Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo


  • This topic is locked This topic is locked
8 replies to this topic

#1 zepterfd

zepterfd

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 18 June 2008 - 11:24 PM

Yup. I got it.

I know a fair amount about computers, but this is beyond me. I've done a Spyware Doctor Scan and removed everything it came up with.

The two Vundo fix's, VirtumundoBegone and Vundo Fix, unfortunately didn't work.

If you want a description of the problems I'm having I'll post it, but I figure yall know them by now. Main point, Windows Defender pops up with the virus found (trojan.Vundo or whatever) every time I boot, and its nearly impossible to use aside from Safe Mode.

Here's the Log, and thank you very much for your help!

extra.txt
----------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T7400 @ 2.16GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 3069.81 MiB / 1654.86 MiB
Pagefile Memory (total/avail): 6320.58 MiB / 4564.12 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.21 MiB

C: is Fixed (NTFS) - 87.96 GiB total, 5.53 GiB free.
E: is CDROM (No Media)
G: is Removable (FAT)

\\.\PHYSICALDRIVE0 - HTS721010G9SA00 - 93.16 GiB - 2 partitions
\PARTITION0 - Unknown - 5.2 GiB
\PARTITION1 (bootable) - Installable File System - 87.96 GiB - C:

\\.\PHYSICALDRIVE1 - Motorola K1 USB Device - 117.66 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 120.08 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Symantec AntiVirus v10.2.0.276 (Symantec Corporation)
AS: Spyware Doctor v5.5.0.178 (PC Tools)
AS: Symantec AntiVirus v10.2.0.276 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Peter\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JABUVI
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Peter
LOCALAPPDATA=C:\Users\Peter\AppData\Local
LOGONSERVER=\\JABUVI
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Lenovo;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Nero\Lib\;C:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RR=C:\Program Files\Lenovo\Rescue and Recovery
SESSIONNAME=Console
SMA=C:\Program Files\ThinkVantage\SMA\
SWSHARE=C:\SWSHARE
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Peter\AppData\Local\Temp
TMP=C:\Users\Peter\AppData\Local\Temp
TPCCommon=C:\PROGRA~1\THINKV~1\PrdCtr
TVT=C:\Program Files\Lenovo
TVTCOMMON=C:\Program Files\Common Files\Lenovo
TVTPYDIR=C:\Program Files\Common Files\Lenovo\Python24
USERDOMAIN=Jabuvi
USERNAME=Peter
USERPROFILE=C:\Users\Peter
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Peter (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -runfromtemp -l0x0009 -removeonly
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Access Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
Adobe Acrobat 8 Professional - English, Français, Deutsch --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{786547F9-59BB-4FA3-B2D8-327FF1F14870}
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Assassin's Creed --> C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
ATI Uninstaller --> C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Business Contact Manager for Outlook 2007 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
ccc-Branding --> MsiExec.exe /I{7379FDD1-D0ED-4FF2-B168-E246772E731E}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cisco Systems VPN Client 5.0.00.0340 --> MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
dBpoweramp [Calculate Audio CRC] Codec --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
dBpoweramp Dalet Codec --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Dalet Codec.dat
dBpoweramp DSP Effects --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
dBpoweramp FLAC Codec --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp Monkeys Audio Codec --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBpoweramp Mp2 and BwfMp2 codec --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
dBpoweramp mp3 (Fraunhofer IIS) Codec --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
dBpoweramp Music Converter --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Ogg Vorbis Codec --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
dBpoweramp Real Audio (Helix) Encoder --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
dBPoweramp tooLame MP2 codec --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
dBpoweramp Wave64 Codec --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
dBpoweramp WavPack Codec --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
Diskeeper Home --> MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Help Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
HijackThis 2.0.2 --> "C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Insects Infestation --> "c:\program files\steam\SteamApps\SourceMods\Insects Infestation\unins000.exe"
Intel® PRO Network Connections Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Development Kit 5.0 Update 9 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150090}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Development Kit 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160000}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JGoodies JDiskReport 1.3.0 --> "C:\Program Files\JDiskReport 1.3.0\uninstall.exe"
KeyNote 1.6.5 --> "C:\Program Files\KeyNote\unins000.exe"
LeechFTP --> C:\Windows\eraser.exe KILL "C:\Program Files\LeechFTP\uninstall.uif"
Lenovo Registration --> C:\Program Files\Lenovo Registration\uninstall.exe
Lenovo System Interface Driver --> RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NTx86 130 C:\Program Files\Lenovo\SMIIF\lnvsmi.inf
LimeWire PRO 4.10.0 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Maintenance Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\AWAYTASK.INF
Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Visio MUI (English) 2007 --> MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
Microsoft Office Visio Professional 2007 --> MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Management Studio Express --> MsiExec.exe /I{A4512736-8D63-4298-9271-5329931FA46B}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola Driver Installation 3.4.0 --> MsiExec.exe /I{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}
Motorola Phone Tools --> C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Move Networks Media Player for Internet Explorer --> C:\Users\Peter\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
On Screen Display --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.LH 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe
PC Wizard 2008.1.81 --> "C:\Program Files\PC Wizard 2008\unins000.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Picture Viewer (Beta) for Windows SideShow --> MsiExec.exe /X{27E371D2-A9A7-42CC-815F-E9EB224057B1}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
Presentation Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry patch for Windows Vista USB S3 PM Enablement --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 130 C:\Program Files\Lenovo\USBPMon\USBPMon.inf
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 130 C:\Program Files\Lenovo\FPIRPOn\FPIRPOn.inf
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 130 C:\Program Files\Lenovo\Dipmon\Dipmon.inf
Registry patch to improve USB device detection on resume from sleep for Windows Vista --> MsiExec.exe /X{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}
Rescue and Recovery --> MsiExec.exe /X{7E4C16B8-8F76-4940-8505-98E93C00BF19}
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SlimServer 6.5.4 --> "C:\Program Files\SlimServer\unins000.exe"
SoundMAX --> C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe -runfromtemp -l0x0009 -removeonly
SpectroChord V1.0 --> "C:\Program Files\Chrod ID\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Subliminal blaster --> C:\Program Files\Subliminal blaster\uninstall.exe
Symantec AntiVirus --> MsiExec.exe /I{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}
Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SyncroSoft Emu (Remove only) --> C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
System Migration Assistant --> MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE}
System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
Team Fortress Classic --> "C:\Program Files\Steam\steam.exe" steam://uninstall/20
TextPad 5 --> MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64}
ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900 --> MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\Setup.exe" -l0x9 anything
ThinkPad Mobility Center Customization --> MsiExec.exe /X{E0EF321A-1949-451B-9484-7886F4F4719E}
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\HXFSETUP.EXE -U -ITkp0588z.inf
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\Setup.exe" -l0x9 UNINSTALL
Thinkpad Wireless LAN Adapters Software (11a/b/g/n) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8485F313-4B62-42F3-ADD8-0DE34A4DDAEF}\SETUP.exe" -l0x9 -removeonly
ThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\SETUP.EXE" -l0x9 anything
ThinkVantage Active Protection System --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Wallpapers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
Windows Driver Package - Intel (e1express) Net (11/16/2006 9.6.31.0) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\e1e6032.inf_a9c92413\e1e6032.inf
Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaahci.inf
Windows Driver Package - Intel hdc (09/15/2006 8.2.0.1008) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ich7id2.inf_103d01c3\ich7id2.inf
Windows Driver Package - Intel hdc (09/15/2006 8.2.0.1008) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ich7ide.inf_4cc59aa4\ich7ide.inf
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\dmi_pci.inf_0e65d7c6\dmi_pci.inf
Windows Driver Package - Intel System (09/15/2006 7.0.0.1020) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ich7core.inf_9c74ea21\ich7core.inf
Windows Driver Package - Intel System (09/15/2006 8.2.0.1008) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\945gm.inf_20363d8e\945gm.inf
Windows Driver Package - Intel USB (09/13/2006 8.2.0.1008) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ich7usb.inf_f4517067\ich7usb.inf
Windows Driver Package - Lenovo (IBMPMDRV) System (11/01/2006 1.41) --> C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_3462dfa4\ibmpmdrv.inf
Windows Live Toolbar --> "c:\Program Files\Windows Live Toolbar\UnInstall.exe" {C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Live Toolbar --> MsiExec.exe /X{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRar\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}


-- Application Event Log -------------------------------------------------------

Event Record #/Type13985 / Error
Event Submitted/Written: 06/18/2008 08:15:12 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.6000.16549, time stamp 0x46d230c5, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0x138c, application start time 0xexplorer.exe0.

Event Record #/Type13979 / Error
Event Submitted/Written: 06/18/2008 06:55:46 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.6000.16549, time stamp 0x46d230c5, faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61, exception code 0xc0000005, fault offset 0x00009bfd,
process id 0x16c0, application start time 0xexplorer.exe0.

Event Record #/Type13976 / Error
Event Submitted/Written: 06/18/2008 06:55:39 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.6000.16549, time stamp 0x46d230c5, faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61, exception code 0xc0000005, fault offset 0x00009bfd,
process id 0x11bc, application start time 0xexplorer.exe0.

Event Record #/Type13973 / Error
Event Submitted/Written: 06/18/2008 06:52:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.6000.16549, time stamp 0x46d230c5, faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61, exception code 0xc0000005, fault offset 0x00009bfd,
process id 0xe98, application start time 0xexplorer.exe0.

Event Record #/Type13970 / Error
Event Submitted/Written: 06/18/2008 06:52:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.6000.16549, time stamp 0x46d230c5, faulting module msvcrt.dll, version 7.0.6000.16386, time stamp 0x4549bd61, exception code 0xc0000005, fault offset 0x00009bfd,
process id 0x16b0, application start time 0xexplorer.exe0.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type78615 / Error
Event Submitted/Written: 06/18/2008 08:47:14 PM
Event ID/Source: 7 / disk
Event Description:
The device, \Device\Harddisk1\DR1, has a bad block.

Event Record #/Type78614 / Error
Event Submitted/Written: 06/18/2008 08:47:14 PM
Event ID/Source: 7 / disk
Event Description:
The device, \Device\Harddisk1\DR1, has a bad block.

Event Record #/Type78613 / Error
Event Submitted/Written: 06/18/2008 08:47:14 PM
Event ID/Source: 7 / disk
Event Description:
The device, \Device\Harddisk1\DR1, has a bad block.

Event Record #/Type78612 / Error
Event Submitted/Written: 06/18/2008 08:47:14 PM
Event ID/Source: 7 / disk
Event Description:
The device, \Device\Harddisk1\DR1, has a bad block.

Event Record #/Type78611 / Error
Event Submitted/Written: 06/18/2008 08:47:14 PM
Event ID/Source: 7 / disk
Event Description:
The device, \Device\Harddisk1\DR1, has a bad block.



-- End of Deckard's System Scanner: finished at 2008-06-18 20:48:16 ------------



main.txt
---------
Deckard's System Scanner v20071014.68
Run by Peter on 2008-06-18 20:45:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 5.52 GiB (less than 15%) free.


-- HijackThis (run as Peter.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:30 PM, on 6/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spyware Doctor\update.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\explorer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Users\Peter\Desktop\dss.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\HIJACK~1\Peter.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - C:\Windows\system32\byXNEUnO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7B539685-8FF9-4B39-BA71-46F251A96F87} - C:\Windows\system32\rqRHwXOg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {af7b4ec3-c491-dc99-b5e4-952e0ecedcbe} - {ebcdece0-e259-4e5b-99cd-194c3ce4b7fa} - C:\Windows\system32\ktbfwgmn.dll
O2 - BHO: (no name) - {FA4A3962-467D-4C5C-A17C-D103C4EB5DD9} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXNEUnO.dll,#1
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM73ce8e74] Rundll32.exe "C:\Windows\system32\seteunvf.dll",s
O4 - HKLM\..\Run: [70fdbde8] rundll32.exe "C:\Windows\system32\mtikcwax.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13097 bytes

-- File Associations -----------------------------------------------------------

.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 tvtfilter - c:\windows\system32\drivers\tvtfilter.sys <Not Verified; Lenovo; Rescue and Recovery>
R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>

S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys <Not Verified; Symantec Corporation; AutoProtect>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper ™ Disk Defragmenter>
R2 SUService (System Update) - "c:\program files\lenovo\system update\suservice.exe" <Not Verified; Lenovo Group Limited; ThinkVantage System Update Service>
R2 TVT Backup Protection Service - c:\program files\lenovo\rescue and recovery\rrpservice.exe <Not Verified; ; rrpservice Module>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 VundoFixSvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
S4 SlimServerMySQL - c:\progra~1\slimse~1\server\bin\mswin3~1\mysqld.exe --defaults-file=c:\progra~2\slimse~1\cache\my.cnf slimservermysql
S4 slimsvc (SlimServer) - "c:\program files\slimserver\server\slim.exe"
S4 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
S4 tvtnetwk - c:\program files\lenovo\rescue and recovery\adm\iuservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel® PRO/1000 PL Network Connection
Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\FFE7AAC500
Manufacturer: Intel
Name: Intel® PRO/1000 PL Network Connection
PNP Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\FFE7AAC500
Service: e1express

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-06-18 20:22:00 254 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
2008-06-18 20:00:01 486 --a------ C:\Windows\Tasks\1-Click Maintenance.job


-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-18 19:15:40 80896 --a------ C:\Windows\system32\mtikcwax.dll
2008-06-18 19:15:35 98816 --a------ C:\Windows\system32\ktbfwgmn.dll
2008-06-18 19:13:18 89600 --a------ C:\Windows\system32\seteunvf.dll
2008-06-18 18:27:18 89600 --a------ C:\Windows\system32\fcfsmbbw.dll
2008-06-18 18:26:36 680098 --ahs---- C:\Windows\system32\NUtEOpXx.ini2
2008-06-18 18:26:32 322560 --a------ C:\Windows\system32\xXpOEtUN.dll
2008-06-18 18:21:24 57344 --a------ C:\Windows\system32\byXNEUnO.dll
2008-06-17 12:05:26 82432 --a------ C:\Windows\system32\veejowhh.dll
2008-06-17 12:02:26 98816 --a------ C:\Windows\system32\riscwbxv.dll
2008-06-17 11:57:08 90112 --a------ C:\Windows\system32\lhfypjwa.dll
2008-06-17 11:56:25 681087 --ahs---- C:\Windows\system32\dMoqqtwa.ini2
2008-06-17 11:56:21 322560 --a------ C:\Windows\system32\awtqqoMd.dll
2008-06-17 10:34:53 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-06-17 10:22:25 0 d-------- C:\VundoFix Backups
2008-06-17 09:55:11 98816 --a------ C:\Windows\system32\clflkbin.dll
2008-06-17 09:46:10 90112 --a------ C:\Windows\system32\jrlbjkqh.dll
2008-06-17 09:43:52 90112 --a------ C:\Windows\system32\otlhrgvq.dll
2008-06-17 09:42:52 681947 --ahs---- C:\Windows\system32\gOXwHRqr.ini2
2008-06-17 09:42:48 322560 --a------ C:\Windows\system32\rqRHwXOg.dll
2008-06-17 08:24:28 0 d-------- C:\A
2008-06-17 06:33:15 90112 --a------ C:\Windows\system32\wpcblncv.dll
2008-06-17 06:31:04 680972 --ahs---- C:\Windows\system32\NmlTsuvw.ini2
2008-06-16 23:05:31 1168 --ahs---- C:\Windows\system32\bJPqXxyb.ini2
2008-06-16 23:05:25 322560 --a------ C:\Windows\system32\byxXqPJb.dll
2008-06-16 14:14:32 49664 --a------ C:\Windows\system32\vtdbymng.dll
2008-06-16 14:11:51 1678 --ahs---- C:\Windows\system32\GNmnqtwa.ini2
2008-06-16 14:08:45 57344 --a------ C:\Windows\system32\geBspqqO.dll
2008-06-15 22:34:21 0 d-------- C:\Users\All Users\Avanquest Bluetooth SDK
2008-06-14 17:58:06 0 d-------- C:\Program Files\FreePOPs
2008-06-11 02:11:55 0 d-------- C:\Windows\pss
2008-06-11 01:50:15 0 d-------- C:\Users\All Users\TuneUp Software
2008-06-11 01:49:52 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-11 01:48:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 00:28:38 0 d-------- C:\Windows\Sun
2008-06-10 23:01:08 0 d-------- C:\Program Files\Apple Software Update
2008-05-27 21:58:20 0 d-------- C:\Program Files\OpenOffice.org 2.4


-- Find3M Report ---------------------------------------------------------------

2008-06-18 20:18:06 0 d-------- C:\Users\Peter\AppData\Roaming\uTorrent
2008-06-18 18:47:48 0 d-------- C:\Program Files\Spyware Doctor
2008-06-17 12:08:24 0 d-------- C:\Users\Peter\AppData\Roaming\OpenOffice.org2
2008-06-17 10:47:23 1660 --a------ C:\Windows\bthservsdp.dat
2008-06-15 22:32:13 0 d-------- C:\Program Files\Motorola Phone Tools
2008-06-15 22:27:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-15 17:21:04 0 d-------- C:\Program Files\Avanquest update
2008-06-11 02:15:46 0 d-------- C:\Program Files\Windows Mail
2008-06-11 01:50:31 0 d-------- C:\Users\Peter\AppData\Roaming\TuneUp Software
2008-06-11 01:48:28 0 d-------- C:\Program Files\Common Files
2008-05-31 10:52:47 0 d-------- C:\Users\Peter\AppData\Roaming\Mozilla
2008-05-27 22:01:53 0 d-------- C:\Users\Peter\AppData\Roaming\JDiskReport
2008-05-27 21:57:53 0 d-------- C:\Program Files\OpenOffice.org 2.2
2008-05-27 21:51:45 0 d-------- C:\Program Files\Java
2008-05-27 05:02:26 0 d-------- C:\Program Files\Lenovo
2008-05-24 15:53:35 0 d-------- C:\Program Files\AIM6
2008-05-15 11:56:40 0 d-------- C:\Users\Peter\AppData\Roaming\Adobe
2008-05-15 11:46:37 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-15 11:38:17 0 d-------- C:\Program Files\Macromedia
2008-05-15 11:36:48 0 d-------- C:\Users\Peter\AppData\Roaming\Macromedia
2008-05-12 20:14:29 0 d-------- C:\Users\Peter\AppData\Roaming\Ubisoft
2008-05-12 19:22:46 0 d-------- C:\Program Files\Assassin's Creed
2008-05-11 17:12:43 0 d-------- C:\Users\Peter\AppData\Roaming\Move Networks
2008-05-10 20:23:51 0 d-------- C:\Users\Peter\AppData\Roaming\Steinberg
2008-05-10 20:09:44 0 d-------- C:\Program Files\Syncrosoft
2008-05-01 20:19:00 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-27 11:07:17 0 d-------- C:\Program Files\Windows SideShow
2008-04-21 11:43:40 0 d-------- C:\Program Files\Subliminal blaster
2008-04-09 11:35:52 221 --a------ C:\Windows\x
2008-03-23 13:00:38 1834 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
2008-03-23 13:00:34 1214 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
2008-03-23 13:00:32 2218 --a------ C:\Windows\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
2008-03-23 13:00:29 11463 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2008-03-23 13:00:12 1196 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Dalet Codec.dat
2008-03-23 13:00:10 2998 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
2008-03-23 13:00:02 3020 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2008-03-23 12:59:54 3142 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2008-03-23 12:59:46 3097 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2008-03-23 12:59:39 2941 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2008-03-23 12:59:32 2833 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2008-03-23 12:47:00 8447 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2008-03-23 12:46:50 13271 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06E12C36-760F-4D92-8509-5E5DBF12C423}]
06/16/2008 02:06 PM 57344 --a------ C:\Windows\system32\byXNEUnO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7B539685-8FF9-4B39-BA71-46F251A96F87}]
06/17/2008 09:42 AM 322560 --a------ C:\Windows\system32\rqRHwXOg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebcdece0-e259-4e5b-99cd-194c3ce4b7fa}]
06/18/2008 07:15 PM 98816 --a------ C:\Windows\system32\ktbfwgmn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA4A3962-467D-4C5C-A17C-D103C4EB5DD9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [06/13/2007 02:14 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/21/2007 03:08 PM]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [01/24/2008 07:21 AM]
"TpShocks"="TpShocks.exe" [12/25/2006 09:15 PM C:\Windows\System32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [04/26/2007 11:33 PM]
"PWMTRV"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [01/10/2008 11:20 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/16/2006 10:55 PM]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [01/31/2007 10:01 AM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [11/15/2006 04:21 PM]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [03/17/2008 10:37 AM]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [03/17/2008 10:37 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/22/2006 02:12 PM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [02/26/2007 03:45 PM]
"MSServer"="C:\Windows\system32\byXNEUnO.dll" [06/16/2008 02:06 PM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [12/10/2007 12:53 PM]
"BM73ce8e74"="C:\Windows\system32\seteunvf.dll" [06/18/2008 07:13 PM]
"70fdbde8"="C:\Windows\system32\mtikcwax.dll" [06/18/2008 07:15 PM]

C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [9/29/2006 7:57:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{06E12C36-760F-4D92-8509-5E5DBF12C423}"= C:\Windows\system32\byXNEUnO.dll [06/16/2008 02:06 PM 57344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ACGina
"Authentication Packages"= msv1_0 C:\Windows\system32\rqRHwXOg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TPKMAPMN"=C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
"ehTray.exe"=C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"AMSG"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8460c0fb-20eb-11dc-842c-000000000000}]
AutoRun\command- .\MigWiz\migsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8460c0fe-20eb-11dc-842c-000000000000}]
AutoRun\command- D:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dccd8b0b-db9d-11dc-b68c-00197ef3b38b}]
AutoRun\command- F:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dccd8b24-db9d-11dc-b68c-00197ef3b38b}]
AutoRun\command- G:\Installer.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /HideWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-18 20:48:16 ------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:25 PM

Posted 19 June 2008 - 09:18 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 zepterfd

zepterfd
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 19 June 2008 - 06:28 PM

hey sam, thank you very much for helpin me out. Here's the log:

ComboFix 08-06-19.1 - Peter 2008-06-19 15:53:26.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1910 [GMT -7:00]
Running from: C:\Users\Peter\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\awtqqoMd.dll
C:\Windows\system32\awtqrrpo.dll
C:\Windows\System32\bJPqXxyb.ini
C:\Windows\System32\bJPqXxyb.ini2
C:\Windows\system32\byxXqPJb.dll
C:\Windows\system32\clflkbin.dll
C:\Windows\System32\dMoqqtwa.ini
C:\Windows\System32\dMoqqtwa.ini2
C:\Windows\system32\drdxgysx.ini
C:\Windows\system32\etybewis.ini
C:\Windows\system32\fcfsmbbw.dll
C:\Windows\system32\geBspqqO.dll
C:\Windows\System32\GNmnqtwa.ini
C:\Windows\System32\GNmnqtwa.ini2
C:\Windows\System32\gOXwHRqr.ini
C:\Windows\System32\gOXwHRqr.ini2
C:\Windows\system32\hhwojeev.ini
C:\Windows\system32\jrlbjkqh.dll
C:\Windows\system32\ktbfwgmn.dll
C:\Windows\system32\lhfypjwa.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\mtikcwax.dll
C:\Windows\System32\NmlTsuvw.ini
C:\Windows\System32\NmlTsuvw.ini2
C:\Windows\system32\ntcsthxm.ini
C:\Windows\System32\NUtEOpXx.ini
C:\Windows\System32\NUtEOpXx.ini2
C:\Windows\system32\otlhrgvq.dll
C:\Windows\system32\retsuodk.ini
C:\Windows\system32\riscwbxv.dll
C:\Windows\system32\rqRHwXOg.dll
C:\Windows\system32\seteunvf.dll
C:\Windows\system32\tbqlmpfk.ini
C:\Windows\system32\veejowhh.dll
C:\Windows\system32\vtdbymng.dll
C:\Windows\system32\wpcblncv.dll
C:\Windows\system32\xawckitm.ini
C:\Windows\system32\xXpOEtUN.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-18 20:40 . 2008-06-18 20:40 <DIR> d-------- C:\Deckard
2008-06-18 18:59 . 2008-06-18 18:59 54,156 --ah----- C:\Windows\QTFont.qfn
2008-06-18 18:59 . 2008-06-18 18:59 1,409 --a------ C:\Windows\QTFont.for
2008-06-18 18:47 . 2008-06-18 18:47 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-06-17 10:34 . 2008-06-17 10:34 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-06-17 10:22 . 2008-06-17 10:34 <DIR> d-------- C:\VundoFix Backups
2008-06-17 08:24 . 2008-06-17 08:24 <DIR> d-------- C:\A
2008-06-15 22:34 . 2008-06-16 22:57 <DIR> d-------- C:\Users\All Users\Avanquest Bluetooth SDK
2008-06-15 22:34 . 2008-06-16 22:57 <DIR> d-------- C:\ProgramData\Avanquest Bluetooth SDK
2008-06-14 17:58 . 2008-06-14 18:00 <DIR> d-------- C:\Program Files\FreePOPs
2008-06-11 02:27 . 2008-06-11 02:27 354,560 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-06-11 01:50 . 2008-06-11 01:50 <DIR> d-------- C:\Users\Peter\AppData\Roaming\TuneUp Software
2008-06-11 01:50 . 2008-06-11 01:50 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-06-11 01:50 . 2008-06-11 01:50 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-06-11 01:50 . 2008-04-04 14:51 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-06-11 01:50 . 2008-04-04 14:51 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-06-11 01:49 . 2008-06-11 02:27 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-11 01:48 . 2008-06-11 01:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 01:40 . 2008-04-22 21:27 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-06-11 01:40 . 2008-04-22 21:27 428,032 --a------ C:\Windows\System32\EncDec.dll
2008-06-11 01:40 . 2008-04-22 21:27 292,352 --a------ C:\Windows\System32\psisdecd.dll
2008-06-11 01:40 . 2008-04-22 21:26 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-11 01:40 . 2008-04-22 21:26 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-11 01:40 . 2008-04-22 21:26 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-11 01:40 . 2008-04-22 21:26 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 00:28 . 2008-06-11 00:28 <DIR> d-------- C:\Windows\Sun
2008-06-10 23:01 . 2008-06-10 23:01 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-27 21:58 . 2008-05-27 21:58 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-27 16:37 . 2008-03-07 17:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 16:37 . 2008-03-07 21:30 1,686,528 --a------ C:\Windows\System32\gameux.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 22:51 --------- d---a-w C:\ProgramData\TEMP
2008-06-19 04:27 --------- d-----w C:\Program Files\Spyware Doctor
2008-06-19 03:18 --------- d-----w C:\Users\Peter\AppData\Roaming\uTorrent
2008-06-17 19:08 --------- d-----w C:\Users\Peter\AppData\Roaming\OpenOffice.org2
2008-06-16 05:32 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-06-16 05:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-16 00:21 --------- d-----w C:\Program Files\Avanquest update
2008-06-11 09:15 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 09:09 --------- d-----w C:\ProgramData\SlimServer
2008-06-09 06:59 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-09 06:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-28 05:01 --------- d-----w C:\Users\Peter\AppData\Roaming\JDiskReport
2008-05-28 04:57 --------- d-----w C:\Program Files\OpenOffice.org 2.2
2008-05-28 04:51 --------- d-----w C:\Program Files\Java
2008-05-27 12:03 141 ----a-w C:\Windows\system32\drivers\IBM_8743_CTO.MRK
2008-05-27 12:02 --------- d-----w C:\Program Files\Lenovo
2008-05-24 22:53 --------- d-----w C:\Program Files\AIM6
2008-05-24 22:28 --------- d-----w C:\ProgramData\Viewpoint
2008-05-24 22:28 --------- d-----w C:\ProgramData\AOL
2008-05-24 21:58 --------- d-----w C:\ProgramData\AOL Downloads
2008-05-15 18:46 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-15 18:38 --------- d-----w C:\Program Files\Macromedia
2008-05-13 03:14 --------- d-----w C:\Users\Peter\AppData\Roaming\Ubisoft
2008-05-13 02:27 --------- d-----w C:\ProgramData\Ubisoft
2008-05-13 02:22 --------- d-----w C:\Program Files\Assassin's Creed
2008-05-12 00:12 --------- d-----w C:\Users\Peter\AppData\Roaming\Move Networks
2008-05-11 03:23 --------- d-----w C:\Users\Peter\AppData\Roaming\Steinberg
2008-05-11 03:09 --------- d-----w C:\Program Files\Syncrosoft
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-02 03:19 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-04-29 01:42 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2008-04-27 18:07 --------- d-----w C:\Program Files\Windows SideShow
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-21 18:43 --------- d-----w C:\Program Files\Subliminal blaster
2007-08-30 07:13 174 --sha-w C:\Program Files\desktop.ini
2006-11-17 22:20 92,064 ------w C:\Users\Peter\mqdmmdm.sys
2006-11-17 22:20 9,232 ------w C:\Users\Peter\mqdmmdfl.sys
2006-11-17 22:20 79,328 ------w C:\Users\Peter\mqdmserd.sys
2006-11-17 22:20 66,656 ------w C:\Users\Peter\mqdmbus.sys
2006-11-17 22:20 6,208 ------w C:\Users\Peter\mqdmcmnt.sys
2006-11-17 22:20 5,936 ------w C:\Users\Peter\mqdmwhnt.sys
2006-11-17 22:20 4,048 ------w C:\Users\Peter\mqdmcr.sys
2006-11-17 22:20 25,600 ------w C:\Users\Peter\usbsermptxp.sys
2006-11-17 22:20 22,768 ------w C:\Users\Peter\usbsermpt.sys
2007-06-21 22:10 397,312 --sh--w C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16480_none_ef1b6bb652cf8744\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-21 15:08 820520]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 07:21 66928]
"TpShocks"="TpShocks.exe" [2006-12-25 21:15 181808 C:\Windows\System32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-26 23:33 243248]
"PWMTRV"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-01-10 23:20 558368]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-10-16 22:55 1097728]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-01-31 10:01 120368]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 16:21 217176]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-03-17 10:37 431392]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-03-17 10:37 128288]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 14:12 107112]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 15:45 992816]

C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 07:57:36 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 01:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
--a------ 2008-03-04 07:34 487424 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TPKMAPMN"=C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
"ehTray.exe"=C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"AMSG"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2540324091-3316014385-2152485337-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{06BCA8C8-FD5F-4693-B03C-96CA20B79E5E}"= UDP:C:\Program Files\Steam\Steam.exe:Steam Client
"{45108379-8711-4526-B621-494613055472}"= TCP:C:\Program Files\Steam\Steam.exe:Steam Client
"TCP Query User{56087FE2-00F8-4972-B9EE-DA4F15F4B9C0}C:\\program files\\macromedia\\dreamweaver mx\\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver mx\dreamweaver.exe:Dreamweaver MX
"UDP Query User{FB71D5B5-B4AE-4BF5-937D-46FDD0B71341}C:\\program files\\macromedia\\dreamweaver mx\\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver mx\dreamweaver.exe:Dreamweaver MX
"TCP Query User{D46FCBE5-CAF5-4EC9-A8D7-84C4661C8EDC}C:\\program files\\macromedia\\dreamweaver mx\\dreamweaver.exe"= UDP:C:\program files\macromedia\dreamweaver mx\dreamweaver.exe:Dreamweaver MX
"UDP Query User{3544E8E5-B2CE-4FD9-8D76-A2B897A31493}C:\\program files\\macromedia\\dreamweaver mx\\dreamweaver.exe"= TCP:C:\program files\macromedia\dreamweaver mx\dreamweaver.exe:Dreamweaver MX
"TCP Query User{566AD4DD-EB64-4A98-BD16-662046ACDCF3}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{E5168249-CF60-447C-9C9B-1B74571FC1D1}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{D3618B67-4E95-4918-8911-40CD4B8232F4}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{46D887C3-02E7-443B-8F4B-0590A94035B7}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{73074BB0-5C35-4C66-B26C-4D821E2F47BD}C:\\users\\peter\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\peter\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{69FFC205-04E9-480C-9FC1-B33C3075741E}C:\\users\\peter\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\peter\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"{8760128B-F9EB-4CA0-B623-F2625B4FC0BA}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{74E44DDC-80BF-478E-AF28-D892D48C5B4A}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{493ACF66-5A6E-4F49-A254-12A5B2CD9725}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{5619D799-2F98-4F27-9D11-5F5B9CE5CD8A}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{28F82B59-EAD3-4DC9-9374-27B9A496149A}"= C:\Program Files\Squeezebox\server\slim.exe:SlimServer
"{61571E25-7CD5-4FF4-8443-D2C79705746F}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{53B632BF-78C8-4DC0-8068-C524C49B62E9}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{17AA71E5-E45B-45CC-9DA9-85C3CCFC2C02}C:\\program files\\steam\\steamapps\\gd2348\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\gd2348\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{4CED45BB-8D0B-470B-8BC2-E0C12C093BDF}C:\\program files\\steam\\steamapps\\gd2348\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\gd2348\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{2D7DB876-911F-4556-B3A9-288E6451C8E6}C:\\program files\\steam\\steamapps\\gd2348\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\gd2348\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{B212C0B0-D0EE-47F8-AAE5-3AC48F1CF6F0}C:\\program files\\steam\\steamapps\\gd2348\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\gd2348\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{69BAC479-B46B-4E89-B93F-E9A082627D3B}C:\\program files\\steam\\steamapps\\gd2348\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\gd2348\counter-strike source\hl2.exe:hl2
"UDP Query User{8D47A901-F3AB-4256-A0ED-C06831B14532}C:\\program files\\steam\\steamapps\\gd2348\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\gd2348\counter-strike source\hl2.exe:hl2
"TCP Query User{EA26F67A-FE3B-4067-99A4-50AD047E86F8}C:\\program files\\steam\\steamapps\\gd2348\\team fortress classic\\hl.exe"= UDP:C:\program files\steam\steamapps\gd2348\team fortress classic\hl.exe:Half-Life Launcher
"UDP Query User{98BB5724-DFB2-4FE5-8747-60CB006AD0A5}C:\\program files\\steam\\steamapps\\gd2348\\team fortress classic\\hl.exe"= TCP:C:\program files\steam\steamapps\gd2348\team fortress classic\hl.exe:Half-Life Launcher
"TCP Query User{E61EC8FC-EBB5-4D97-A8A6-978BB554E860}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM
"UDP Query User{1E517038-DBAF-4E1E-BC26-2EF5DCC0D172}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM
"TCP Query User{A8BA92B0-090B-4EB9-9926-BD2B634672FE}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{75037AE0-665D-4199-A255-C297CC4514D1}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{9A8A3E87-44D0-4868-8485-923FC1AC565E}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{468807A8-7DB4-4FF5-A218-654CF83DAB58}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{8257CD5C-74DC-4CB8-A355-B1D23BF1C199}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A1A96631-8C12-4F12-A6A9-8916CF65DA76}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{DFB14864-4DED-41FF-B2F2-D7EE6BB447CC}C:\\program files\\leechftp\\leechftp.exe"= UDP:C:\program files\leechftp\leechftp.exe:LeechFTP
"UDP Query User{1A242D37-4E26-46D9-92CA-78573914A55C}C:\\program files\\leechftp\\leechftp.exe"= TCP:C:\program files\leechftp\leechftp.exe:LeechFTP
"TCP Query User{10DCD7EF-3507-4C1F-AB84-CFCAF49BC990}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM
"UDP Query User{92E70A52-AE2F-4762-BD53-0DB0632EF5AC}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM
"TCP Query User{13FCC8ED-F616-4BE8-AFB7-5C88C71EBC5A}C:\\program files\\leechftp\\leechftp.exe"= UDP:C:\program files\leechftp\leechftp.exe:LeechFTP
"UDP Query User{2587D55C-8FBE-45DC-8590-9A652EE76625}C:\\program files\\leechftp\\leechftp.exe"= TCP:C:\program files\leechftp\leechftp.exe:LeechFTP
"TCP Query User{C8799F4B-54C0-488E-AEF1-501C81AC9507}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{9EB9A355-9A0F-43A7-91A2-B5B850654B43}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{3D129978-806C-4223-8962-BB24E286C59B}"= C:\Program Files\SlimServer\server\slim.exe:SlimServer
"TCP Query User{77270936-08AD-4EFA-94B3-78E056A5C1C6}C:\\program files\\steam\\steamapps\\gd2348\\team fortress classic\\hl.exe"= UDP:C:\program files\steam\steamapps\gd2348\team fortress classic\hl.exe:Half-Life Launcher
"UDP Query User{EFB047C2-3D65-4485-B483-85F2A88C97CA}C:\\program files\\steam\\steamapps\\gd2348\\team fortress classic\\hl.exe"= TCP:C:\program files\steam\steamapps\gd2348\team fortress classic\hl.exe:Half-Life Launcher
"TCP Query User{00B7DF3E-3C82-4DDC-A641-A5DE9CC3CB4F}C:\\program files\\thinkvantage\\sma\\sma.exe"= UDP:C:\program files\thinkvantage\sma\sma.exe:System Migration Assistant
"UDP Query User{ADBF7CBB-ABEE-4BD5-94C1-B48436593BD1}C:\\program files\\thinkvantage\\sma\\sma.exe"= TCP:C:\program files\thinkvantage\sma\sma.exe:System Migration Assistant
"TCP Query User{4CF77096-982E-429D-8AA7-D666FB627E4C}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{D0B07787-9C20-4008-9F3C-E50E748A75C5}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{A1375A9C-D0C4-4068-9F6E-804F12AD7626}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{49DB10D8-33B9-47D5-BCA8-DF1AD7DB198F}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{259D838D-02C3-47DD-B5AE-1B9A53C96867}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{938819DA-0922-4C72-A3C0-763BD3C0920E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{811EFA91-0569-432A-A556-95730D620162}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{020D1A8E-FC59-4DDD-A22F-B06295660D94}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{4074C85B-2601-4FE0-8A14-7DABFFCA1FC4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5C189507-31E3-44D4-A629-B5A7EE597F15}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DDEBA1BA-3993-4B69-A1E5-C9BDB710BCCE}"= UDP:C:\Program Files\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{57D15D25-0431-4848-904B-3C36241F15A4}"= TCP:C:\Program Files\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{247ADD59-24BC-435F-8A23-37D4EAF5A373}"= UDP:C:\Program Files\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{DDFF5B6B-5BE3-44FB-84DE-41978CF66E81}"= TCP:C:\Program Files\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{0CA8B21F-4FA9-47D5-A8FD-97D1840D8295}"= UDP:C:\Program Files\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{8BC33F62-0CF5-4941-A9C8-FC89F9345F31}"= TCP:C:\Program Files\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{D637C55F-CACC-4330-97C4-9D44C3DC5CE7}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{D8888719-F8EC-4A9E-824B-C4AF7F5D628C}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"TCP Query User{27D56F65-2337-47AA-A202-AB7E4BD0B3A6}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= UDP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"UDP Query User{F0D6671C-AE9E-4D10-BCCA-7ABAD157F142}C:\\program files\\adobe\\adobe dreamweaver cs3\\dreamweaver.exe"= TCP:C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe:Adobe Dreamweaver CS3
"{2672B71C-3EFB-4962-9DAE-0FB21184AF7F}"= UDP:C:\Program Files\Mozilla Thunderbird\thunderbird.exe:Mozilla Thunderbird
"{79156047-49F3-4FA5-8210-14DC51306DC3}"= TCP:C:\Program Files\Mozilla Thunderbird\thunderbird.exe:Mozilla Thunderbird

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:*:Enabled:SlimServer 9000 tcp
"3483:UDP"= 3483:UDP:*:Enabled:SlimServer 3483 udp
"3483:TCP"= 3483:TCP:*:Enabled:SlimServer 3483 tcp

R0 Shockprf;Shockprf;C:\Windows\system32\DRIVERS\Apsx86.sys [2006-12-25 22:05]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM86.sys [2006-12-25 22:03]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 03:04]
R1 TPPWRIF;TPPWRIF;C:\Windows\system32\drivers\Tppwr32v.sys [2008-01-10 23:20]
R2 TPHKSVC;On Screen Display;C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-12-14 13:37]
R2 TVT Backup Protection Service;TVT Backup Protection Service;C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2006-12-13 23:13]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 15:36]
R3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 17:08]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 12:42]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 00:30]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-03-30 00:46]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 11:20]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 11:20]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 15:36]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-06-11 02:27]
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2006-11-02 01:55]
S4 SlimServerMySQL;SlimServerMySQL;C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe [2007-08-15 16:23]
S4 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2007-12-25 08:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8460c0fb-20eb-11dc-842c-000000000000}]
\shell\AutoRun\command - .\MigWiz\migsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8460c0fe-20eb-11dc-842c-000000000000}]
\shell\AutoRun\command - D:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dccd8b0b-db9d-11dc-b68c-00197ef3b38b}]
\shell\AutoRun\command - F:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dccd8b24-db9d-11dc-b68c-00197ef3b38b}]
\shell\AutoRun\command - G:\Installer.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-19 23:00:28 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-06-19 22:22:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- c:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 15:59:23
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\ibmpmsvc.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\System32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-06-19 16:09:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 23:09:34

Pre-Run: 5,566,431,232 bytes free
Post-Run: 5,246,148,608 bytes free

337 --- E O F --- 2008-06-14 09:25:21

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:25 PM

Posted 19 June 2008 - 09:02 PM

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Also post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 zepterfd

zepterfd
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 20 June 2008 - 07:43 AM

Kaspersky says my computer is still infected, it came up with about 30 items, most of which have already been caught by norton. Here's the log for that:
http://leetllama.com/virus_report.html

Should I delete all those items norton has quarantined?


And here's the log for DSS:

Deckard's System Scanner v20071014.68
Run by Peter on 2008-06-20 05:38:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 4.19 GiB (less than 15%) free.


-- HijackThis (run as Peter.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:38 AM, on 6/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Peter\AppData\Local\Temp\jkos-Peter\binaries\ScanningProcess.exe
C:\Users\Peter\AppData\Local\Temp\jkos-Peter\binaries\ScanningProcess.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\Peter\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Peter.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11794 bytes

-- Files created between 2008-05-20 and 2008-06-20 -----------------------------

2008-06-19 17:15:35 0 d-------- C:\cfffc8df941886c6ce81bce933a03eb8
2008-06-19 15:52:11 68096 --a------ C:\Windows\zip.exe
2008-06-19 15:52:11 49152 --a------ C:\Windows\VFind.exe
2008-06-19 15:52:11 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-19 15:52:11 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-19 15:52:11 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-19 15:52:11 98816 --a------ C:\Windows\sed.exe
2008-06-19 15:52:11 80412 --a------ C:\Windows\grep.exe
2008-06-19 15:52:11 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-17 10:34:53 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>
2008-06-17 10:22:25 0 d-------- C:\VundoFix Backups
2008-06-17 08:24:28 0 d-------- C:\A
2008-06-15 22:34:21 0 d-------- C:\Users\All Users\Avanquest Bluetooth SDK
2008-06-14 17:58:06 0 d-------- C:\Program Files\FreePOPs
2008-06-11 02:11:55 0 d-------- C:\Windows\pss
2008-06-11 01:50:15 0 d-------- C:\Users\All Users\TuneUp Software
2008-06-11 01:49:52 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-11 01:48:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-11 00:28:38 0 d-------- C:\Windows\Sun
2008-06-10 23:01:08 0 d-------- C:\Program Files\Apple Software Update
2008-05-27 21:58:20 0 d-------- C:\Program Files\OpenOffice.org 2.4


-- Find3M Report ---------------------------------------------------------------

2008-06-19 18:25:29 0 d-------- C:\Program Files\Spyware Doctor
2008-06-19 18:23:18 1660 --a------ C:\Windows\bthservsdp.dat
2008-06-19 18:01:20 0 d-------- C:\Users\Peter\AppData\Roaming\PC Tools
2008-06-19 16:48:22 0 d-------- C:\Users\Peter\AppData\Roaming\uTorrent
2008-06-17 12:08:24 0 d-------- C:\Users\Peter\AppData\Roaming\OpenOffice.org2
2008-06-15 22:32:13 0 d-------- C:\Program Files\Motorola Phone Tools
2008-06-15 22:27:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-15 17:21:04 0 d-------- C:\Program Files\Avanquest update
2008-06-11 02:15:46 0 d-------- C:\Program Files\Windows Mail
2008-06-11 01:50:31 0 d-------- C:\Users\Peter\AppData\Roaming\TuneUp Software
2008-06-11 01:48:28 0 d-------- C:\Program Files\Common Files
2008-05-31 10:52:47 0 d-------- C:\Users\Peter\AppData\Roaming\Mozilla
2008-05-27 22:01:53 0 d-------- C:\Users\Peter\AppData\Roaming\JDiskReport
2008-05-27 21:57:53 0 d-------- C:\Program Files\OpenOffice.org 2.2
2008-05-27 21:51:45 0 d-------- C:\Program Files\Java
2008-05-27 05:02:26 0 d-------- C:\Program Files\Lenovo
2008-05-24 15:53:35 0 d-------- C:\Program Files\AIM6
2008-05-15 11:56:40 0 d-------- C:\Users\Peter\AppData\Roaming\Adobe
2008-05-15 11:46:37 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-15 11:38:17 0 d-------- C:\Program Files\Macromedia
2008-05-15 11:36:48 0 d-------- C:\Users\Peter\AppData\Roaming\Macromedia
2008-05-12 20:14:29 0 d-------- C:\Users\Peter\AppData\Roaming\Ubisoft
2008-05-12 19:22:46 0 d-------- C:\Program Files\Assassin's Creed
2008-05-11 17:12:43 0 d-------- C:\Users\Peter\AppData\Roaming\Move Networks
2008-05-10 20:23:51 0 d-------- C:\Users\Peter\AppData\Roaming\Steinberg
2008-05-10 20:09:44 0 d-------- C:\Program Files\Syncrosoft
2008-05-01 20:19:00 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-27 11:07:17 0 d-------- C:\Program Files\Windows SideShow
2008-04-21 11:43:40 0 d-------- C:\Program Files\Subliminal blaster
2008-04-09 11:35:52 221 --a------ C:\Windows\x
2008-03-23 13:00:38 1834 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
2008-03-23 13:00:34 1214 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Wave64 Codec.dat
2008-03-23 13:00:32 2218 --a------ C:\Windows\system32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat
2008-03-23 13:00:29 11463 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat
2008-03-23 13:00:12 1196 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Dalet Codec.dat
2008-03-23 13:00:10 2998 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
2008-03-23 13:00:02 3020 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2008-03-23 12:59:54 3142 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2008-03-23 12:59:46 3097 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2008-03-23 12:59:39 2941 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2008-03-23 12:59:32 2833 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2008-03-23 12:47:00 8447 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2008-03-23 12:46:50 13271 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/21/2007 03:08 PM]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [01/24/2008 07:21 AM]
"TpShocks"="TpShocks.exe" [12/25/2006 09:15 PM C:\Windows\System32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [04/26/2007 11:33 PM]
"PWMTRV"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [01/10/2008 11:20 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/16/2006 10:55 PM]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [01/31/2007 10:01 AM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [11/15/2006 04:21 PM]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [03/17/2008 10:37 AM]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [03/17/2008 10:37 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/22/2006 02:12 PM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [02/26/2007 03:45 PM]

C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [9/29/2006 7:57:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TPKMAPMN"=C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
"ehTray.exe"=C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"AMSG"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8460c0fb-20eb-11dc-842c-000000000000}]
AutoRun\command- .\MigWiz\migsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8460c0fe-20eb-11dc-842c-000000000000}]
AutoRun\command- D:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dccd8b0b-db9d-11dc-b68c-00197ef3b38b}]
AutoRun\command- F:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dccd8b24-db9d-11dc-b68c-00197ef3b38b}]
AutoRun\command- G:\Installer.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /HideWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-20 05:39:00 ------------

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:25 PM

Posted 20 June 2008 - 09:54 AM

Everything on the Kaspersky log has been quarantined either by Norton, Combofix, or DSS. But there's nothing there that's active as of now. You should be able to go into Norton and manage those quarantined items, and the rest of it we'll clean up at the end.

How is your computer working for you now?
Are you having any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 zepterfd

zepterfd
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 20 June 2008 - 05:39 PM

Gotcha.

It works great now, just like new.

I really appreciate it Sam, take care

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:25 PM

Posted 21 June 2008 - 07:44 AM

Happy to help! :)

Just a few last things and you should be good to go! :thumbup2:



Next, let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

    • Posted Image
  • When shown the disclaimer, Select "2"



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :spacer:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:25 PM

Posted 03 July 2008 - 05:43 PM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users