Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:delf-khb [trj] ...plus Others...


  • Please log in to reply
10 replies to this topic

#1 Manic007

Manic007

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 06 June 2008 - 10:16 PM

Hi, Thanks to everyone on this forum that helps with virus removal! It's much appreciated, and I will definately donate money to keep this place going. Any and all help will be greatly appreciated!

Cheers!

Nic




THE PROBLEM: I keep getting re-infected with various Trojans. I'm currently running Avast Anti-Virus Pro, AdAware, and Spybot. But they still can't rid my system of viruses.


The only current infection according to Avast is:

Win32:Delf-KHB[Trj]


Earlier this year I had the following viruses (but thought I safely removed them.) I suppose these could have caused the current and previous infections. Here they are in chronological order, from the earliest to the latest (some recurred many times, but not in the latest scan):

HTML:I-Frame-N[Expl]

HTML:I-Frame-M[Expl]

Win32:Delf-HTI[Trj]

HTML:I-Frame-O[Expl]

Win32:Delf-HWS[Trj]

Win32:Agent-QXQ[Trj]

Win32:Bancos-AUK[Trj]

Win32:Delf-IJI[Trj]

Win32:Agent-SYE[Trj]

Win32:Trojan-gen{vb}

HTML:CVE-2006-3227[Expl]

Win32:Delf-IWD[Trj]

Win32:Kolab-AX[Wrm]

Win32:Rootkit-gen[Rtk]

Win32:Trojan-gen{other}

Win32:Delf-KHB[Trj]




LOG FILES:


MAIN.TXT



Deckard's System Scanner v20071014.68
Run by Home on 2008-06-07 12:37:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-06-07 02:37:36 UTC - RP142 - Deckard's System Scanner Restore Point
4: 2008-06-06 01:47:22 UTC - RP141 - System Checkpoint
3: 2008-06-04 10:16:02 UTC - RP140 - System Checkpoint
2: 2008-06-03 10:01:26 UTC - RP139 - System Checkpoint
1: 2008-06-03 06:52:34 UTC - RP138 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.59 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-07 12:39:30
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\GIZMO2\GIZMO.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\afinding.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\routing.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Allume\StuffIt\MXTask.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Allume\StuffIt\MXTask.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wserving.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Home\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abc.net.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GIZMO2] C:\Program Files\GIZMO2\GIZMO.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options Group: [JAVA_IBM] Java (IBM)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{0DF7E9BB-2E70-4C58-9D4D-66E7B3FF1E1F}: NameServer = 192.231.203.132,192.231.203.3
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\system32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StuffIt Task Manager - Allume Systems, Inc. - C:\Program Files\Allume\StuffIt\MXTask.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSvc.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe


--
End of file - 11795 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; IBM Corporation; IBM Hard Drive Active Protection System>
R0 zmxpzip - c:\windows\system32\drivers\zmxpzip.sys <Not Verified; Allume Systems; StuffIt® ZipFolders®>
R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; IBM Corporation; IBM Hard Drive Active Protection System>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 EGATHDRV (IBM Access Support) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 QCNDISIF - c:\windows\system32\drivers\qcndisif.sys <Not Verified; IBM Corporation.; IBM ThinkPad Utility>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AFinding (AFinding Service) - c:\windows\system32\afinding.exe
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 JavaQuickStarterService (Java Quick Starter) - "c:\program files\java\jre6\bin\jqs.exe" -service -config "c:\program files\java\jre6\lib\deploy\jqs\jqs.conf" <Not Verified; Sun Microsystems, Inc.; Java™ Platform SE 6 U10>
R2 perfmons (perfmons Service) - c:\windows\system32\perfs.exe
R2 QCONSVC - system32\qconsvc.exe <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 Routing (Routing Service) - c:\windows\system32\routing.exe
R2 StuffIt Task Manager - c:\progra~1\allume\stuffit\mxtask.exe -service <Not Verified; Allume Systems, Inc.; StuffIt>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
R2 TVT Backup Protection Service - "c:\program files\lenovo\rescue and recovery\rrpservice.exe" <Not Verified; ; rrpservice Module>
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
R2 tvtnetwk - c:\program files\lenovo\rescue and recovery\adm\iuservice.exe
R2 WServing (WServing Service) - c:\windows\system32\wserving.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-05 09:51:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-13 07:35:30 410 -----n--- C:\WINDOWS\Tasks\BMMTask.job


-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-05-24 09:25:55 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-24 09:25:55 2542 --a------ C:\WINDOWS\unins000.dat
2008-05-19 17:20:42 0 d-------- C:\Program Files\QuickTime
2008-05-19 17:19:41 0 d-------- C:\Program Files\Apple Software Update
2008-05-13 17:33:09 0 d-------- C:\Documents and Settings\Home\Application Data\GIZMO2
2008-05-13 17:32:56 0 d-------- C:\Program Files\GIZMO2
2008-05-11 23:42:57 202240 --a------ C:\WINDOWS\system32\UNIQLOCK COLOR_v2.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-05-11 23:42:57 0 d-------- C:\WINDOWS\system32\UNIQLOCK COLOR_v2 dir
2008-05-09 13:52:57 0 d-------- C:\WINDOWS\Prefetch
2008-05-09 13:32:04 0 d-------- C:\WINDOWS\system32\scripting
2008-05-09 13:32:00 0 d-------- C:\WINDOWS\l2schemas
2008-05-09 13:31:59 0 d-------- C:\WINDOWS\system32\en
2008-05-09 13:31:59 0 d-------- C:\WINDOWS\system32\bits
2008-05-09 13:28:05 0 d-------- C:\WINDOWS\ServicePackFiles


-- Find3M Report ---------------------------------------------------------------

2008-06-07 12:33:08 0 d-------- C:\Documents and Settings\Home\Application Data\DNA
2008-06-07 11:36:30 0 d-------- C:\Program Files\Calendar
2008-05-26 17:01:58 0 d-------- C:\Program Files\Java
2008-05-26 16:59:00 0 d-------- C:\Program Files\Common Files
2008-05-12 15:49:30 0 d-------- C:\Program Files\Safari
2008-05-09 13:52:00 0 d-------- C:\Program Files\Messenger
2008-05-09 13:31:58 0 d-------- C:\Program Files\Movie Maker
2008-05-09 13:27:41 0 d-------- C:\Program Files\Windows NT
2008-04-22 14:40:00 249856 --a------ C:\WINDOWS\UNIQLOCK.scr <Not Verified; UNIQLO CO., LTD.; UNIQLOCK SCREENSAVER>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
26/05/2008 05:02 PM 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
26/05/2008 05:02 PM 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [12/10/2001 04:32 PM C:\WINDOWS\system32\S3Tray2.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [17/06/2004 03:53 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [17/06/2004 03:53 AM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [05/02/2004 11:39 AM]
"TpShocks"="TpShocks.exe" [27/03/2004 11:16 AM C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [18/08/2004 05:06 AM]
"TP4EX"="tp4ex.exe" [04/09/2002 06:05 PM C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [25/12/2003 07:04 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [26/08/2004 05:52 AM]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [15/07/2004 09:34 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 06:01 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [02/09/2004 06:05 PM]
"@"="" []
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [22/07/2004 07:01 PM]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [29/07/2004 06:37 PM]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [29/07/2004 06:37 PM]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [29/07/2004 06:37 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [02/04/2004 03:52 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [27/03/2004 07:40 AM]
"QCTRAY"="C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [09/11/2004 08:53 PM]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [09/11/2004 08:53 PM]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [07/08/2003 09:08 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 09:19 AM]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [11/07/2007 07:53 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 09:16 PM]
"GIZMO2"="C:\Program Files\GIZMO2\GIZMO.exe" [06/03/2008 11:37 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 11:37 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [26/05/2008 05:02 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [22/07/2004 07:01 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/04/2008 10:12 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 10:12 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [09/05/2008 09:30 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/20/2007 5:53:09 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/24/2007 6:57:27 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [1/2/2008 5:50:18 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 09/11/2004 08:53 PM 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2f06280-cf21-11dc-a70b-000e352dcfd3}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f37ad4b0-b8fb-11dc-a6e1-000e352dcfd3}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f37ad4b1-b8fb-11dc-a6e1-000e352dcfd3}]
AutoRun\command- E:\AutoRun.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8743 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-07 12:42:10 ------------




=========================================================================
=========================================================================



EXTRA.TXT



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.70GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 1022.92 MiB / 451.95 MiB
Pagefile Memory (total/avail): 2461.7 MiB / 2001.98 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1916.14 MiB

C: is Fixed (NTFS) - 32.53 GiB total, 0.59 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK4026GAX - 37.26 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 32.53 GiB - C:
\PARTITION1 - Unknown - 4.72 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Home\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME_T42
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Home
LOGONSERVER=\\HOME_T42
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRAM FILES\THINKPAD\UTILITIES;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\WINDOWS\Downloaded Program Files;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Common Files\Lenovo;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RR=C:\Program Files\Lenovo\Rescue and Recovery
SESSIONNAME=Console
SWSHARE=C:\SWSHARE
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Home\LOCALS~1\Temp
TMP=C:\DOCUME~1\Home\LOCALS~1\Temp
TVT=C:\Program Files\Lenovo
TVTCOMMON=C:\Program Files\Common Files\Lenovo
TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24
USERDOMAIN=HOME_T42
USERNAME=Home
USERPROFILE=C:\Documents and Settings\Home
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Home (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3 Mobile Broadband --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EAAC5FD-E209-4856-8C49-D4EA40F85032}\setup.exe" -l0x9 -removeonly
Access IBM --> MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Access IBM Message Center --> MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CuteFTP 8 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
HijackThis 2.0.0 --> "C:\Documents and Settings\Home\Desktop\Downloads\- Anti Spyware Tools\HiJackThis_v2\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IBM 32-bit Runtime Environment for Java 2, v1.4.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6C72E14A-C1F3-45E5-8810-83CE3C19ED63} /l1033
IBM Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\setup.exe" -l0x9 anything
IBM Active Protection System --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\setup.exe" -l0x9 anything
IBM DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
IBM Integrated 56K Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -IVEN_8086&DEV_24C6&SUBSYS_05591014 -S -ISFG
IBM RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
IBM Themes --> MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Battery MaxiMiser and Power Management Features --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unbmm.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
IBM ThinkPad Configuration --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNTPUW.ISU -c"C:\Program Files\ThinkPad\Utilities\Tpinswin.dll"
IBM ThinkPad EasyEject Utility --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unezej.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsej.dll"
IBM ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\setup.exe" -l0x9 anything
IBM ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
IBM ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
IBM ThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\setup.exe" UNINSTALL
IBM ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
IBM TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\setup.exe"
IBM Update Connector --> MsiExec.exe /X{8D815BF3-2399-459C-B121-49373FEFB9E8}
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{16906D21-0656-4F8B-9A01-C3D24B5401FC}
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java™ 6 Update 10 --> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.8pre) --> C:\Program Files\Calendar\uninstall\uninst.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MultipleIEs --> "C:\Program Files\MultipleIEs\unins000.exe"
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Netscape Navigator (9.0.0.6) --> C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
Opera 9.26 --> MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664}
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Rescue and Recovery --> MsiExec.exe /I{F151F2B3-0C32-44D3-90E2-E639B8024622}
Safari --> MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
StuffIt Deluxe --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{7E6F59BA-4D1C-4246-B048-AF0DCA54A117}
The Font Thing --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Fisher\The Font Thing\DeIsL1.isu" -c"C:\Program Files\Fisher\The Font Thing\_ISREG32.DLL"
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Software Installer --> _tpiu000.exe /U
UNIQLOCK COLOR_v2 Screen Saver --> C:\WINDOWS\system32\UNIQLOCK COLOR_v2.scr /u
UNIQLOCK SCREENSAVER --> MsiExec.exe /X{D57197A0-E318-42CC-AA6D-8CB5543E3076}
Wallpapers --> MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinHTTrack Website Copier 3.41-rc1 --> "C:\Program Files\WinHTTrack\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type1684 / Error
Event Submitted/Written: 06/06/2008 06:46:35 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application cuteftppro.exe, version 8.1.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1683 / Error
Event Submitted/Written: 06/06/2008 06:23:35 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application cuteftppro.exe, version 8.1.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1627 / Error
Event Submitted/Written: 05/30/2008 04:49:45 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 578822000.

Event Record #/Type1626 / Error
Event Submitted/Written: 05/30/2008 04:49:42 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application cuteftppro.exe, version 8.1.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1620 / Error
Event Submitted/Written: 05/30/2008 04:33:49 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 578822000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10401 / Warning
Event Submitted/Written: 06/07/2008 10:11:00 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type10313 / Warning
Event Submitted/Written: 06/06/2008 11:20:14 AM
Event ID/Source: 27 / E1000
Event Description:
Intel® PRO/1000 MT Mobile Connection
Link has been disconnected.

Event Record #/Type10309 / Warning
Event Submitted/Written: 06/06/2008 11:17:00 AM
Event ID/Source: 27 / E1000
Event Description:
Intel® PRO/1000 MT Mobile Connection
Link has been disconnected.

Event Record #/Type10281 / Warning
Event Submitted/Written: 06/05/2008 05:38:50 PM
Event ID/Source: 27 / E1000
Event Description:
Intel® PRO/1000 MT Mobile Connection
Link has been disconnected.

Event Record #/Type10277 / Warning
Event Submitted/Written: 06/05/2008 02:27:02 PM / 06/05/2008 02:27:03 PM
Event ID/Source: 27 / E1000
Event Description:
Intel® PRO/1000 MT Mobile Connection
Link has been disconnected.



-- End of Deckard's System Scanner: finished at 2008-06-07 12:42:10 ------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:28 PM

Posted 08 June 2008 - 09:39 PM

Hello Manic007,

Please perform this online scan: Kaspersky Webscan

Note that you need to run this scan with Internet Explorer for it to work correctly.

If you have any problem running the scan to completion, disable your Antivirus and/or firewall temporarily, just refrain from surfing around while the scan is running and be sure to re-enable when done.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows Kaspersky to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE,
Scan Options:
Scan Archives
Scan Mail Bases


then click "OK"
7. Select a target to scan: Click on "My Computer" and the scan will begin.
8. Once the scan is complete it will display if your system has been infected.
Now click on the Save Report As... button:

Posted Image

Under Save as type select Text file write name for the file and save it to your Desktop.
Locate the file at the Desktop, open it, then copy and paste that information in your next post.
9. Post the Kaspersky scan results in your next reply.

BTW, did you know the Java SE 6 Update 10 you have installed is a beta version? http://java.sun.com/developer/technicalArt...avase/java6u10/
Beta versions are very buggy, so I dont recommend you run it unless you are intensional testing it for Java.

The latest java version (non-beta) is Sun Java Runtime Environment 6 Update 6 and it is available here: http://java.sun.com/javase/downloads/index.jsp

Edited by SifuMike, 08 June 2008 - 09:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Manic007

Manic007
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 10 June 2008 - 09:19 PM

Hi SifuMike,

I'm having some trouble running the Kapersky scan. After Kapersky updates it's virus database, it then says it's been blocked by Kapersky itself!

I tried uninstalling/reinstalling but to no avail.

It looks like I may have rid myself of the virus in any case, as I ran an Avast boot scan and managed to move the Delf trojan to the virus-chest. I then ran the boot scan again and so far no other viruses have reared their heads.


I updated the Java to Environment 6 Update 6.

I ran another DSS.exe scan, which only produced one TXT file this time (MAIN.txt) the results of which I have posted below.

I also ran a HijackThis scan which produced the following log (if that's useful.)


Please let me know if you think there may still be some danger.

Regards,

Nic

=============================================================================

MAIN.TXT


Deckard's System Scanner v20071014.68
Run by Home on 2008-06-10 23:13:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.12 GiB (less than 15%) free.


-- HijackThis (run as Home.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-10 23:14:41
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afinding.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\GIZMO2\GIZMO.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\QCONSVC.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\routing.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Allume\StuffIt\MXTask.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Allume\StuffIt\MXTask.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wserving.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Home\Desktop\dss.exe
C:\Program Files\HijackThis\Home.exe
C:\WINDOWS\system32\Indt2.sys

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abc.net.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GIZMO2] C:\Program Files\GIZMO2\GIZMO.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options Group: [JAVA_IBM] Java (IBM)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{0DF7E9BB-2E70-4C58-9D4D-66E7B3FF1E1F}: NameServer = 192.231.203.132,192.231.203.3
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\system32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StuffIt Task Manager - Allume Systems, Inc. - C:\Program Files\Allume\StuffIt\MXTask.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSvc.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe


--
End of file - 12060 bytes

-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2008-06-10 17:33:18 0 d-------- C:\Program Files\Sun
2008-06-10 17:22:46 0 d-------- C:\Program Files\Common Files\Java
2008-06-10 16:50:15 0 d-------- C:\Documents and Settings\Home\.java
2008-06-10 09:28:28 290816 --a------ C:\WINDOWS\system32\andt.sys
2008-05-24 09:25:55 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-24 09:25:55 2542 --a------ C:\WINDOWS\unins000.dat
2008-05-19 17:20:42 0 d-------- C:\Program Files\QuickTime
2008-05-19 17:19:41 0 d-------- C:\Program Files\Apple Software Update
2008-05-13 17:33:09 0 d-------- C:\Documents and Settings\Home\Application Data\GIZMO2
2008-05-13 17:32:56 0 d-------- C:\Program Files\GIZMO2
2008-05-11 23:42:57 202240 --a------ C:\WINDOWS\system32\UNIQLOCK COLOR_v2.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-05-11 23:42:57 0 d-------- C:\WINDOWS\system32\UNIQLOCK COLOR_v2 dir


-- Find3M Report ---------------------------------------------------------------

2008-06-10 23:13:45 0 d-------- C:\Documents and Settings\Home\Application Data\DNA
2008-06-10 17:33:09 0 d-------- C:\Program Files\Java
2008-06-10 17:22:46 0 d-------- C:\Program Files\Common Files
2008-06-07 11:36:30 0 d-------- C:\Program Files\Calendar
2008-05-12 15:49:30 0 d-------- C:\Program Files\Safari
2008-05-09 13:52:00 0 d-------- C:\Program Files\Messenger
2008-05-09 13:31:58 0 d-------- C:\Program Files\Movie Maker
2008-05-09 13:27:41 0 d-------- C:\Program Files\Windows NT
2008-04-22 14:40:00 249856 --a------ C:\WINDOWS\UNIQLOCK.scr <Not Verified; UNIQLO CO., LTD.; UNIQLOCK SCREENSAVER>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
26/05/2008 05:02 PM 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
26/05/2008 05:02 PM 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [12/10/2001 04:32 PM C:\WINDOWS\system32\S3Tray2.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [17/06/2004 03:53 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [17/06/2004 03:53 AM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [05/02/2004 11:39 AM]
"TpShocks"="TpShocks.exe" [27/03/2004 11:16 AM C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [18/08/2004 05:06 AM]
"TP4EX"="tp4ex.exe" [04/09/2002 06:05 PM C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [25/12/2003 07:04 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [26/08/2004 05:52 AM]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [15/07/2004 09:34 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [19/08/2003 06:01 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [02/09/2004 06:05 PM]
"@"="" []
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [22/07/2004 07:01 PM]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [29/07/2004 06:37 PM]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [29/07/2004 06:37 PM]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [29/07/2004 06:37 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [02/04/2004 03:52 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [27/03/2004 07:40 AM]
"QCTRAY"="C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [09/11/2004 08:53 PM]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [09/11/2004 08:53 PM]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [07/08/2003 09:08 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 09:19 AM]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [11/07/2007 07:53 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 09:16 PM]
"GIZMO2"="C:\Program Files\GIZMO2\GIZMO.exe" [06/03/2008 11:37 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 11:37 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [26/05/2008 05:02 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [22/07/2004 07:01 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [14/04/2008 10:12 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 10:12 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [09/05/2008 09:30 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/20/2007 5:53:09 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/24/2007 6:57:27 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [1/2/2008 5:50:18 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 09/11/2004 08:53 PM 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2f06280-cf21-11dc-a70b-000e352dcfd3}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f37ad4b0-b8fb-11dc-a6e1-000e352dcfd3}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f37ad4b1-b8fb-11dc-a6e1-000e352dcfd3}]
AutoRun\command- E:\AutoRun.exe




-- End of Deckard's System Scanner: finished at 2008-06-10 23:17:03 ------------

=================================================================================================

HIJACKTHIS LOG


Logfile of HijackThis v1.99.1
Scan saved at 11:21:29 PM, on 10/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\afinding.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\GIZMO2\GIZMO.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\routing.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\Allume\StuffIt\MXTask.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\PROGRA~1\Allume\StuffIt\mxtask.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wserving.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HIJACK~1\Home.exe
C:\WINDOWS\system32\Indt2.sys

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abc.net.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GIZMO2] C:\Program Files\GIZMO2\GIZMO.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DF7E9BB-2E70-4C58-9D4D-66E7B3FF1E1F}: NameServer = 192.231.203.132,192.231.203.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DF7E9BB-2E70-4C58-9D4D-66E7B3FF1E1F}: NameServer = 192.231.203.132,192.231.203.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DF7E9BB-2E70-4C58-9D4D-66E7B3FF1E1F}: NameServer = 192.231.203.132,192.231.203.3
O17 - HKLM\System\CS3\Services\Tcpip\..\{0DF7E9BB-2E70-4C58-9D4D-66E7B3FF1E1F}: NameServer = 192.231.203.132,192.231.203.3
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StuffIt Task Manager - Allume Systems, Inc. - C:\PROGRA~1\Allume\StuffIt\MXTask.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:28 PM

Posted 10 June 2008 - 09:48 PM

Hello Manic007,

I think you have more malware on this computer. :thumbsup:

Run DSS again, using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK (this assumes dss.exe is on your desktop

"%userprofile%\desktop\dss.exe" /daft

Click on Scan.

Tick the boxes which should appear for these entries:

.cpl
.js


then Click on Fix

Click Scan again, you should get a message "All Associations OK!" Next, click Save Log, and post this log in your next reply. By default, it will save as daft.txt.

**************************

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your AVAST Antivirus and Spybot Teatimer before running ComboFix, as they will prevent it from running.

To disable Spybot's Teatimer:
Run Spybot-S&D
Go to the Mode menu, and make sure "Advanced Mode" is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer" and OK any prompts



To disable avast antivirus:
Right click on the avast! icon in system tray (looks like this: Posted Image) and choose (Stop On-Access Protection)

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

When following the instructions install the Windows XP Recovery Console if you are using XP. <== IMPORTANT
It is a simple procedure that will only take a few moments of your time.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.

Edited by SifuMike, 10 June 2008 - 09:48 PM.
spelling

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Manic007

Manic007
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 11 June 2008 - 02:22 AM

Hi SifuMike,

I accidentally didn't save the DSS log file... :thumbsup: I hope this doesn't make it more difficult.

I do remember that there were two .CPL files and one .JS file. One of these files had the word "Dreamweaver" in it.

Am now running Combofix.

Cheers,

Nic

#6 Manic007

Manic007
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 11 June 2008 - 02:30 AM

Another small problem:

I don't have the original Windows CDs, and am running XP Professional - Service Pack 3 which is not available for download on this page: http://support.microsoft.com/kb/310994

...Therefore, I haven't run Combofix yet...


What now..?

Edited by Manic007, 11 June 2008 - 05:28 AM.


#7 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:28 PM

Posted 11 June 2008 - 07:24 AM

Any Service Pack of the given OS downloaded from Microsoft, will work. :thumbsup:

With SP3 installed, SP2 or even SP1 package will work.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 Manic007

Manic007
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 15 June 2008 - 10:12 PM

Hi Mike,

Below is the log from Combofix.

Let me know if you need any more info.

Cheers!

Nic


============================================


ComboFix 08-06-10.1 - Home 2008-06-16 12:28:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.591 [GMT 10:00]
Running from: C:\Documents and Settings\Home\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Home\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\tmp0_10784523766.bk
C:\WINDOWS\system32\tmp0_112457866482.bk
C:\WINDOWS\system32\tmp0_112599341719.bk
C:\WINDOWS\system32\tmp0_123311837912.bk
C:\WINDOWS\system32\tmp0_135551729579.bk
C:\WINDOWS\system32\tmp0_14983229096.bk
C:\WINDOWS\system32\tmp0_167257331478.bk
C:\WINDOWS\system32\tmp0_17170789159.bk
C:\WINDOWS\system32\tmp0_172886609355.bk
C:\WINDOWS\system32\tmp0_194913559043.bk
C:\WINDOWS\system32\tmp0_196753201502.bk
C:\WINDOWS\system32\tmp0_199997705097.bk
C:\WINDOWS\system32\tmp0_200085236131.bk
C:\WINDOWS\system32\tmp0_200448610722.bk
C:\WINDOWS\system32\tmp0_213690726698.bk
C:\WINDOWS\system32\tmp0_214179831398.bk
C:\WINDOWS\system32\tmp0_23798374487.bk
C:\WINDOWS\system32\tmp0_25627558493.bk
C:\WINDOWS\system32\tmp0_26228243464.bk
C:\WINDOWS\system32\tmp0_2647368401.bk
C:\WINDOWS\system32\tmp0_2732713847.bk
C:\WINDOWS\system32\tmp0_281375396279.bk
C:\WINDOWS\system32\tmp0_300267399458.bk
C:\WINDOWS\system32\tmp0_303914212560.bk
C:\WINDOWS\system32\tmp0_346047595600.bk
C:\WINDOWS\system32\tmp0_353026667515.bk
C:\WINDOWS\system32\tmp0_3642802462.bk
C:\WINDOWS\system32\tmp0_368799194947.bk
C:\WINDOWS\system32\tmp0_369386342738.bk
C:\WINDOWS\system32\tmp0_370346502485.bk
C:\WINDOWS\system32\tmp0_371529854324.bk
C:\WINDOWS\system32\tmp0_3752364434.bk
C:\WINDOWS\system32\tmp0_380074202587.bk
C:\WINDOWS\system32\tmp0_3822455978.bk
C:\WINDOWS\system32\tmp0_388306656894.bk
C:\WINDOWS\system32\tmp0_389354368083.bk
C:\WINDOWS\system32\tmp0_409046873447.bk
C:\WINDOWS\system32\tmp0_409697802196.bk
C:\WINDOWS\system32\tmp0_4131420399.bk
C:\WINDOWS\system32\tmp0_417853532079.bk
C:\WINDOWS\system32\tmp0_422056299326.bk
C:\WINDOWS\system32\tmp0_425151632520.bk
C:\WINDOWS\system32\tmp0_438366744034.bk
C:\WINDOWS\system32\tmp0_440231334341.bk
C:\WINDOWS\system32\tmp0_447295598300.bk
C:\WINDOWS\system32\tmp0_44941743075.bk
C:\WINDOWS\system32\tmp0_489228858467.bk
C:\WINDOWS\system32\tmp0_498725596973.bk
C:\WINDOWS\system32\tmp0_51491173649.bk
C:\WINDOWS\system32\tmp0_519802824475.bk
C:\WINDOWS\system32\tmp0_523540294820.bk
C:\WINDOWS\system32\tmp0_534914247148.bk
C:\WINDOWS\system32\tmp0_544188599011.bk
C:\WINDOWS\system32\tmp0_57118408774.bk
C:\WINDOWS\system32\tmp0_574728383333.bk
C:\WINDOWS\system32\tmp0_606534385370.bk
C:\WINDOWS\system32\tmp0_609002720001.bk
C:\WINDOWS\system32\tmp0_624443453635.bk
C:\WINDOWS\system32\tmp0_628363631503.bk
C:\WINDOWS\system32\tmp0_645714688305.bk
C:\WINDOWS\system32\tmp0_67154806527.bk
C:\WINDOWS\system32\tmp0_67234846703.bk
C:\WINDOWS\system32\tmp0_677663386482.bk
C:\WINDOWS\system32\tmp0_682680753141.bk
C:\WINDOWS\system32\tmp0_690467802049.bk
C:\WINDOWS\system32\tmp0_7061672191.bk
C:\WINDOWS\system32\tmp0_708806354731.bk
C:\WINDOWS\system32\tmp0_713031248085.bk
C:\WINDOWS\system32\tmp0_717771733920.bk
C:\WINDOWS\system32\tmp0_72027825166.bk
C:\WINDOWS\system32\tmp0_739706861059.bk
C:\WINDOWS\system32\tmp0_741935678258.bk
C:\WINDOWS\system32\tmp0_757393251572.bk
C:\WINDOWS\system32\tmp0_765004576142.bk
C:\WINDOWS\system32\tmp0_814498467462.bk
C:\WINDOWS\system32\tmp0_834520338771.bk
C:\WINDOWS\system32\tmp0_835292750125.bk
C:\WINDOWS\system32\tmp0_839360711246.bk
C:\WINDOWS\system32\tmp0_839439836879.bk
C:\WINDOWS\system32\tmp0_83964847708.bk
C:\WINDOWS\system32\tmp0_861772542167.bk
C:\WINDOWS\system32\tmp0_872387896110.bk
C:\WINDOWS\system32\tmp0_873343256984.bk
C:\WINDOWS\system32\tmp0_87626329337.bk
C:\WINDOWS\system32\tmp0_878106628853.bk
C:\WINDOWS\system32\tmp0_884988485424.bk
C:\WINDOWS\system32\tmp0_890528609816.bk
C:\WINDOWS\system32\tmp0_89474444899.bk
C:\WINDOWS\system32\tmp0_899161696273.bk
C:\WINDOWS\system32\tmp0_91866246419.bk
C:\WINDOWS\system32\tmp0_93189212176.bk
C:\WINDOWS\system32\tmp1_104625518059.bk
C:\WINDOWS\system32\tmp1_153493804507.bk
C:\WINDOWS\system32\tmp1_157887421562.bk
C:\WINDOWS\system32\tmp1_15981861549.bk
C:\WINDOWS\system32\tmp1_166774184369.bk
C:\WINDOWS\system32\tmp1_1912520044.bk
C:\WINDOWS\system32\tmp1_196443470488.bk
C:\WINDOWS\system32\tmp1_198378138891.bk
C:\WINDOWS\system32\tmp1_226859535819.bk
C:\WINDOWS\system32\tmp1_227124155481.bk
C:\WINDOWS\system32\tmp1_228766841653.bk
C:\WINDOWS\system32\tmp1_229888392991.bk
C:\WINDOWS\system32\tmp1_233699394783.bk
C:\WINDOWS\system32\tmp1_25007730434.bk
C:\WINDOWS\system32\tmp1_275778784862.bk
C:\WINDOWS\system32\tmp1_276112569612.bk
C:\WINDOWS\system32\tmp1_276375445070.bk
C:\WINDOWS\system32\tmp1_285496567925.bk
C:\WINDOWS\system32\tmp1_317170493179.bk
C:\WINDOWS\system32\tmp1_334882715978.bk
C:\WINDOWS\system32\tmp1_335220408486.bk
C:\WINDOWS\system32\tmp1_33788916631.bk
C:\WINDOWS\system32\tmp1_35704819727.bk
C:\WINDOWS\system32\tmp1_35910627558.bk
C:\WINDOWS\system32\tmp1_374598562970.bk
C:\WINDOWS\system32\tmp1_397008683258.bk
C:\WINDOWS\system32\tmp1_445727894799.bk
C:\WINDOWS\system32\tmp1_460050648828.bk
C:\WINDOWS\system32\tmp1_461575491708.bk
C:\WINDOWS\system32\tmp1_473507303357.bk
C:\WINDOWS\system32\tmp1_50352540512.bk
C:\WINDOWS\system32\tmp1_503762180426.bk
C:\WINDOWS\system32\tmp1_511529741052.bk
C:\WINDOWS\system32\tmp1_551073888360.bk
C:\WINDOWS\system32\tmp1_556553814458.bk
C:\WINDOWS\system32\tmp1_56031780805.bk
C:\WINDOWS\system32\tmp1_567895895139.bk
C:\WINDOWS\system32\tmp1_571072377852.bk
C:\WINDOWS\system32\tmp1_577797543499.bk
C:\WINDOWS\system32\tmp1_608038286401.bk
C:\WINDOWS\system32\tmp1_614252532658.bk
C:\WINDOWS\system32\tmp1_629617547350.bk
C:\WINDOWS\system32\tmp1_638220267264.bk
C:\WINDOWS\system32\tmp1_656208680313.bk
C:\WINDOWS\system32\tmp1_657695353301.bk
C:\WINDOWS\system32\tmp1_666049470334.bk
C:\WINDOWS\system32\tmp1_673847809510.bk
C:\WINDOWS\system32\tmp1_677511243896.bk
C:\WINDOWS\system32\tmp1_68406798675.bk
C:\WINDOWS\system32\tmp1_684640375585.bk
C:\WINDOWS\system32\tmp1_69485560447.bk
C:\WINDOWS\system32\tmp1_704914694069.bk
C:\WINDOWS\system32\tmp1_708941550699.bk
C:\WINDOWS\system32\tmp1_72106849789.bk
C:\WINDOWS\system32\tmp1_726081570444.bk
C:\WINDOWS\system32\tmp1_7298728919.bk
C:\WINDOWS\system32\tmp1_751004638832.bk
C:\WINDOWS\system32\tmp1_764110712033.bk
C:\WINDOWS\system32\tmp1_778957468387.bk
C:\WINDOWS\system32\tmp1_81237782978.bk
C:\WINDOWS\system32\tmp1_81604292729.bk
C:\WINDOWS\system32\tmp1_850870576367.bk
C:\WINDOWS\system32\tmp1_859953641411.bk
C:\WINDOWS\system32\tmp1_863065699381.bk
C:\WINDOWS\system32\tmp1_87322812082.bk
C:\WINDOWS\system32\tmp1_882884792080.bk
C:\WINDOWS\system32\tmp1_889302180546.bk
C:\WINDOWS\system32\tmp1_96977216958.bk
C:\WINDOWS\system32\tmp2_339620560892.bk
C:\WINDOWS\system32\tmp2_490183573268.bk
C:\WINDOWS\system32\tmp2_527608794638.bk
C:\WINDOWS\system32\tmp2_707611539343.bk
C:\WINDOWS\system32\tmp3_10544046969.bk
C:\WINDOWS\system32\tmp3_106732219261.bk
C:\WINDOWS\system32\tmp3_107701561911.bk
C:\WINDOWS\system32\tmp3_154169505218.bk
C:\WINDOWS\system32\tmp3_154364572798.bk
C:\WINDOWS\system32\tmp3_155596820845.bk
C:\WINDOWS\system32\tmp3_15712576345.bk
C:\WINDOWS\system32\tmp3_168669597828.bk
C:\WINDOWS\system32\tmp3_169918628075.bk
C:\WINDOWS\system32\tmp3_170030136598.bk
C:\WINDOWS\system32\tmp3_185432123783.bk
C:\WINDOWS\system32\tmp3_193821146921.bk
C:\WINDOWS\system32\tmp3_214999452323.bk
C:\WINDOWS\system32\tmp3_229498494292.bk
C:\WINDOWS\system32\tmp3_23181707583.bk
C:\WINDOWS\system32\tmp3_238027667999.bk
C:\WINDOWS\system32\tmp3_242855388071.bk
C:\WINDOWS\system32\tmp3_245287859971.bk
C:\WINDOWS\system32\tmp3_247715627254.bk
C:\WINDOWS\system32\tmp3_26934868127.bk
C:\WINDOWS\system32\tmp3_271455827605.bk
C:\WINDOWS\system32\tmp3_278049757784.bk
C:\WINDOWS\system32\tmp3_278290240736.bk
C:\WINDOWS\system32\tmp3_281142669909.bk
C:\WINDOWS\system32\tmp3_312294815623.bk
C:\WINDOWS\system32\tmp3_312711755212.bk
C:\WINDOWS\system32\tmp3_321580224476.bk
C:\WINDOWS\system32\tmp3_32973726347.bk
C:\WINDOWS\system32\tmp3_345606334126.bk
C:\WINDOWS\system32\tmp3_359771253438.bk
C:\WINDOWS\system32\tmp3_360951775001.bk
C:\WINDOWS\system32\tmp3_365120630705.bk
C:\WINDOWS\system32\tmp3_366329471222.bk
C:\WINDOWS\system32\tmp3_368285823250.bk
C:\WINDOWS\system32\tmp3_37035979244.bk
C:\WINDOWS\system32\tmp3_380376551946.bk
C:\WINDOWS\system32\tmp3_39885687387.bk
C:\WINDOWS\system32\tmp3_409631623968.bk
C:\WINDOWS\system32\tmp3_415795687615.bk
C:\WINDOWS\system32\tmp3_431370538684.bk
C:\WINDOWS\system32\tmp3_45531171917.bk
C:\WINDOWS\system32\tmp3_462007463155.bk
C:\WINDOWS\system32\tmp3_466474676379.bk
C:\WINDOWS\system32\tmp3_473600326882.bk
C:\WINDOWS\system32\tmp3_478268321976.bk
C:\WINDOWS\system32\tmp3_486413297945.bk
C:\WINDOWS\system32\tmp3_493198377366.bk
C:\WINDOWS\system32\tmp3_49698361583.bk
C:\WINDOWS\system32\tmp3_504918800986.bk
C:\WINDOWS\system32\tmp3_507159628508.bk
C:\WINDOWS\system32\tmp3_51466078437.bk
C:\WINDOWS\system32\tmp3_514875493190.bk
C:\WINDOWS\system32\tmp3_55167501396.bk
C:\WINDOWS\system32\tmp3_57126540740.bk
C:\WINDOWS\system32\tmp3_574408453264.bk
C:\WINDOWS\system32\tmp3_58240599204.bk
C:\WINDOWS\system32\tmp3_587210284799.bk
C:\WINDOWS\system32\tmp3_58825866337.bk
C:\WINDOWS\system32\tmp3_617378308541.bk
C:\WINDOWS\system32\tmp3_61791720726.bk
C:\WINDOWS\system32\tmp3_618754268419.bk
C:\WINDOWS\system32\tmp3_6233262398.bk
C:\WINDOWS\system32\tmp3_640204107161.bk
C:\WINDOWS\system32\tmp3_651281424869.bk
C:\WINDOWS\system32\tmp3_65139777963.bk
C:\WINDOWS\system32\tmp3_67278087261.bk
C:\WINDOWS\system32\tmp3_676304471867.bk
C:\WINDOWS\system32\tmp3_678899414295.bk
C:\WINDOWS\system32\tmp3_681606413420.bk
C:\WINDOWS\system32\tmp3_684072797268.bk
C:\WINDOWS\system32\tmp3_684476642859.bk
C:\WINDOWS\system32\tmp3_687999530741.bk
C:\WINDOWS\system32\tmp3_688733470778.bk
C:\WINDOWS\system32\tmp3_698632600816.bk
C:\WINDOWS\system32\tmp3_699897379747.bk
C:\WINDOWS\system32\tmp3_709311525210.bk
C:\WINDOWS\system32\tmp3_713353569986.bk
C:\WINDOWS\system32\tmp3_722671208046.bk
C:\WINDOWS\system32\tmp3_733167775147.bk
C:\WINDOWS\system32\tmp3_735712724528.bk
C:\WINDOWS\system32\tmp3_746783731419.bk
C:\WINDOWS\system32\tmp3_750530801807.bk
C:\WINDOWS\system32\tmp3_75608849373.bk
C:\WINDOWS\system32\tmp3_762945474459.bk
C:\WINDOWS\system32\tmp3_766104703735.bk
C:\WINDOWS\system32\tmp3_769498167364.bk
C:\WINDOWS\system32\tmp3_786828567942.bk
C:\WINDOWS\system32\tmp3_800689619573.bk
C:\WINDOWS\system32\tmp3_812541411532.bk
C:\WINDOWS\system32\tmp3_824495439910.bk
C:\WINDOWS\system32\tmp3_826900240768.bk
C:\WINDOWS\system32\tmp3_83611599531.bk
C:\WINDOWS\system32\tmp3_836822458034.bk
C:\WINDOWS\system32\tmp3_852318734794.bk
C:\WINDOWS\system32\tmp3_854077876849.bk
C:\WINDOWS\system32\tmp3_860382210960.bk
C:\WINDOWS\system32\tmp3_866260488911.bk
C:\WINDOWS\system32\tmp3_881652653718.bk
C:\WINDOWS\system32\tmp4_106908426918.bk
C:\WINDOWS\system32\tmp4_125032626465.bk
C:\WINDOWS\system32\tmp4_12776762763.bk
C:\WINDOWS\system32\tmp4_130569516013.bk
C:\WINDOWS\system32\tmp4_143933172458.bk
C:\WINDOWS\system32\tmp4_146307451797.bk
C:\WINDOWS\system32\tmp4_152636623742.bk
C:\WINDOWS\system32\tmp4_16488179058.bk
C:\WINDOWS\system32\tmp4_171272604106.bk
C:\WINDOWS\system32\tmp4_1738087888.bk
C:\WINDOWS\system32\tmp4_174542431883.bk
C:\WINDOWS\system32\tmp4_181067880220.bk
C:\WINDOWS\system32\tmp4_196202415267.bk
C:\WINDOWS\system32\tmp4_202741345350.bk
C:\WINDOWS\system32\tmp4_20461222880.bk
C:\WINDOWS\system32\tmp4_241821376784.bk
C:\WINDOWS\system32\tmp4_242667210206.bk
C:\WINDOWS\system32\tmp4_247213129822.bk
C:\WINDOWS\system32\tmp4_26257855463.bk
C:\WINDOWS\system32\tmp4_270107157848.bk
C:\WINDOWS\system32\tmp4_30943815244.bk
C:\WINDOWS\system32\tmp4_311119592708.bk
C:\WINDOWS\system32\tmp4_31773597985.bk
C:\WINDOWS\system32\tmp4_3182745260.bk
C:\WINDOWS\system32\tmp4_32334979388.bk
C:\WINDOWS\system32\tmp4_326887244.bk
C:\WINDOWS\system32\tmp4_327917642996.bk
C:\WINDOWS\system32\tmp4_356579865807.bk
C:\WINDOWS\system32\tmp4_356781448232.bk
C:\WINDOWS\system32\tmp4_359477632814.bk
C:\WINDOWS\system32\tmp4_360123362368.bk
C:\WINDOWS\system32\tmp4_3613586830.bk
C:\WINDOWS\system32\tmp4_371333256985.bk
C:\WINDOWS\system32\tmp4_372892249.bk
C:\WINDOWS\system32\tmp4_374377133498.bk
C:\WINDOWS\system32\tmp4_374831173221.bk
C:\WINDOWS\system32\tmp4_382035373150.bk
C:\WINDOWS\system32\tmp4_382181183812.bk
C:\WINDOWS\system32\tmp4_38333092599.bk
C:\WINDOWS\system32\tmp4_384065823301.bk
C:\WINDOWS\system32\tmp4_390941800279.bk
C:\WINDOWS\system32\tmp4_397591535388.bk
C:\WINDOWS\system32\tmp4_402002294763.bk
C:\WINDOWS\system32\tmp4_404757703944.bk
C:\WINDOWS\system32\tmp4_406343664670.bk
C:\WINDOWS\system32\tmp4_406743121689.bk
C:\WINDOWS\system32\tmp4_424251457058.bk
C:\WINDOWS\system32\tmp4_427495222674.bk
C:\WINDOWS\system32\tmp4_432827209878.bk
C:\WINDOWS\system32\tmp4_43398648868.bk
C:\WINDOWS\system32\tmp4_449852425734.bk
C:\WINDOWS\system32\tmp4_46224194927.bk
C:\WINDOWS\system32\tmp4_462337380665.bk
C:\WINDOWS\system32\tmp4_490753890505.bk
C:\WINDOWS\system32\tmp4_503446542221.bk
C:\WINDOWS\system32\tmp4_506923114087.bk
C:\WINDOWS\system32\tmp4_5173458500.bk
C:\WINDOWS\system32\tmp4_519760412474.bk
C:\WINDOWS\system32\tmp4_532394367413.bk
C:\WINDOWS\system32\tmp4_541775560759.bk
C:\WINDOWS\system32\tmp4_556029344407.bk
C:\WINDOWS\system32\tmp4_55695704612.bk
C:\WINDOWS\system32\tmp4_563384663877.bk
C:\WINDOWS\system32\tmp4_568395484308.bk
C:\WINDOWS\system32\tmp4_574108235312.bk
C:\WINDOWS\system32\tmp4_606738208132.bk
C:\WINDOWS\system32\tmp4_61743093500.bk
C:\WINDOWS\system32\tmp4_618879313686.bk
C:\WINDOWS\system32\tmp4_629355811647.bk
C:\WINDOWS\system32\tmp4_632098277065.bk
C:\WINDOWS\system32\tmp4_6375757260.bk
C:\WINDOWS\system32\tmp4_664573578450.bk
C:\WINDOWS\system32\tmp4_67053513919.bk
C:\WINDOWS\system32\tmp4_675715359616.bk
C:\WINDOWS\system32\tmp4_679915332369.bk
C:\WINDOWS\system32\tmp4_68079788627.bk
C:\WINDOWS\system32\tmp4_680873850541.bk
C:\WINDOWS\system32\tmp4_697982631088.bk
C:\WINDOWS\system32\tmp4_71584737080.bk
C:\WINDOWS\system32\tmp4_72612724879.bk
C:\WINDOWS\system32\tmp4_7337218719.bk
C:\WINDOWS\system32\tmp4_774258618606.bk
C:\WINDOWS\system32\tmp4_780234525145.bk
C:\WINDOWS\system32\tmp4_790380882702.bk
C:\WINDOWS\system32\tmp4_803085251500.bk
C:\WINDOWS\system32\tmp4_814436319382.bk
C:\WINDOWS\system32\tmp4_824396406109.bk
C:\WINDOWS\system32\tmp4_859998891523.bk
C:\WINDOWS\system32\tmp4_861797889843.bk
C:\WINDOWS\system32\tmp4_876151384004.bk
C:\WINDOWS\system32\tmp4_884579871107.bk
C:\WINDOWS\system32\tmp4_890452121153.bk
C:\WINDOWS\system32\tmp4_99704135479.bk
C:\WINDOWS\system32\WServing.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_perfmons
-------\Service_Routing
-------\Service_WServing


((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-11 14:50 . 2008-04-14 22:30 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 14:50 . 2008-05-09 00:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 11:36 . 2008-06-11 11:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-10 17:33 . 2008-06-10 17:33 <DIR> d-------- C:\Program Files\Sun
2008-06-10 17:22 . 2008-06-10 17:22 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-10 16:50 . 2008-06-10 16:50 <DIR> d-------- C:\Documents and Settings\Home\.java
2008-06-07 12:37 . 2008-06-07 12:37 <DIR> d-------- C:\Deckard
2008-05-26 17:02 . 2008-05-26 17:02 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-05-26 17:02 . 2008-05-26 17:02 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-24 12:03 . 2008-05-24 12:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-24 12:03 . 2008-05-24 12:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-24 09:25 . 2008-05-24 09:24 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-24 09:25 . 2008-05-24 09:25 2,542 --a------ C:\WINDOWS\unins000.dat
2008-05-19 17:20 . 2008-05-19 17:21 <DIR> d-------- C:\Program Files\QuickTime
2008-05-19 17:19 . 2008-05-19 17:19 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 02:32 --------- d-----w C:\Documents and Settings\Home\Application Data\DNA
2008-06-12 05:07 --------- d-----w C:\Program Files\Opera
2008-06-10 07:33 --------- d-----w C:\Program Files\Java
2008-06-07 01:36 --------- d-----w C:\Program Files\Calendar
2008-05-23 23:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-23 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-13 07:33 --------- d-----w C:\Program Files\GIZMO2
2008-05-13 07:33 --------- d-----w C:\Documents and Settings\Home\Application Data\GIZMO2
2008-05-12 05:49 --------- d-----w C:\Program Files\Safari
2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-22 04:40 249,856 ----a-w C:\WINDOWS\UNIQLOCK.scr
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 00:11 376,832 ------w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msinfo.dll
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2008-05-26 17:02 34816 --a------ C:\Program Files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2008-05-26 17:02 73728 --a------ C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-07-22 19:01 442368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 10:12 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 09:30 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 16:32 69632 C:\WINDOWS\system32\S3Tray2.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-06-17 03:53 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-06-17 03:53 512000]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 11:39 897024]
"TpShocks"="TpShocks.exe" [2004-03-27 11:16 102400 C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-18 05:06 94208]
"TP4EX"="tp4ex.exe" [2002-09-04 18:05 53248 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 19:04 208896]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-26 05:52 339968]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [2004-07-15 09:34 36864]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 18:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-09-02 18:05 127035]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [2004-07-22 19:01 442368]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 18:37 110592]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 18:37 20480]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 18:37 395776]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-02 03:52 1368064]
"QCTRAY"="C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2004-11-09 20:53 712704]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-11-09 20:53 81920]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-07 09:08 86016]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-07-11 19:53 540672]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"GIZMO2"="C:\Program Files\GIZMO2\GIZMO.exe" [2008-03-06 11:37 2123016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-05-26 17:02 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 10:12 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/20/2007 5:53:09 PM 113664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [10/24/2007 6:57:27 AM 24576]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [1/2/2008 5:50:18 PM 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2004-11-09 20:53 262144 C:\WINDOWS\system32\QConGina.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2004-07-07 09:50]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-11-09 20:53]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 09:20]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-11-09 20:53]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-15 05:59]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2004-07-29 18:37]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 09:16]
R2 JavaQuickStarterService;Java Quick Starter;"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" []
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-07-11 19:38]
R3 TVTI2C;Lenovo SM bus driver;C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2007-05-22 14:59]
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-11-09 20:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2f06280-cf21-11dc-a70b-000e352dcfd3}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f37ad4b0-b8fb-11dc-a6e1-000e352dcfd3}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f37ad4b1-b8fb-11dc-a6e1-000e352dcfd3}]
\Shell\AutoRun\command - E:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-11 23:51:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-12 21:35:30 C:\WINDOWS\Tasks\BMMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 12:35:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\Allume\StuffIt\MXTask.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\PROGRA~1\Allume\StuffIt\MXTask.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-06-16 12:44:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 02:44:40

Pre-Run: 140,165,120 bytes free
Post-Run: 71,458,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

557 --- E O F --- 2008-06-11 06:24:03

#9 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:28 PM

Posted 15 June 2008 - 11:36 PM

Hi Nic,

Lets run an F-Secure online scan for Viruses, Spyware and RootKits:
Go to http://support.f-secure.com/enu/home/ols.shtml

Notes:
This scan will only work with Internet Explorer
You must have administrator rights to run this scan
This scan can take several hours, so please be patient

Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
Allow the Active X control to be installed on your computer, then click the Accept button
Click Full System Scan and allow the components to download and the scan to complete.
If malware is found, check Submit samples to F-Secure then select Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post


If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
When the cleaning option is presented, Uncheck Submit samples to F-Secure
Click Automatic cleaning
When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post, along with a new Hijackthis log.

Edited by SifuMike, 15 June 2008 - 11:40 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:28 PM

Posted 24 June 2008 - 04:55 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:01:28 PM

Posted 24 June 2008 - 07:00 PM

topic reopened :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users