Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Xp 2008 - No Safe Mode


  • This topic is locked This topic is locked
2 replies to this topic

#1 scurvy

scurvy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 24 June 2008 - 06:10 PM

I was infected with Antivirus XP 2008 and tried manually removing it but obviously didn't do it right. I'm getting a blue screen when I reboot with an "UNEXPECTED_KERNEL_MODE_TRAP" message. Also I keep getting popups that say I'm infected with viruses. Unfortunately I don't have administrator rights when I boot in safe mode so many of the methods I've seen elsewhere won't work. Thanks for any help.


Deckard's System Scanner v20071014.68
Run by I****** on 2008-06-24 18:41:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 5.53 GiB (less than 15%) free.


-- HijackThis (run as I******.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:20 PM, on 6/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\Program Files\iPass\iPassConnect SAPVPN\iPCAgent.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\hjavaw.exe
C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\RemotelyAnywhere\RaMaint.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\WINDOWS\system32\lphc9coj0egf7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackice.exe
C:\Program Files\iPass\iPassConnect SAPVPN\downloader\ipccheck.exe
C:\Documents and Settings\i******\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\I******.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portal.wdf.sap.corp/irj/portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://portal.wdf.sap.corp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8083
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webcache.win.colpal.com:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\Program Files\SAP\SAP Tutor\PlayerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdminCheck] wscript "C:\Program Files\sap\eus\_admincheck.vbs"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RemotelyAnywhere GUI] "C:\Program Files\RemotelyAnywhere\RAGui.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lphc9coj0egf7] C:\WINDOWS\system32\lphc9coj0egf7.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: DefaultUser.vbs (User 'Default user')
O4 - .DEFAULT User Startup: Fix_GUI620.vbs (User 'Default user')
O4 - .DEFAULT User Startup: LoadSAPDefault.lnk = C:\Program Files\SAP\EUS\!startup.vbs (User 'Default user')
O4 - .DEFAULT User Startup: Set_IE_Settings.vbs (User 'Default user')
O4 - .DEFAULT User Startup: WLANConfig.vbs (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: RealSecure® Desktop Protector.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet.sap.com/
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://connectphl04.sap.com/vdesk/cachecle...,2008,0514,2338
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://connectphl04.sap.com/vdesk/terminal...,2008,0514,2345
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://connectphl04.sap.com/vdesk/terminal...,2008,0514,2345
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://connectphl04.sap.com/vdesk/terminal...,2008,0514,2340
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121957989141
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://connectphl04.sap.com/vdesk/terminal...,2008,0514,2337
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://connectphl04.sap.com/vdesk/terminal...,2008,0514,2341
O16 - DPF: {D84C4D49-A63A-4432-B319-718ECA705773} - https://connectphl03.sap.com/policy/downloa...=5500,0,50830,1
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://connectphl04.sap.com/vdesk/terminal...,2008,0514,2340
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://connectphl04.sap.com/policy/downloa...,2008,0514,2348
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = phl.sap.corp
O17 - HKLM\Software\..\Telephony: DomainName = phl.sap.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = phl.sap.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = phl.sap.corp,wdf.sap.corp,sap.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = phl.sap.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = phl.sap.corp,wdf.sap.corp,sap.corp
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = phl.sap.corp
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = phl.sap.corp,wdf.sap.corp,sap.corp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = phl.sap.corp,wdf.sap.corp,sap.corp
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U0FQ\command.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect SAPVPN\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect SAPVPN\iPCAgent.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RemotelyAnywhere Maintenance Service (RAMaint) - LogMeIn, Inc. - C:\Program Files\RemotelyAnywhere\RaMaint.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RemotelyAnywhere - LogMeIn, Inc. - C:\Program Files\RemotelyAnywhere\RemotelyAnywhere.exe
O23 - Service: RescueAccount - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE

--
End of file - 11958 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Gernuwa - c:\windows\system32\drivers\gernuwa.sys <Not Verified; Symantec Corporation; pcAnywhere>
R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; IBM Corporation; IBM Hard Drive Active Protection System>
R1 awlegacy - c:\windows\system32\drivers\awlegacy.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; IBM Corporation; IBM Hard Drive Active Protection System>
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 MDC80211 (iPass Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc80211.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Eacfilt (Eacfilt Miniport) - c:\windows\system32\drivers\eacfilt.sys <Not Verified; Nortel Networks; Filter Driver for CVC>
R3 IPSECSHM (Nortel IPSECSHM Adapter) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks; Contivity VPN Client>
R4 black - c:\windows\system32\drivers\blackdrv.sys <Not Verified; Internet Security Systems, Inc.; ICEpac>

S2 IPSECEXT (Nortel Extranet Access Protocol) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks; Contivity VPN Client>
S3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; McAfee Inc.; VirusScan>
S3 RapFile - c:\windows\system32\drivers\rapfile.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 RapNet - c:\windows\system32\drivers\rapnet.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S4 AW_HOST - c:\windows\system32\drivers\aw_host5.sys <Not Verified; Symantec Corporation; pcAnywhere>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AgentSrv (Connected Agent Service) - c:\program files\connected\agentsrv.exe -asv <Not Verified; Connected Corporation; Connected DataProtector>
R2 BlackICE - "c:\program files\iss\isssensors\desktopprotection\blackd.exe" <Not Verified; Internet Security Systems, Inc.; Internet Security Systems Inc. blackd>
R2 HCLInetd (Hummingbird Inetd) - c:\windows\system32\hummingbird\connectivity\7.00\inetd\inetd32.exe <Not Verified; Hummingbird Ltd.; Hummingbird Shared Components>
R2 iPCAgent - c:\program files\ipass\ipassconnect sapvpn\ipcagent.exe <Not Verified; iPass, Inc.; iPCAgent Module>
R2 Jconfigd (Hummingbird Jconfig Daemon) - c:\windows\system32\hummingbird\connectivity\7.00\jconfig\jconfigdnt.exe <Not Verified; Hummingbird Ltd.; Hummingbird Shared Components>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 RescueAccount - c:\windows\system32\srvany.exe
R2 TPHDEXLGSVC (IBM HDD APS Logging Service) - system32\tphdexlg.exe <Not Verified; IBM Corporation; IBM Active Protection System>

S2 cmdService (Command Service) - c:\windows\u0fq\command.exe (file missing)
S3 awhost32 (pcAnywhere Host Service) - c:\program files\symantec\pcanywhere\awhost32.exe <Not Verified; Symantec Corporation; pcAnywhere>
S3 iPassConnectEngine - c:\program files\ipass\ipassconnect sapvpn\ipassconnectengine.exe <Not Verified; iPass; iPassConnectEngine Module>
S3 RapApp - "c:\program files\iss\isssensors\desktopprotection\rapapp.exe" <Not Verified; Internet Security Systems, Inc.; Internet Security Systems, Inc. Rap Protection System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-10 20:03:00 264 --a------ C:\WINDOWS\Tasks\Disk Cleanup.job
2007-08-20 01:24:16 890 --a------ C:\WINDOWS\Tasks\BMMTask.job


-- Files created between 2008-05-24 and 2008-06-24 -----------------------------

2008-06-24 17:48:27 0 d--h----- C:\Documents and Settings\All Users\Application Data\{8D807193-C9FF-4F54-A869-AE98337A6550}
2008-06-24 17:38:25 0 d-------- C:\Program Files\Trend Micro
2008-06-24 16:26:27 0 d-------- C:\Program Files\Spyware Doctor
2008-06-24 15:25:02 60928 --a------ C:\WINDOWS\system32\blphc9coj0egf7.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-06-24 15:24:59 109056 --a------ C:\WINDOWS\system32\lphc9coj0egf7.exe
2008-06-13 18:07:27 186368 --a------ C:\WINDOWS\PirateFish5.scr
2008-06-13 18:07:27 0 d-------- C:\Program Files\PirateFish5
2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX>
2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>


-- Find3M Report ---------------------------------------------------------------

2008-06-24 18:00:28 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-24 16:46:27 0 d-------- C:\Program Files\RemotelyAnywhere
2008-06-24 16:26:15 0 d-------- C:\Program Files\Common Files
2008-06-23 14:35:30 0 d-------- C:\Documents and Settings\i******\Application Data\Azureus
2008-06-19 10:33:43 0 d-------- C:\Program Files\DivX
2008-06-17 01:50:10 0 d-------- C:\Program Files\Azureus
2008-06-12 00:52:00 0 d-------- C:\Documents and Settings\i******\Application Data\dvdcss
2008-06-08 10:59:15 0 d-------- C:\Program Files\Java
2008-06-08 10:57:56 0 d-------- C:\Program Files\Firaxis Games
2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-19 17:50:32 0 d-------- C:\Program Files\Google
2008-05-11 10:48:25 0 d-------- C:\Program Files\DOSBox-0.63


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"TpShocks"="TpShocks.exe" [04/05/2005 04:14 PM C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" []
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" []
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [04/20/2005 01:38 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [04/20/2005 01:38 AM]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
"AdminCheck"="wscript C:\Program Files\sap\eus\_admincheck.vbs" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"RemotelyAnywhere GUI"="C:\Program Files\RemotelyAnywhere\RAGui.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" []
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [01/02/2008 07:02 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"lphc9coj0egf7"="C:\WINDOWS\system32\lphc9coj0egf7.exe" [06/24/2008 03:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 08:56 PM]

C:\Documents and Settings\i******\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [3/5/2008 4:28:25 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Connected TaskBar Icon.LNK - C:\Program Files\Connected\CBSysTray.exe [1/3/2006 2:38:57 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=1 (0x1)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowCpl]
"1"=firewall.cpl
"2"=wscui.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 02/15/2002 05:51 AM 24638 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RAinit]
RAinit.dll 09/11/2006 05:54 PM 11520 C:\WINDOWS\system32\RAinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 07/05/2005 11:45 PM 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 06/16/2005 10:23 PM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^i******^Start Menu^Programs^Startup^Registration .LNK]
path=C:\Documents and Settings\i******\Start Menu\Programs\Startup\Registration .LNK
backup=C:\WINDOWS\pss\Registration .LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon.exe -AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fc19d30-9c58-11dc-8dfc-444553544200}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25c4b0e0-759f-11dc-b7f1-444553544200}]
AutoRun\command- E:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-06-24 18:45:24 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.60GHz
Percentage of Memory in Use: 23%
Physical Memory (total/avail): 2046.92 MiB / 1562.05 MiB
Pagefile Memory (total/avail): 3943.35 MiB / 3653.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.92 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 5.53 GiB free.
D: is CDROM (CDFS)
K: is Network (Unformatted)
Z: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - FUJITSU MHV2060AH - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\Msmsgs.exe"="C:\\Program Files\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\i******\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHLN00411151A
ComSpec=C:\WINDOWS\system32\cmd.exe
CREDDIR=\\pse.wdf.sap.corp\serving.pse\I******\secude
DIRCMD=/OGN /P
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
homeloc=PHL
HOMEPATH=\Documents and Settings\i******
JAVA_HOME=C:\j2sdk1.4.2_09
jlaunch/PreloadDLLs=samlib.dll,comctl32.dll,jmon.dll,hnetcfg.dll
LOGONSERVER=\\SAPPHL00
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\SECUDE\SECUDE~1;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\OpSession\Shared;C:\Program Files\Common Files\OpSession\Viewer Shared;C:\Program Files\Symantec\pcAnywhere\;C:\Program Files\Intel\Wireless\Bin\;"C:\Program Files\Hummingbird\Connectivity\7.00\Accessories\";C:\j2sdk1.4.2_09\bin;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
PSEServer=\\pse.wdf.sap.corp
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SNC_LIB=C:\Program Files\SECUDE\SECUDE for R3\secude.dll
SSF_LIBRARY_PATH=\\dwdf040\security\secude5.2\libssf.dll
SystemDrive=C:
SystemRoot=C:\WINDOWS
TDW_Timeout=3000
TEMP=C:\DOCUME~1\i******\LOCALS~1\Temp
Thin=0
TMP=C:\DOCUME~1\i******\LOCALS~1\Temp
USERDNSDOMAIN=SAP.CORP
USERDOMAIN=SAP_ALL
USERNAME=I******
USERPROFILE=C:\Documents and Settings\i******
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

TempUser (new local, admin)
RAccount (new local, admin)
SAPServiceJ2E (admin)
j2eadm (new local, admin)
ECS_Renametool (admin)
Administrator (admin)
i****** (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /X{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Babylon --> MsiExec.exe /X{636E1EA1-9E98-4D55-A31D-579C5C80B94F}
Command --> wscript "C:\WINDOWS\U0FQ\oXIk.vbs"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Connected DataProtector --> C:\Program Files\Connected\CBUninst.exe
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DubIt --> C:\Program Files\TechSmith\DubIt\DIuninst.EXE
FrameworkSecuritySettings --> MsiExec.exe /I{F280F9F0-1B94-4278-9424-34B7C82A0440}
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hummingbird Exceed V7.0 --> wscript C:\WINDOWS\nogo.js
IBM Active Protection System --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\setup.exe" -l0x9 anything
IBM Integrated 56K Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -IIBM0559K.INF
IBM ThinkPad Battery MaxiMiser and Power Management Features --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ThinkPad\Utilities\Unbmm.isu" -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
IBM ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Interwise Outlook AddIn --> MsiExec.exe /I{EB1B8293-0817-479A-A310-A80B45C42764}
Interwise Participant 7.2.13 --> MsiExec.exe /I{5F78A84D-766E-40BB-BFFC-C7B3B9B606B1}
iPassConnect SAPVPN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6FFA58-F491-11D3-8951-000000026933}\setup.exe"
IT Helps --> MsiExec.exe /I{56A24E3C-7CAE-4EE8-8844-0982CD30F20F}
IT Helps - AppCheck --> MsiExec.exe /I{8D34A566-2E03-48D0-9965-3915ADC7A8D5}
IT Helps - PCHC --> MsiExec.exe /I{2CBFA69D-1C6A-4C2F-AE93-DF9A2D2B2A21}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java 2 Runtime Environment, SE v1.4.2_09 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142090}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lexmark Printer Software Uninstall --> C:\Program Files\Lexmark\Install\Uninstall.exe
Lexmark Software Uninstall --> C:\Program Files\Lexmark_HostCD\Install\Uninstall.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
McAfee Anti-Spyware Enterprise Module --> C:\Program Files\Network Associates\VirusScan\csscan.exe /UninstallMAS
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
MeetingPlace for Outlook --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\MPOUTL.INF, DefaultUninstall.ntx86
MetaFrame Presentation Server Client --> MsiExec.exe /I{D989BCC0-757C-4FB6-893C-512DF4382656}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English) --> MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Nortel Networks Contivity VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
OpSession Viewer --> MsiExec.exe /I{72487BE6-248B-4EAA-8009-BB39237CDC24}
PirateFish5 --> C:\Program Files\PirateFish5\uninstall.exe
Poker Superstars II (remove only) --> "C:\Program Files\Yahoo! Games\Poker Superstars II\Uninstall.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RemotelyAnywhere --> MsiExec.exe /I{F6E58193-1B74-4580-8A78-130D839C59B4}
Remove Hidden Data Tool --> MsiExec.exe /X{90F80409-6000-11D3-8CFE-0150048383C9}
Rome - Total War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51D386C4-0227-46A9-AC45-61F0A50E7AFF}\setup.exe" -l0x9 -removeonly
SAP CheckIn Wizard 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9EEBCE0-5208-11D2-ABBA-0000E81BE828}\setup.exe" -uninst
SAP Front End --> "C:\WINDOWS\SAPwksta\setup\sapsetup.exe" /uninstall
SAP Presentation Wizard --> MsiExec.exe /I{75F0774A-D922-4648-8DCB-C69542BF2892}
SAP Tutor --> MsiExec.exe /I{B49932CB-D69A-49E6-BEFD-CC4C6936BA58}
SECUDE SECUDE for R3 2.2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SECUDE\SECUDE for R3\DeIsL1.isu"
SnagIt 6 --> C:\Program Files\TechSmith\SnagIt 6\SIUNINST.EXE
Snes9x --> C:\WINDOWS\iun3405.exe C:\Program Files\Snes9x
Symantec pcAnywhere --> MsiExec.exe /I{D05E8183-866A-11D3-97DF-0000F8D8F2E9}
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\setup.exe" -l0x9 UNINSTALL
Time Zone Data Update Tool for Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodei Multimedia Processor 2.10 --> C:\Program Files\Vodei\uninst.exe
WebEx --> C:\WINDOWS\Downlo~1\atcliun.exe
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Messenger 5.1 --> MsiExec.exe /I{8419C98D-6818-443B-9362-156519FE4C6B}
WinRaR --> MsiExec.exe /I{EBC5F4CB-23D5-4E2F-87AE-120A40919CF4}


-- Application Event Log -------------------------------------------------------

Event Record #/Type527 / Error
Event Submitted/Written: 06/24/2008 06:20:10 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type526 / Error
Event Submitted/Written: 06/24/2008 06:20:09 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type522 / Warning
Event Submitted/Written: 06/24/2008 06:11:51 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type517 / Error
Event Submitted/Written: 06/24/2008 06:06:02 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type515 / Error
Event Submitted/Written: 06/24/2008 06:05:59 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type112146 / Error
Event Submitted/Written: 06/24/2008 06:35:33 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Event Record #/Type112145 / Warning
Event Submitted/Written: 06/24/2008 06:35:33 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 30 minutes.

Event Record #/Type112128 / Error
Event Submitted/Written: 06/24/2008 06:21:07 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Nortel Extranet Access Protocol service failed to start due to the following error:
%%2

Event Record #/Type112127 / Error
Event Submitted/Written: 06/24/2008 06:20:28 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Event Record #/Type112126 / Warning
Event Submitted/Written: 06/24/2008 06:20:28 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 15 minutes.



-- End of Deckard's System Scanner: finished at 2008-06-24 18:45:24 ------------

BC AdBot (Login to Remove)

 


#2 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 27 June 2008 - 11:01 AM

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Step 1

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.
  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • When the cleaner has completed, click Tools in the Left Pane.
  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save, then exit Ccleaner.
Step 2

Please download SmitfraudFix (by S!ri).
  • Double-click on SmitfraudFix.exe. A screen will pop up. Select Option 1 (Search) by typing 1 and hit Enter. A text file will appear, which will list the infected files. Save it to a convenient location.
  • The log will also be saved here: C:\rapport.txt
Note: process.exe is detected by some Anti-Virus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Step 3

In your next reply, please post:
  • the SmitfraudFix log (C:\rapport.txt)
  • the CCleaner Uninstall List (install.txt)
  • a HijackThis log

Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#3 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:50 PM

Posted 02 July 2008 - 02:52 PM

Due to inactivity this topic will be closed.

If you need help please start a new thread and post a new HijackThis log.

Edited by Simon V., 02 July 2008 - 02:52 PM.

Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users