last Action
C:\824219d8769999634d8257\msxml4-KB927978-enu.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output\ctsuser\~Running.ping Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.8.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.8.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy5.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_104.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080524_Time-101548890_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080524_Time-101548890_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_CTSUSNJY11368.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_CTSUSNJY11368.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\Local Settings\Application Data\SupportSoft\ctsprovider\ctsuser\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\Local Settings\History\History.IE5\MSHist012008052420080525\index.dat Object is locked skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\My Documents\MyData\MyPst\Oldpst\ChellamSentupto5Jan2001.pst/Archive Folders/Inbox/ChellamSentupto5Jan2001/04 Nov 2000 14:30 to CHELLAM (E-mail):Net Captor/ncsetup.EXE/WISE0022.BIN Infected: not-a-virus:AdWare.Win32.FlySwat.a skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\My Documents\MyData\MyPst\Oldpst\ChellamSentupto5Jan2001.pst/Archive Folders/Inbox/ChellamSentupto5Jan2001/04 Nov 2000 14:30 to CHELLAM (E-mail):Net Captor/ncsetup.EXE Infected: not-a-virus:AdWare.Win32.FlySwat.a skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\My Documents\MyData\MyPst\Oldpst\ChellamSentupto5Jan2001.pst MailMSMaill: infected - 2 skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\My Documents\MyData\MyPst\Oldpst\Upto08July2002.pst/Personal Folders/GENERAL/25 Mar 1999 09:46 from ramya:Fw: to find passward!!!!!!!!!!!!!!/Revelation (2).exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\My Documents\MyData\MyPst\Oldpst\Upto08July2002.pst MailMSMaill: infected - 1 skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{FF56A3AA-CF1A-463A-B411-96FB2146483B}\RP128\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\regsvr.exe Infected: Trojan.Win32.Autoit.ci skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\regsvr.exe Infected: Trojan.Win32.Autoit.ci skipped
C:\WINDOWS\system32\svchost .exe Infected: Trojan.Win32.Autoit.ci skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 24, 2008 11:41:20 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/05/2008
Kaspersky Anti-Virus database records: 799624
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Memory:

Scan Statistics:
Total number of scanned objects: 2740
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 00:01:00

Infected Object Name / Virus Name / Last Action
[3916] regsvr.exe => C:\WINDOWS\system32\regsvr.exe Infected: Trojan.Win32.Autoit.ci skipped
[3216] regsvr.exe => C:\WINDOWS\system32\regsvr.exe Infected: Trojan.Win32.Autoit.ci skipped

Scan process completed.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 24, 2008 11:43:03 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/05/2008
Kaspersky Anti-Virus database records: 799624
-------------------------------------------------------------------------------


$$$$$$$$$$$$ THIS IS MY FLASH DRIVE: $$$$$$$$

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
E:\

Scan Statistics:
Total number of scanned objects: 339
Number of viruses found: 1
Number of infected objects: 31
Number of suspicious objects: 0
Duration of the scan process: 00:00:36

Infected Object Name / Virus Name / Last Action
E:\Prem\PF\PF .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Prem\I131\I131 .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Prem\EAD-Nov2007\EAD-Nov2007 .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Prem\2006 Tax Forms\2006 Tax Forms .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Prem\Temp-Vanitha\Retail - Docs\Retail - Docs .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Prem\Temp-Vanitha\eComm\eComm .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Prem\Temp-Vanitha\App\App .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Prem\Temp-Vanitha\Temp-Vanitha .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Prem\Resume\Resume .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Prem\Prem .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\2008Stamping\moredocs\moredocs .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\2008Stamping\2008Stamping .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Dad\2007-01 (Jan)\2007-01 (Jan) .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Dad\2007-08 (Aug)\2007-08 (Aug) .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Dad\2007-12 (Dec)\2007-12 (Dec) .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Dad\2008-01 (Jan)\2008-01 (Jan) .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Dad\psg\psg .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Dad\Links\Links .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Dad\Dad .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\DCIM\101MSDCF\101MSDCF .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\DCIM\DCIM .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Acco\Acco .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\FMLA\FMLA .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\regsvr.exe Infected: Trojan.Win32.Autoit.ci skipped
E:\2008\2008 .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\New Folder .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\TnE\Q4 Expenses\Q4 Expenses .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\TnE\Q1 08 Expenses\Q1 08 Expenses .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\TnE\TnE .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Europe\Europe .exe Infected: Trojan.Win32.Autoit.ci skipped
E:\Old\Old .exe Infected: Trojan.Win32.Autoit.ci skipped

Scan process completed.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 24, 2008 12:04:03 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/05/2008
Kaspersky Anti-Virus database records: 799624
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Email:
C:\

Scan Statistics:
Total number of scanned objects: 105
Number of viruses found: 2
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 00:07:24

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\ctsuser.CTSUSNJY10018\My Documents\MyData\MyPst\Oldpst\ChellamSentupto5Jan2001.pst/Archive Folders/Inbox/ChellamSentupto5Jan2001/04 Nov 2000 14:30 to CHELLAM (E-mail):Net Captor/ncsetup.EXE/WISE0022.BIN Infected: not-a-virus:AdWare.Win32.FlySwat.a skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\My Documents\MyData\MyPst\Oldpst\ChellamSentupto5Jan2001.pst/Archive Folders/Inbox/ChellamSentupto5Jan2001/04 Nov 2000 14:30 to CHELLAM (E-mail):Net Captor/ncsetup.EXE Infected: not-a-virus:AdWare.Win32.FlySwat.a skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\My Documents\MyData\MyPst\Oldpst\ChellamSentupto5Jan2001.pst MailMSMaill: infected - 2 skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\My Documents\MyData\MyPst\Oldpst\Upto08July2002.pst/Personal Folders/GENERAL/25 Mar 1999 09:46 from ramya:Fw: to find passward!!!!!!!!!!!!!!/Revelation (2).exe Infected: not-a-virus:PSWTool.Win32.SnadBoy.11 skipped
C:\Documents and Settings\ctsuser.CTSUSNJY10018\My Documents\MyData\MyPst\Oldpst\Upto08July2002.pst MailMSMaill: infected - 1 skipped

Scan process completed.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 24, 2008 11:39:22 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/05/2008
Kaspersky Anti-Virus database records: 799624
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\CTSUSE~2.CTS\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 20860
Number of viruses found: 1
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 00:17:33

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\regsvr.exe Infected: Trojan.Win32.Autoit.ci skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\regsvr.exe Infected: Trojan.Win32.Autoit.ci skipped
C:\WINDOWS\system32\svchost .exe Infected: Trojan.Win32.Autoit.ci skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Deckard's System Scanner v20071014.68
Run by ctsuser on 2008-05-24 13:23:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2008-05-24 18:23:08 UTC - RP129 - Deckard's System Scanner Restore Point
14: 2008-05-24 15:47:54 UTC - RP128 - System Checkpoint
13: 2008-05-23 15:45:19 UTC - RP127 - System Checkpoint
12: 2008-05-22 14:14:12 UTC - RP126 - System Checkpoint
11: 2008-05-21 01:49:30 UTC - RP125 - System Checkpoint


-- First Restore Point --
1: 2008-05-11 16:10:21 UTC - RP115 - Installed TextPad 5.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ctsuser.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:49 PM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CTSProvider\bin\tgsrvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\regsvr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\CTSProvider\bin\sprtcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\regsvr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Documents and Settings\ctsuser.CTSUSNJY10018\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\HIJACK~1\ctsuser.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
F2 - REG:system.ini: Shell=Explorer.exe regsvr.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [CTSProvider] "C:\Program Files\CTSProvider\bin\sprtcmd.exe" /P CTSProvider
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Msn Messsenger] C:\WINDOWS\system32\regsvr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/a...ntent/AcpIR.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197052362500
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Repair Service (ctsprovider) (tgsrvc_ctsprovider) - SupportSoft, Inc. - C:\Program Files\CTSProvider\bin\tgsrvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11875 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>

S3 NETw3x32 (Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit) - c:\windows\system32\drivers\netw3x32.sys (file missing)
S3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
S3 w29n51 (Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP) - c:\windows\system32\drivers\w29n51.sys <Not Verified; Intel® Corporation; Intel® Wireless LAN Adapter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 tgsrvc_ctsprovider (SupportSoft Repair Service (ctsprovider)) - c:\program files\ctsprovider\bin\tgsrvc.exe /p ctsprovider <Not Verified; SupportSoft, Inc.; SupportSoft Repair Service>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-05-24 13:16:04 304 --a------ C:\WINDOWS\Tasks\PMTask.job


-- Files created between 2008-04-24 and 2008-05-24 -----------------------------

2008-05-24 10:26:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-24 10:26:16 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-24 10:26:14 0 d-------- C:\WINDOWS\LastGood
2008-05-24 07:16:41 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\LocalLow
2008-05-24 07:16:41 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-05-24 07:09:57 0 d-------- C:\Program Files\TVAnts
2008-05-22 11:05:00 0 d-------- C:\quarantine
2008-05-17 18:02:14 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-17 17:24:39 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\Windows Desktop Search
2008-05-17 17:23:49 0 d-------- C:\Program Files\Windows Desktop Search
2008-05-13 21:09:34 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\eFax Messenger
2008-05-13 21:09:32 0 --a------ C:\WINDOWS\system32\eFax_4_3_Port
2008-05-13 21:09:32 0 d-------- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Output
2008-05-13 21:09:20 0 d-------- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.3 Setup
2008-05-13 21:08:29 0 d-------- C:\Program Files\eFax Messenger 4.3
2008-05-13 11:13:59 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\Helios
2008-05-11 11:25:08 0 d-------- C:\WINDOWS\Downloaded Installations
2008-05-11 11:22:19 0 d-------- C:\Program Files\WordWeb
2008-05-11 11:10:23 0 d-------- C:\Program Files\TextPad 5
2008-05-11 11:07:06 0 d-------- C:\Program Files\pdfsam
2008-05-11 10:33:32 4442 -----n--- C:\WINDOWS\system32\drivers\TPPWRIF.SYS
2008-05-11 10:33:32 16384 -----n--- C:\WINDOWS\PWMBTHLP.EXE
2008-05-10 19:54:20 0 d-------- C:\DataBackup
2008-05-10 18:53:51 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\DivX
2008-05-10 18:45:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-05-10 18:45:54 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\Roxio
2008-05-10 18:39:13 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\Research In Motion
2008-05-10 18:38:51 256 --a------ C:\WINDOWS\system32\pool.bin
2008-05-10 18:33:47 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-10 18:33:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-10 18:31:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Roxio
2008-05-10 18:31:28 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-10 18:31:27 0 d-------- C:\Program Files\Roxio
2008-05-10 18:31:23 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-05-10 18:29:24 0 d-------- C:\Program Files\DivX
2008-05-10 18:26:40 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\Blackberry Desktop
2008-05-10 18:26:17 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-05-10 18:25:59 0 d-------- C:\Program Files\Research In Motion
2008-05-10 17:58:39 0 d--hs---- C:\WINDOWS\ftpcache
2008-05-10 13:30:33 0 d-------- C:\WINDOWS\RegisteredPackages
2008-05-10 13:29:27 0 d-------- C:\Program Files\Winamp
2008-05-10 13:29:27 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\Winamp
2008-05-10 13:20:59 0 d-------- C:\Program Files\IrfanView
2008-05-10 13:16:29 0 d-------- C:\temp
2008-05-10 13:15:33 617343 -rahs---- C:\WINDOWS\system32\svchost .exe
2008-05-10 13:15:32 617343 -rahs---- C:\WINDOWS\system32\regsvr.exe
2008-05-10 13:15:32 617343 --a------ C:\WINDOWS\regsvr.exe
2008-05-10 13:15:31 0 d--hs---- C:\WINDOWS\system32\28463
2008-05-10 13:13:40 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\vlc
2008-05-10 11:02:22 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\dvdcss
2008-05-10 11:01:50 0 d-------- C:\Program Files\VideoLAN
2008-05-10 09:41:10 0 d-------- C:\WINDOWS\system32\LogFiles
2008-05-10 09:30:09 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\Macromedia
2008-05-10 09:04:11 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\Google
2008-05-10 08:58:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-05-10 08:58:53 0 d-------- C:\Program Files\Google
2008-05-10 08:58:52 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-05-10 08:53:47 0 d-------- C:\WINDOWS\network diagnostic
2008-05-08 17:47:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-05-08 17:47:45 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-08 15:45:38 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\AdobeUM
2008-05-08 14:14:30 0 d-------- C:\WINDOWS\Sun
2008-05-08 14:14:30 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\Sun
2008-05-08 14:08:13 0 d-------- C:\Program Files\Java
2008-05-08 14:08:12 0 d-------- C:\Program Files\Common Files\Java
2008-05-08 11:34:32 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\Opera
2008-05-08 11:34:22 0 d-------- C:\Program Files\Opera
2008-05-08 11:29:40 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\Adobe
2008-05-08 11:23:46 0 d-------- C:\Program Files\GPLGS
2008-05-08 11:22:53 0 d-------- C:\Program Files\Acro Software
2008-05-08 06:50:01 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-02 12:45:54 0 d-------- C:\Program Files\Microsoft Works
2008-05-02 12:45:47 0 d-------- C:\Program Files\MSBuild
2008-05-02 12:38:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help


-- Find3M Report ---------------------------------------------------------------

2008-05-11 10:33:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-10 18:31:28 0 d-------- C:\Program Files\Common Files
2008-05-10 18:31:27 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-02 12:56:45 0 d-------- C:\Documents and Settings\ctsuser.CTSUSNJY10018\Application Data\OfficeUpdate12
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 16:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 16:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 16:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 15:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 15:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 15:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 15:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-04 18:52:34 286720 --a------ C:\WINDOWS\system32\libcurl.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 07:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 02:50 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [10/07/2003 08:48 AM]
"CTSProvider"="C:\Program Files\CTSProvider\bin\sprtcmd.exe" [06/04/2005 06:31 PM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [02/14/2006 01:17 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [02/14/2006 01:16 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [01/21/2006 08:00 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/03/2004 11:56 PM C:\WINDOWS\system32\bthprops.cpl]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [03/09/2007 02:49 PM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [06/02/2006 09:00 PM]
"TP4EX"="tp4ex.exe" [10/17/2005 12:11 AM C:\WINDOWS\system32\TP4EX.exe]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [03/08/2007 04:48 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [04/16/2007 10:24 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [04/16/2007 10:22 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/15/2007 03:07 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/15/2007 03:07 PM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [08/15/2007 03:07 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/11/2007 10:11 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [11/02/2007 02:04 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [03/26/2007 07:07 AM]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [01/11/2008 01:30 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [01/11/2008 01:30 AM]
"eFax 4.3"="C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" [03/06/2007 12:21 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/17/2008 11:12 AM]
"Msn Messsenger"="C:\WINDOWS\system32\regsvr.exe" [01/01/2000 01:33 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [5/21/2007 10:38:49 PM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 3:40:46 PM]
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe [5/11/2008 11:22:19 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"DisableRegistryTools"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NofolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 03:39 PM 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe regsvr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 03/08/2007 05:08 PM 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 04:37 PM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/14/2006 11:06 AM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa217bc7-fbd6-11dc-8700-806d6172696f}]
AutoRun\command- D:\SETUP.EXE
configure\command- D:\SETUP.EXE
install\command- D:\SETUP.EXE

*Newly Created Service* - ENTDRV51



-- End of Deckard's System Scanner: finished at 2008-05-24 13:28:31 ------------

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:32 PM

Posted 24 June 2008 - 06:41 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:32 PM

Posted 06 July 2008 - 09:37 AM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users