Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware containing virtumonde, zenosearch (n much more)


  • This topic is locked This topic is locked
13 replies to this topic

#1 m3hak

m3hak

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 25 November 2008 - 09:36 PM

I have a problem with pop ups, random sites opening up, and firefox displaying error messages and not responding. The computer has slowed down also. Someone installed trojanRemover on my comp but that did not help. I tried using Spybot Search and Destroy and shows entries like Virtumonde and Zenosearch and many more (these are the only two I remember). It says it removed them but they keep coming back, so I deleted spybot and need to know how to get rid of this thing.

I am pasting from the log.txt file because i accidentally closed the info file when it appeared so i ran the thing again and all i get is the log file.

Logfile of random's system information tool 1.04 (written by random/random)
Run by mnand697 at 2008-11-25 21:33:41
Microsoft Windows XP Professional Service Pack 2
System drive C: has 43 GB (56%) free of 76 GB
Total RAM: 1014 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:43 PM, on 11/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\windows\system32\rrwnw64p.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Documents and Settings\student\Application Data\NI.GSCNS\IUpd721.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\student\Application Data\gadcom\gadcom.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\pcntstdm.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\student\Desktop\RSIT(2).exe
C:\Program Files\trend micro\mnand697.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: netupbanner browser enhancer - {08425564-51D6-7F05-291C-C73981B83117} - C:\WINDOWS\system32\jduoccbmtyth.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: {48c893da-e1a0-d5ea-b604-4cdf18ec9454} - {4549ce81-fdc4-406b-ae5d-0a1ead398c84} - C:\WINDOWS\system32\otgsva.dll
O2 - BHO: mysidesearch search enhancer - {4EA7E485-6C5F-A306-AD9A-AE4732167546} - C:\WINDOWS\system32\kygsxdtdywto.dll
O2 - BHO: agadoo browser enhancer - {4F48C43D-1D41-745D-6BE2-96415D31DBAA} - C:\WINDOWS\system32\enmkxovahikpc.dll (file missing)
O2 - BHO: (no name) - {6722331E-5A8D-4CAF-9B0B-587F75705547} - C:\WINDOWS\system32\rqRIccBR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\system32\ddcYqpMc.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [rtycwdcenfrcuemh] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\jduoccbmtyth.dll"
O4 - HKLM\..\Run: [hkhoydzfcxh] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\enmkxovahikpc.dll"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [{AB-B4-48-84-DW}] C:\windows\system32\rrwnw64p.exe DWmmm01
O4 - HKLM\..\Run: [{89c06f29-325c-4dd3-ef6a-b3a38ecca844}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\enmkxovahikpc.dll" DllStart
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [IUpd721] C:\Documents and Settings\student\Application Data\NI.GSCNS\IUpd721.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pcntstdm.exe DWmmm01
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Base road long save] C:\Documents and Settings\All Users\Application Data\File dvd base road\Beep Dash.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [a8fab42b] rundll32.exe "C:\WINDOWS\system32\intraqxj.dll",b
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\student\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\pcntstdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rrwnw64p.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: ddcYqpMc - C:\WINDOWS\SYSTEM32\ddcYqpMc.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 12683 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08425564-51D6-7F05-291C-C73981B83117}]
netupbanner browser enhancer - C:\WINDOWS\system32\jduoccbmtyth.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-24 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4549ce81-fdc4-406b-ae5d-0a1ead398c84}]
C:\WINDOWS\system32\otgsva.dll [2008-11-25 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4EA7E485-6C5F-A306-AD9A-AE4732167546}]
mysidesearch search enhancer - C:\WINDOWS\system32\kygsxdtdywto.dll [2008-11-19 600576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F48C43D-1D41-745D-6BE2-96415D31DBAA}]
agadoo browser enhancer - C:\WINDOWS\system32\enmkxovahikpc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6722331E-5A8D-4CAF-9B0B-587F75705547}]
C:\WINDOWS\system32\rqRIccBR.dll [2008-11-10 313856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A63E645F-13BD-45ED-B15F-6E8C1BD57279}]
C:\WINDOWS\system32\ddcYqpMc.dll [2008-11-08 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"rtycwdcenfrcuemh"=C:\WINDOWS\System32\regsvr32.exe [2004-08-04 11776]
"hkhoydzfcxh"=C:\WINDOWS\System32\regsvr32.exe [2004-08-04 11776]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2006-12-25 409600]
"{AB-B4-48-84-DW}"=C:\windows\system32\rrwnw64p.exe [2008-11-09 200739]
"{89c06f29-325c-4dd3-ef6a-b3a38ecca844}"=C:\WINDOWS\system32\enmkxovahikpc.dll DllStart []
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-08-01 540672]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2008-10-25 968072]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2007-03-29 181808]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2006-06-02 856064]
"TPKBDLED"=C:\WINDOWS\system32\TpScrLk.exe [2002-10-08 40960]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-10-02 94208]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2006-02-14 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-02-14 512000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide []
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2007-02-02 120368]
"IUpd721"=C:\Documents and Settings\student\Application Data\NI.GSCNS\IUpd721.exe [2008-11-08 403968]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-09-15 94208]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-09-15 118784]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-09-15 77824]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2006-11-29 243248]
"ExploreUpdSched"=C:\WINDOWS\system32\pcntstdm.exe [2008-11-16 192582]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940]
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
"Base road long save"=C:\Documents and Settings\All Users\Application Data\File dvd base road\Beep Dash.exe []
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-10-19 69632]
"AMSG"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe [2005-11-14 487424]
"a8fab42b"=C:\WINDOWS\system32\intraqxj.dll [2008-11-25 72704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-03-27 4670968]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"gadcom"=C:\Documents and Settings\student\Application Data\gadcom\gadcom.exe [2008-11-13 56832]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1 []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoldSkip]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2
"MSK80Service"=2
"MpfService"=2
"McSysmon"=3
"McShield"=2
"McProxy"=2
"McODS"=3
"McNASvc"=2
"mcmscsvc"=2

C:\Documents and Settings\student\Start Menu\Programs\Startup
Deewoo.lnk - C:\WINDOWS\system32\pcntstdm.exe
DW_Start.lnk - C:\WINDOWS\system32\rrwnw64p.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll [2006-10-19 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcYqpMc]
C:\WINDOWS\system32\ddcYqpMc.dll [2008-11-08 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-09-15 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A63E645F-13BD-45ED-B15F-6E8C1BD57279}"=C:\WINDOWS\system32\ddcYqpMc.dll [2008-11-08 25600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\rqRIccBR

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"RunStartupScriptSync"=1
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0
"LogonType"=0
"RunStartupScriptSync"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSharedDocuments"=1
"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\WINDOWS\SWSHARE\CtmWeb\ctmweb.exe"="C:\WINDOWS\SWSHARE\CtmWeb\ctmweb.exe:*:Enabled:ctmweb.exe"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\SWSHARE\CtmWeb\ctmweb.exe"="C:\SWSHARE\CtmWeb\ctmweb.exe:*:Enabled:ctmweb Computrace Installation/Management Application"
"C:\WINDOWS\SWSHARE\CtmWeb\ctmweb.exe"="C:\WINDOWS\SWSHARE\CtmWeb\ctmweb.exe:*:Enabled:ctmweb Computrace Installation/Management Application"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59b5d45c-e0f6-11dc-81b5-00197e657618}]
shell\AutoRun\command - jiwsxh39.exe
shell\explore\command - jiwsxh39.exe
shell\open\command - jiwsxh39.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9df1fcf-6d5e-11dc-a51b-001558c3a766}]
shell\AutoRun\command - E:\launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2989044-fded-11dc-820a-001558c3a766}]
shell\AutoRun\command - F:\jiwsxh39.exe
shell\explore\command - F:\jiwsxh39.exe
shell\open\command - F:\jiwsxh39.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd3933bc-fd20-11dc-8208-001558c3a766}]
shell\AutoRun\command - E:\n2de.cmd
shell\explore\command - E:\n2de.cmd
shell\open\command - E:\n2de.cmd


======List of files/folders created in the last 1 months======

2008-11-25 21:19:11 ----D---- C:\rsit
2008-11-25 21:19:11 ----D---- C:\Program Files\trend micro
2008-11-25 17:20:29 ----A---- C:\WINDOWS\system32\otgsva.dll
2008-11-25 17:20:28 ----A---- C:\WINDOWS\system32\ybmtvjsx.dll
2008-11-25 17:14:31 ----SH---- C:\WINDOWS\system32\jxqartni.ini
2008-11-25 17:14:30 ----A---- C:\WINDOWS\system32\intraqxj.dll
2008-11-24 23:06:34 ----A---- C:\WINDOWS\system32\inmwsk.dll
2008-11-24 23:06:32 ----A---- C:\WINDOWS\system32\kpcnfwwi.dll
2008-11-24 23:00:53 ----SH---- C:\WINDOWS\system32\pnrbxike.ini
2008-11-24 18:01:30 ----A---- C:\WINDOWS\system32\wjnstbrk.dll
2008-11-20 13:17:34 ----A---- C:\WINDOWS\system32\raefqg.dll
2008-11-20 13:17:33 ----A---- C:\WINDOWS\system32\dbyyhtmk.dll
2008-11-20 13:14:35 ----SH---- C:\WINDOWS\system32\psnptalf.ini
2008-11-19 05:10:46 ----A---- C:\WINDOWS\system32\kygsxdtdywto.dll
2008-11-18 21:07:28 ----A---- C:\WINDOWS\system32\kuffav.dll
2008-11-18 21:07:26 ----A---- C:\WINDOWS\system32\ulbsamnc.dll
2008-11-17 21:00:58 ----A---- C:\WINDOWS\system32\slucbl.dll
2008-11-17 21:00:57 ----A---- C:\WINDOWS\system32\ctfeednc.dll
2008-11-17 20:59:12 ----SH---- C:\WINDOWS\system32\bxfevwvf.ini
2008-11-17 06:41:47 ----SH---- C:\WINDOWS\system32\tifsmdhp.ini
2008-11-17 06:36:06 ----A---- C:\WINDOWS\system32\womrnf.dll
2008-11-17 06:36:05 ----A---- C:\WINDOWS\system32\blarqhnm.dll
2008-11-16 10:47:12 ----A---- C:\WINDOWS\system32\kygsxdtdywto.dll-uninst.exe
2008-11-16 10:47:08 ----A---- C:\WINDOWS\system32\pcntstdm.exe
2008-11-16 00:19:57 ----SH---- C:\WINDOWS\system32\samjbteo.ini
2008-11-16 00:14:36 ----A---- C:\WINDOWS\system32\uxsgcy.dll
2008-11-16 00:14:35 ----A---- C:\WINDOWS\system32\pexmedkk.dll
2008-11-15 21:58:25 ----SH---- C:\WINDOWS\system32\bygjtywl.ini
2008-11-15 21:52:24 ----A---- C:\WINDOWS\system32\alikfq.dll
2008-11-15 21:52:22 ----A---- C:\WINDOWS\system32\hlbkgryo.dll
2008-11-15 13:43:21 ----A---- C:\WINDOWS\system32\efcYponm.dll
2008-11-15 13:43:21 ----A---- C:\WINDOWS\system32\efcbYPHa.dll
2008-11-14 21:52:06 ----A---- C:\WINDOWS\system32\rpcnet.dll
2008-11-14 21:51:31 ----A---- C:\WINDOWS\system32\rpcnet.exe
2008-11-14 21:51:20 ----A---- C:\WINDOWS\system32\yivdab.dll
2008-11-14 21:51:18 ----A---- C:\WINDOWS\system32\bcblpchu.dll
2008-11-14 21:49:45 ----A---- C:\WINDOWS\system32\rpcnetp.dll
2008-11-14 19:30:04 ----D---- C:\WINDOWS\system32\logs
2008-11-14 19:29:04 ----SHD---- C:\Config.Msi
2008-11-14 17:57:45 ----A---- C:\autoruns.exe
2008-11-14 17:56:35 ----D---- C:\Downloads
2008-11-13 23:38:00 ----A---- C:\WINDOWS\system32\jkkIYsPf.dll
2008-11-13 23:37:59 ----A---- C:\WINDOWS\system32\yayyvuRl.dll
2008-11-13 23:35:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 23:34:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 20:02:25 ----D---- C:\Documents and Settings\student\Application Data\XemiComputers
2008-11-13 19:57:56 ----D---- C:\Program Files\XemiComputers
2008-11-13 19:47:09 ----SH---- C:\WINDOWS\system32\jespavdj.ini
2008-11-13 19:45:09 ----A---- C:\WINDOWS\system32\xwwfrp.dll
2008-11-13 19:45:08 ----A---- C:\WINDOWS\system32\anmsnpqu.dll
2008-11-13 19:44:53 ----A---- C:\WINDOWS\system32\opnnlICU.dll
2008-11-13 19:44:53 ----A---- C:\WINDOWS\system32\khfCvUmM.dll
2008-11-12 21:40:17 ----D---- C:\Program Files\VirusRemover2008
2008-11-12 20:40:23 ----A---- C:\WINDOWS\system32\efcdCTmM.dll
2008-11-12 20:40:23 ----A---- C:\WINDOWS\system32\byXOEvtr.dll
2008-11-12 20:40:21 ----A---- C:\WINDOWS\system32\msansspc.dll
2008-11-12 19:43:36 ----A---- C:\WINDOWS\system32\nbtikv.dll
2008-11-12 19:43:34 ----A---- C:\WINDOWS\system32\tinplawv.dll
2008-11-12 19:40:37 ----SH---- C:\WINDOWS\system32\sapajqwa.ini
2008-11-12 06:50:27 ----ASH---- C:\WINDOWS\system32\RBccIRqr.ini2
2008-11-11 19:40:44 ----A---- C:\WINDOWS\system32\pkbhyg.dll
2008-11-11 19:40:44 ----A---- C:\WINDOWS\system32\eappuuyq.dll
2008-11-11 19:39:24 ----A---- C:\WINDOWS\system32\pxrbmieu.dll.vir
2008-11-11 19:36:39 ----A---- C:\WINDOWS\system32\hokxky.dll
2008-11-11 19:36:38 ----A---- C:\WINDOWS\system32\digljogs.dll
2008-11-10 14:18:09 ----A---- C:\WINDOWS\system32\kuqcaq.dll
2008-11-10 14:18:07 ----A---- C:\WINDOWS\system32\svldegjy.dll
2008-11-10 14:15:07 ----ASH---- C:\WINDOWS\system32\RBccIRqr.ini
2008-11-10 14:15:01 ----A---- C:\WINDOWS\system32\rqRIccBR.dll
2008-11-09 21:50:34 ----A---- C:\WINDOWS\system32\jsrxbn.dll
2008-11-09 21:50:32 ----A---- C:\WINDOWS\system32\jjncpmnn.dll
2008-11-09 21:48:13 ----A---- C:\WINDOWS\system32\nljwqtbr.dll.vir
2008-11-09 21:47:22 ----A---- C:\WINDOWS\system32\ssqOIxXR.dll.vir
2008-11-09 13:02:40 ----A---- C:\WINDOWS\system32\fbeeey.dll
2008-11-09 13:02:37 ----A---- C:\WINDOWS\system32\pacagqtu.dll
2008-11-09 13:00:18 ----A---- C:\WINDOWS\system32\gvrgsejn.dll.vir
2008-11-09 12:59:30 ----A---- C:\WINDOWS\system32\rqRHxuuV.dll.vir
2008-11-09 01:50:19 ----A---- C:\WINDOWS\system32\rrwnw64p.exe
2008-11-08 23:20:05 ----A---- C:\WINDOWS\system32\wvUkjjji.dll
2008-11-08 23:20:05 ----A---- C:\WINDOWS\system32\fccccYOG.dll
2008-11-08 22:44:19 ----A---- C:\WINDOWS\system32\qfixykipiijbgq.exe
2008-11-08 22:44:16 ----A---- C:\WINDOWS\system32\g35.exe
2008-11-08 22:42:11 ----A---- C:\WINDOWS\system32\qplylovq.dll
2008-11-08 22:39:55 ----A---- C:\WINDOWS\system32\drmwui.dll
2008-11-08 22:39:53 ----A---- C:\WINDOWS\system32\oxnaoemm.dll
2008-11-08 22:39:03 ----A---- C:\WINDOWS\system32\urqQKbXN.dll.vir
2008-11-08 22:21:58 ----A---- C:\WINDOWS\system32\jkkIBSkH.dll.vir
2008-11-08 22:18:35 ----D---- C:\Documents and Settings\student\Application Data\GlarySoft
2008-11-08 22:14:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-08 22:12:55 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2008-11-08 22:12:55 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2008-11-08 22:12:55 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2008-11-08 22:12:55 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2008-11-08 22:12:55 ----A---- C:\WINDOWS\system32\unacev2.dll
2008-11-08 22:12:54 ----D---- C:\Program Files\Trojan Remover
2008-11-08 22:12:54 ----D---- C:\Documents and Settings\student\Application Data\Simply Super Software
2008-11-08 22:12:54 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-11-08 21:56:50 ----A---- C:\WINDOWS\system32\nerrtmer.dll.vir
2008-11-08 21:56:45 ----A---- C:\WINDOWS\system32\tgsbpp.dll
2008-11-08 21:56:44 ----A---- C:\WINDOWS\system32\pamfplgn.dll
2008-11-08 21:29:45 ----A---- C:\Program Files\Uninstall Ask Toolbar.dll
2008-11-08 21:07:03 ----A---- C:\WINDOWS\system32\jkkHBUmK.dll
2008-11-08 21:07:03 ----A---- C:\WINDOWS\system32\ddcYqpMc.dll
2008-11-08 19:53:47 ----A---- C:\WINDOWS\system32\gside.exe
2008-11-08 19:51:47 ----A---- C:\WINDOWS\system32\ssqQIXQG.dll.vir
2008-11-08 19:51:44 ----A---- C:\WINDOWS\system32\hmnsaunl.dll.vir
2008-11-08 19:49:34 ----A---- C:\WINDOWS\system32\zmkyts.dll
2008-11-08 19:49:34 ----A---- C:\WINDOWS\system32\umfyrpom.dll
2008-11-08 19:49:08 ----A---- C:\WINDOWS\system32\a3d97055-.txt
2008-11-08 19:48:48 ----D---- C:\Documents and Settings\student\Application Data\IUpd721
2008-11-08 19:48:37 ----A---- C:\WINDOWS\system32\jkkJyXRI.dll.vir
2008-11-08 19:43:42 ----D---- C:\Documents and Settings\student\Application Data\gadcom
2008-11-08 19:43:40 ----A---- C:\WINDOWS\system32\wuzemrsksdqmew.exe
2008-11-08 19:43:40 ----A---- C:\WINDOWS\system32\dwwnw64r.exe
2008-11-08 19:43:37 ----D---- C:\Documents and Settings\student\Application Data\NI.GSCNS
2008-11-08 19:43:29 ----D---- C:\WINDOWS\system32\zb
2008-11-08 19:43:29 ----D---- C:\WINDOWS\system32\u2
2008-11-08 19:43:29 ----D---- C:\WINDOWS\system32\svm
2008-11-08 19:43:29 ----D---- C:\WINDOWS\system32\MX5
2008-11-08 19:43:29 ----D---- C:\WINDOWS\system32\drt
2008-11-08 19:43:29 ----A---- C:\WINDOWS\system32\iifgGXnK.dll.vir
2008-11-08 19:43:26 ----D---- C:\WINDOWS\system32\sX3i19
2008-11-08 19:43:21 ----A---- C:\WINDOWS\system32\prun.exe
2008-11-08 15:41:10 ----AD---- C:\Program Files\AskSBar
2008-10-29 22:53:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-29 22:52:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-29 22:52:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-29 22:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-29 22:51:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-29 22:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-29 16:47:00 ----D---- C:\WINDOWS\ie7updates
2008-10-29 16:46:40 ----D---- C:\WINDOWS\WBEM
2008-10-29 16:46:20 ----HDC---- C:\WINDOWS\ie7
2008-10-29 16:46:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-10-29 16:45:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-10-29 16:45:29 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-10-29 16:45:27 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-10-29 16:44:14 ----D---- C:\WINDOWS\network diagnostic
2008-10-29 16:44:12 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$

======List of files/folders modified in the last 1 months======

2008-11-25 21:33:33 ----D---- C:\Documents and Settings\student\Application Data\uTorrent
2008-11-25 21:19:11 ----RD---- C:\Program Files
2008-11-25 21:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-25 20:56:02 ----D---- C:\Program Files\Mozilla Firefox
2008-11-25 20:46:24 ----D---- C:\WINDOWS\Temp
2008-11-25 20:24:25 ----A---- C:\WINDOWS\system32\rpcnetp.exe
2008-11-25 19:44:36 ----D---- C:\WINDOWS
2008-11-25 19:44:21 ----A---- C:\WINDOWS\system32\PROCDB.INI
2008-11-25 19:40:15 ----D---- C:\WINDOWS\system32
2008-11-24 23:06:35 ----D---- C:\WINDOWS\Prefetch
2008-11-24 16:22:42 ----D---- C:\swshare
2008-11-24 16:22:29 ----A---- C:\WINDOWS\hpbafd.ini
2008-11-20 22:06:14 ----SHD---- C:\WINDOWS\Installer
2008-11-20 22:03:53 ----D---- C:\Program Files\BitDefender
2008-11-20 22:03:46 ----D---- C:\Program Files\Common Files\BitDefender
2008-11-20 22:03:37 ----D---- C:\WINDOWS\system32\drivers
2008-11-20 21:52:07 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-17 21:59:55 ----D---- C:\WINDOWS\system32\(null)
2008-11-16 00:14:27 ----RSH---- C:\boot.ini
2008-11-16 00:14:27 ----D---- C:\WINDOWS\pss
2008-11-16 00:14:27 ----A---- C:\WINDOWS\win.ini
2008-11-16 00:14:27 ----A---- C:\WINDOWS\system.ini
2008-11-14 19:30:19 ----HD---- C:\WINDOWS\inf
2008-11-14 19:14:31 ----SD---- C:\WINDOWS\Tasks
2008-11-14 19:13:53 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-14 19:13:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-14 19:12:48 ----D---- C:\Program Files\PCDR5
2008-11-14 19:06:28 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-13 23:35:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-13 23:35:07 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 23:35:05 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 23:34:33 ----D---- C:\WINDOWS\WinSxS
2008-11-11 09:21:50 ----D---- C:\WINDOWS\system32\Restore
2008-11-08 22:41:11 ----SD---- C:\Documents and Settings\student\Application Data\Microsoft
2008-11-08 22:15:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-08 22:13:42 ----D---- C:\Documents and Settings
2008-11-08 19:43:46 ----D---- C:\Temp
2008-11-04 20:51:09 ----D---- C:\WINDOWS\Help
2008-11-03 20:14:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-30 14:11:10 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-30 14:11:09 ----RSD---- C:\WINDOWS\assembly
2008-10-29 22:53:33 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-29 22:52:54 ----D---- C:\WINDOWS\system32\en-us
2008-10-29 22:52:52 ----D---- C:\WINDOWS\system32\XPSViewer
2008-10-29 16:49:56 ----A---- C:\WINDOWS\ModemLog_ThinkPad Modem.txt
2008-10-29 16:49:14 ----D---- C:\Program Files\Internet Explorer
2008-10-29 16:46:36 ----D---- C:\WINDOWS\Media
2008-10-29 16:27:49 ----D---- C:\WINDOWS\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 36096]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2006-12-20 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-01-10 7168]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544]
R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\system32\EGATHDRV.SYS []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-10-19 5120]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2007-03-26 33536]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 AR5211;AR5211; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-12-07 508672]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-16 15872]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-01-12 246680]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-08-28 990592]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-08-28 208384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-09-15 1173468]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2006-11-01 20016]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-03 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-02-14 177664]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]
R3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys [2007-01-07 17664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-09-16 57856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-08-28 728576]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2003-03-25 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2003-03-25 40256]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 54432]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 wmilibb;wmilibb; C:\WINDOWS\system32\drivers\wmilibb.sys []
S3 EntDrv51;EntDrv51; C:\WINDOWS\system32\drivers\EntDrv51.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys [2005-12-05 192512]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\drivers\NETw3x32.sys []
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2003-03-25 21216]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2003-03-25 5728]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\drivers\s24trans.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2006-12-25 53248]
R2 acs;ACU Configuration Service; C:\WINDOWS\system32\acs.exe [2006-12-05 360533]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2006-12-25 172032]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2006-11-01 36392]
R2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2006-10-19 73728]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2008-11-14 47104]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2007-10-24 13312]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-01-07 644672]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2007-03-02 37680]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2005-06-06 32768]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-07 569344]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-01-07 950272]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2007-08-01 1126400]
R2 tvtnetwk;tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [2007-01-07 45056]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

THANKS FOR YOUR HELP.

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 29 November 2008 - 07:08 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall



Post these logs in your next reply..

1. SDFix
2. ComboFix
3. A fresh HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 m3hak

m3hak
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 30 November 2008 - 12:20 AM

I double-clicked on SDFix like you told me to and it says some installation files are corrupt.

Extracting SDFix\apps\Installed.txt
Extracting SDFix\apps\leg2.txt
Extracting SDFix\apps\legacy.txt
Extracting SDFix\apps\legacybk.txt
Extracting SDFix\apps\Rem.txt
Extracting SDFix\apps\Rem2.txt
Extracting SDFix\apps\srv2.txt
Extracting SDFix\apps\srv2bk.txt
Extracting SDFix\apps\svc.txt
Extracting SDFix\apps\svcbk.txt
Extracting SDFix\DBFix.bat
Extracting SDFix\RunThis.bat
CRC failed in SDFix\RunThis.bat
Extracting SDFix\Add_DBFix_RunOnce_key.inf
CRC failed in SDFix\Add_DBFix_RunOnce_key.inf
Extracting SDFix\apps\DBFix.inf
CRC failed in SDFix\apps\DBFix.inf
Extracting SDFix\apps\Enable_Command_Prompt.inf
CRC failed in SDFix\apps\Enable_Command_Prompt.inf
Extracting SDFix\W2K_VirusAlert_Repair.inf
CRC failed in SDFix\W2K_VirusAlert_Repair.inf
Extracting SDFix\XP_VirusAlert_Repair.inf
CRC failed in SDFix\XP_VirusAlert_Repair.inf
Extracting SDFix\apps\Replace\w2k\command.com
CRC failed in SDFix\apps\Replace\w2k\command.com
Extracting SDFix\apps\Replace\xp\command.com
CRC failed in SDFix\apps\Replace\xp\command.com
Extracting SDFix\apps\locate.com
CRC failed in SDFix\apps\locate.com
Extracting SDFix\catchme.exe
CRC failed in SDFix\catchme.exe
Extracting SDFix\apps\Cghtme.exe
CRC failed in SDFix\apps\Cghtme.exe
Extracting SDFix\apps\cliptext.exe
CRC failed in SDFix\apps\cliptext.exe
Extracting SDFix\apps\download.exe
CRC failed in SDFix\apps\download.exe
Extracting SDFix\apps\ERUNT.EXE
CRC failed in SDFix\apps\ERUNT.EXE
Extracting SDFix\apps\FixPath.exe
CRC failed in SDFix\apps\FixPath.exe
Extracting SDFix\apps\grep.exe
CRC failed in SDFix\apps\grep.exe
Extracting SDFix\apps\isadmin.exe
CRC failed in SDFix\apps\isadmin.exe
Extracting SDFix\apps\LS.exe
CRC failed in SDFix\apps\LS.exe
Extracting SDFix\apps\MD5File.exe
CRC failed in SDFix\apps\MD5File.exe
Extracting SDFix\apps\moveex.exe
CRC failed in SDFix\apps\moveex.exe
Extracting SDFix\apps\Process.exe
CRC failed in SDFix\apps\Process.exe
Extracting SDFix\apps\procs.exe
CRC failed in SDFix\apps\procs.exe
Extracting SDFix\apps\psservice.exe
CRC failed in SDFix\apps\psservice.exe
Extracting SDFix\apps\Replace\regedit.exe
CRC failed in SDFix\apps\Replace\regedit.exe
Extracting SDFix\apps\RestartIt!.exe
CRC failed in SDFix\apps\RestartIt!.exe
Extracting SDFix\apps\sc.exe
CRC failed in SDFix\apps\sc.exe
Extracting SDFix\apps\sed.exe
CRC failed in SDFix\apps\sed.exe
Extracting SDFix\apps\SF.exe
CRC failed in SDFix\apps\SF.exe
Extracting SDFix\apps\shutdown.exe
CRC failed in SDFix\apps\shutdown.exe
Extracting SDFix\apps\Swreg.exe
CRC failed in SDFix\apps\Swreg.exe
Extracting SDFix\apps\swsc.exe
CRC failed in SDFix\apps\swsc.exe
Extracting SDFix\apps\UnRAR.exe
CRC failed in SDFix\apps\UnRAR.exe
Extracting SDFix\apps\unzip.exe
CRC failed in SDFix\apps\unzip.exe
Extracting SDFix\apps\vfind.exe
CRC failed in SDFix\apps\vfind.exe
Extracting SDFix\apps\WINMSG.EXE
CRC failed in SDFix\apps\WINMSG.EXE
Extracting SDFix\apps\zip.exe
CRC failed in SDFix\apps\zip.exe
Extracting SDFix\apps\Replace\w2k\beep.sys
CRC failed in SDFix\apps\Replace\w2k\beep.sys
Extracting SDFix\apps\Replace\xp\beep.sys
CRC failed in SDFix\apps\Replace\xp\beep.sys
Extracting SDFix\apps\dummy.sys
CRC failed in SDFix\apps\dummy.sys
Extracting SDFix\dummy.sys
CRC failed in SDFix\dummy.sys
Extracting SDFix\apps\Replace\w2k\null.sys
CRC failed in SDFix\apps\Replace\w2k\null.sys
Extracting SDFix\apps\Replace\xp\null.sys
CRC failed in SDFix\apps\Replace\xp\null.sys
Extracting SDFix\apps\ERDNT.E_E
CRC failed in SDFix\apps\ERDNT.E_E
Extracting SDFix\apps\ERDNTDOS.LOC
CRC failed in SDFix\apps\ERDNTDOS.LOC
Extracting SDFix\apps\ERDNTWIN.LOC
CRC failed in SDFix\apps\ERDNTWIN.LOC
Extracting SDFix\apps\ERUNT.LOC
CRC failed in SDFix\apps\ERUNT.LOC
Extracting SDFix\apps\Replace\w2k\AUTOEXEC.NT
CRC failed in SDFix\apps\Replace\w2k\AUTOEXEC.NT
Extracting SDFix\apps\Replace\xp\AUTOEXEC.NT
CRC failed in SDFix\apps\Replace\xp\AUTOEXEC.NT
Extracting SDFix\apps\Replace\w2k\CONFIG.NT
CRC failed in SDFix\apps\Replace\w2k\CONFIG.NT
Extracting SDFix\apps\Replace\xp\CONFIG.NT
CRC failed in SDFix\apps\Replace\xp\CONFIG.NT
Extracting SDFix\apps\Replace\w2k\command.PIF
CRC failed in SDFix\apps\Replace\w2k\command.PIF
Extracting SDFix\apps\Replace\xp\command.PIF
CRC failed in SDFix\apps\Replace\xp\command.PIF
Extracting SDFix\apps\assosfix.reg
CRC failed in SDFix\apps\assosfix.reg
Extracting SDFix\apps\Enable_Command_Prompt.reg
CRC failed in SDFix\apps\Enable_Command_Prompt.reg
Extracting SDFix\apps\fix.reg
CRC failed in SDFix\apps\fix.reg
Extracting SDFix\apps\FixBeep.reg
CRC failed in SDFix\apps\FixBeep.reg
Extracting SDFix\apps\FixBH.reg
CRC failed in SDFix\apps\FixBH.reg
Extracting SDFix\apps\FixComponents.reg
CRC failed in SDFix\apps\FixComponents.reg
Extracting SDFix\apps\FIXCU.reg
CRC failed in SDFix\apps\FIXCU.reg
Extracting SDFix\apps\FIXLM.reg
CRC failed in SDFix\apps\FIXLM.reg
Extracting SDFix\apps\FixRedir.reg
CRC failed in SDFix\apps\FixRedir.reg
Extracting SDFix\apps\FixSchedule.reg
CRC failed in SDFix\apps\FixSchedule.reg
Extracting SDFix\apps\FixWebCheck.reg
CRC failed in SDFix\apps\FixWebCheck.reg
Extracting SDFix\apps\fixXP.reg
CRC failed in SDFix\apps\fixXP.reg
Extracting SDFix\apps\FixXPsp2.reg
CRC failed in SDFix\apps\FixXPsp2.reg
Extracting SDFix\apps\HaxdFix.reg
CRC failed in SDFix\apps\HaxdFix.reg
Extracting SDFix\apps\HPFix.reg
CRC failed in SDFix\apps\HPFix.reg
Extracting SDFix\apps\HPFix2.reg
CRC failed in SDFix\apps\HPFix2.reg
Extracting SDFix\apps\HPFix3.reg
CRC failed in SDFix\apps\HPFix3.reg
Extracting SDFix\apps\HPFix4.reg
CRC failed in SDFix\apps\HPFix4.reg
Extracting SDFix\apps\HPFix5.reg
CRC failed in SDFix\apps\HPFix5.reg
Extracting SDFix\apps\HPFix6.reg
CRC failed in SDFix\apps\HPFix6.reg
Extracting SDFix\apps\HPFix7.reg
CRC failed in SDFix\apps\HPFix7.reg
Extracting SDFix\apps\HPFix8.reg
CRC failed in SDFix\apps\HPFix8.reg
Extracting SDFix\apps\HPFix9.reg
CRC failed in SDFix\apps\HPFix9.reg
Extracting SDFix\apps\MyGcpvFix.reg
CRC failed in SDFix\apps\MyGcpvFix.reg
Extracting SDFix\apps\MyGkFix2.reg
CRC failed in SDFix\apps\MyGkFix2.reg
Extracting SDFix\apps\Reset_AppInit_DLLs.reg
CRC failed in SDFix\apps\Reset_AppInit_DLLs.reg
Extracting SDFix\apps\Restore_SafeBoot_Windows2000.reg
CRC failed in SDFix\apps\Restore_SafeBoot_Windows2000.reg
Extracting SDFix\apps\Restore_SafeBoot_WindowsXP.reg
CRC failed in SDFix\apps\Restore_SafeBoot_WindowsXP.reg
Extracting SDFix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
CRC failed in SDFix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
Extracting SDFix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
CRC failed in SDFix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
Extracting SDFix\apps\Restore_SecurityCenter.reg
CRC failed in SDFix\apps\Restore_SecurityCenter.reg
Extracting SDFix\apps\Restore_SharedAccess.reg
CRC failed in SDFix\apps\Restore_SharedAccess.reg
Extracting SDFix\apps\winsec.reg
CRC failed in SDFix\apps\winsec.reg
Extracting SDFix\SDFIX_ReadMe_Online.url
CRC failed in SDFix\SDFIX_ReadMe_Online.url
Extracting SDFix\apps\Replace\w2k
Extracting SDFix\apps\Replace\xp
Extracting SDFix\apps\Replace
Extracting SDFix\apps
Extracting SDFix


:thumbsup::(:):( my computer is going to die soon . lololol

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 30 November 2008 - 05:58 AM

Proceed with ComboFix step please :thumbsup:

If ComboFix failed to start, rename it to Combo-Fix and then run it again.. Post the log here :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 m3hak

m3hak
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 01 December 2008 - 05:50 PM

ComboFix 08-12-01.01 - mnand697 2008-12-01 17:32:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.470 [GMT -5:00]
Running from: c:\documents and settings\student\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\student\Application Data\gadcom
c:\documents and settings\student\Application Data\gadcom\gadcom.exe
c:\documents and settings\student\Application Data\gadcom\gadcom.exe3p1
c:\documents and settings\student\Application Data\gadcom\gadcom.exe7m4
c:\documents and settings\student\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\student\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\student\Start Menu\Programs\Startup\Deewoo.lnk
c:\documents and settings\student\Start Menu\Programs\Startup\DW_Start.lnk
c:\program files\Mjcore
c:\program files\Mjcore\Mjcore.dll
c:\program files\VirusRemover2008
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\IE4 Error Log.txt
c:\windows\system32\alikfq.dll
c:\windows\system32\anmsnpqu.dll
c:\windows\system32\bcblpchu.dll
c:\windows\system32\blarqhnm.dll
c:\windows\system32\bxfevwvf.ini
c:\windows\system32\bygjtywl.ini
c:\windows\system32\byXOEvtr.dll
c:\windows\system32\ctfeednc.dll
c:\windows\system32\dbyyhtmk.dll
c:\windows\system32\ddcYqpMc.dll
c:\windows\system32\digljogs.dll
c:\windows\system32\dqetgwiw.ini
c:\windows\system32\drmwui.dll
c:\windows\system32\drt
c:\windows\system32\drt\ZVRE2I25.exe
c:\windows\system32\dwwnw64r.exe
c:\windows\system32\eappuuyq.dll
c:\windows\system32\efcbYPHa.dll
c:\windows\system32\efcdCTmM.dll
c:\windows\system32\efcYponm.dll
c:\windows\system32\fbeeey.dll
c:\windows\system32\fccccYOG.dll
c:\windows\system32\gside.exe
c:\windows\system32\gvrgsejn.dll.vir
c:\windows\system32\hlbkgryo.dll
c:\windows\system32\hmnsaunl.dll.vir
c:\windows\system32\hokxky.dll
c:\windows\system32\iatueahr.ini
c:\windows\system32\iifgGXnK.dll.vir
c:\windows\system32\inmwsk.dll
c:\windows\system32\jespavdj.ini
c:\windows\system32\jjncpmnn.dll
c:\windows\system32\jkkHBUmK.dll
c:\windows\system32\jkkIBSkH.dll.vir
c:\windows\system32\jkkIYsPf.dll
c:\windows\system32\jkkJyXRI.dll.vir
c:\windows\system32\jsrxbn.dll
c:\windows\system32\jxqartni.ini
c:\windows\system32\kasleq.dll
c:\windows\system32\khfCvUmM.dll
c:\windows\system32\khxtmm.dll
c:\windows\system32\kldjutnn.dll
c:\windows\system32\kpcnfwwi.dll
c:\windows\system32\kuffav.dll
c:\windows\system32\kuqcaq.dll
c:\windows\system32\kygsxdtdywto.dll
c:\windows\system32\lirjrnot.dll
c:\windows\system32\lreaktuk.ini
c:\windows\system32\msansspc.dll
c:\windows\system32\msnav32.ax
c:\windows\system32\MX5
c:\windows\system32\MX5\NLIP56v.exe
c:\windows\system32\nbtikv.dll
c:\windows\system32\nerrtmer.dll.vir
c:\windows\system32\nksufisf.ini
c:\windows\system32\nljwqtbr.dll.vir
c:\windows\system32\olyxmhio.dll
c:\windows\system32\ongdhsyd.dll
c:\windows\system32\opnnlICU.dll
c:\windows\system32\otgsva.dll
c:\windows\system32\oxnaoemm.dll
c:\windows\system32\pacagqtu.dll
c:\windows\system32\pamfplgn.dll
c:\windows\system32\pcntstdm.exe
c:\windows\system32\pexmedkk.dll
c:\windows\system32\pkbhyg.dll
c:\windows\system32\pnrbxike.ini
c:\windows\system32\prun.exe
c:\windows\system32\psnptalf.ini
c:\windows\system32\pxrbmieu.dll.vir
c:\windows\system32\pyuyoy.dll
c:\windows\system32\qplylovq.dll
c:\windows\system32\raefqg.dll
c:\windows\system32\RBccIRqr.ini
c:\windows\system32\RBccIRqr.ini2
c:\windows\system32\rhaeutai.dll
c:\windows\system32\rqRHxuuV.dll.vir
c:\windows\system32\rqRIccBR.dll
c:\windows\system32\rrwnw64p.exe
c:\windows\system32\samjbteo.ini
c:\windows\system32\sapajqwa.ini
c:\windows\system32\slucbl.dll
c:\windows\system32\ssqOIxXR.dll.vir
c:\windows\system32\ssqQIXQG.dll.vir
c:\windows\system32\svldegjy.dll
c:\windows\system32\svm
c:\windows\system32\svm\crten4li.exe
c:\windows\system32\sX3i19
c:\windows\system32\tgsbpp.dll
c:\windows\system32\tifsmdhp.ini
c:\windows\system32\tinplawv.dll
c:\windows\system32\tlrpvbve.dll
c:\windows\system32\trdsnb.dll
c:\windows\system32\u2
c:\windows\system32\ulbsamnc.dll
c:\windows\system32\umfyrpom.dll
c:\windows\system32\uvtcyvxl.ini
c:\windows\system32\uxsgcy.dll
c:\windows\system32\winpfz33.sys
c:\windows\system32\wiwgteqd.dll
c:\windows\system32\wjnstbrk.dll
c:\windows\system32\womrnf.dll
c:\windows\system32\wvUkjjji.dll
c:\windows\system32\xwwfrp.dll
c:\windows\system32\yayyvuRl.dll
c:\windows\system32\ybmtvjsx.dll
c:\windows\system32\yivdab.dll
c:\windows\system32\zb
c:\windows\system32\zmkyts.dll
c:\windows\system32\zwecwd.dll
c:\windows\system32\zxdnt3d.cfg
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-12-01 16:48 . 2008-12-01 16:48 269,824 --a------ c:\windows\system32\jmeaxqe.dll
2008-11-30 09:51 . 2008-11-30 09:51 <DIR> d-------- c:\documents and settings\student\Application Data\Twain
2008-11-30 09:46 . 2008-11-30 09:46 <DIR> d-------- c:\program files\Webtools
2008-11-30 00:17 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-11-25 21:19 . 2008-11-25 21:19 <DIR> d-------- C:\rsit
2008-11-25 21:19 . 2008-11-25 21:33 <DIR> d-------- c:\program files\trend micro
2008-11-16 10:47 . 2008-11-19 22:44 88,372 --a------ c:\windows\system32\kygsxdtdywto.dll-uninst.exe
2008-11-16 10:47 . 2008-12-01 17:36 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-16 10:47 . 2008-11-16 10:47 1,409 --a------ c:\windows\QTFont.for
2008-11-14 21:52 . 2008-12-01 17:35 47,104 --a------ c:\windows\system32\rpcnet.dll
2008-11-14 21:51 . 2008-11-14 21:51 47,104 --a------ c:\windows\system32\rpcnet.exe
2008-11-14 21:49 . 2008-11-14 21:49 17,408 --a------ c:\windows\system32\rpcnetp.dll
2008-11-14 21:17 . 2008-11-14 21:17 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-11-14 21:17 . 2008-11-14 21:17 385 --a------ c:\windows\system32\user_gensett.xml
2008-11-14 19:30 . 2008-11-14 19:30 <DIR> d-------- c:\windows\system32\logs
2008-11-14 17:57 . 2008-10-15 09:25 644,976 --a------ C:\autoruns.exe
2008-11-14 17:56 . 2008-11-14 18:51 <DIR> d-------- C:\Downloads
2008-11-13 20:02 . 2008-11-13 20:02 <DIR> d-------- c:\documents and settings\student\Application Data\XemiComputers
2008-11-13 19:57 . 2008-11-13 19:57 <DIR> d-------- c:\program files\XemiComputers
2008-11-08 22:45 . 2008-11-08 22:46 <DIR> d-------- c:\documents and settings\student\.housecall6.6
2008-11-08 22:45 . 2008-11-08 22:45 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-08 22:44 . 2008-11-08 22:44 153,404 --a------ c:\windows\system32\g35.exe
2008-11-08 22:44 . 2008-11-14 21:52 77,895 --a------ c:\windows\system32\qfixykipiijbgq.exe
2008-11-08 22:39 . 2008-11-08 22:39 313,856 --a------ c:\windows\system32\urqQKbXN.dll.vir
2008-11-08 22:21 . 2008-11-08 19:43 167,976 --a------ c:\windows\system32\drivers\core.cache.dsk.vir
2008-11-08 22:18 . 2008-11-08 22:18 <DIR> d-------- c:\documents and settings\student\Application Data\GlarySoft
2008-11-08 22:14 . 2008-12-01 17:27 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-08 22:13 . 2008-11-08 22:13 262,144 --a------ c:\documents and settings\temp
2008-11-08 22:12 . 2008-11-08 22:14 <DIR> d-------- c:\program files\Trojan Remover
2008-11-08 22:12 . 2008-11-08 22:12 <DIR> d-------- c:\documents and settings\student\Application Data\Simply Super Software
2008-11-08 22:12 . 2008-11-08 22:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-08 22:12 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-08 22:12 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-08 22:12 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-08 22:12 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-08 22:12 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-08 21:29 . 2008-11-08 15:41 267,592 --a------ c:\program files\Uninstall Ask Toolbar.dll
2008-11-08 19:54 . 2008-11-08 19:54 20,992 --a------ c:\windows\system32\c00DE12.mat.vir
2008-11-08 19:48 . 2008-11-08 19:48 <DIR> d-------- c:\documents and settings\student\Application Data\IUpd721
2008-11-08 19:43 . 2008-11-08 19:43 <DIR> d-------- c:\temp\PRE45
2008-11-08 19:43 . 2008-11-08 19:43 <DIR> d-------- c:\documents and settings\student\Application Data\NI.GSCNS
2008-11-08 19:43 . 2008-11-08 19:43 79,094 --a------ c:\windows\system32\wuzemrsksdqmew.exe
2008-11-08 15:41 . 2008-11-08 15:41 <DIR> d-a------ c:\program files\AskSBar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 06:34 --------- d-----w c:\documents and settings\student\Application Data\uTorrent
2008-11-21 03:03 --------- d-----w c:\program files\Common Files\BitDefender
2008-11-21 03:03 --------- d-----w c:\program files\BitDefender
2008-11-15 00:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-15 00:13 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 00:12 --------- d-----w c:\program files\PCDR5
2008-10-24 11:10 453,632 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-03 22:44 --------- d-----w c:\documents and settings\student\Application Data\LimeWire
2007-09-30 18:35 61 --sh--w c:\windows\cnerolf.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-03-27 4670968]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-12-25 409600]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-08-01 540672]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"TPKBDLED"="c:\windows\system32\TpScrLk.exe" [2002-10-08 40960]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-20 159744]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-02-02 120368]
"IUpd721"="c:\documents and settings\student\Application Data\NI.GSCNS\IUpd721.exe" [2008-11-08 403968]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-29 243248]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-20 208896]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-10-19 69632]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"TpShocks"="TpShocks.exe" [2007-03-29 c:\windows\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 c:\windows\system32\TP4EX.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)
"LogonType"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-10-19 02:08 49152 c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 23:45 28672 c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 20:16 24576 c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoldSkip
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\SWSHARE\\CtmWeb\\ctmweb.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2007-03-02 100656]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2007-03-02 19760]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2007-04-26 11520]
R1 IBMTPCHK;IBMTPCHK;\??\c:\windows\system32\Drivers\IBMBLDID.sys [2007-04-26 6016]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2007-03-26 4442]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-01-07 569344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]
R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2007-04-26 54432]
S1 wmilibb;wmilibb; []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59b5d45c-e0f6-11dc-81b5-00197e657618}]
\Shell\AutoRun\command - jiwsxh39.exe
\Shell\explore\Command - jiwsxh39.exe
\Shell\open\Command - jiwsxh39.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9df1fcf-6d5e-11dc-a51b-001558c3a766}]
\Shell\AutoRun\command - E:\launch.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2989044-fded-11dc-820a-001558c3a766}]
\Shell\AutoRun\command - F:\jiwsxh39.exe
\Shell\explore\Command - F:\jiwsxh39.exe
\Shell\open\Command - F:\jiwsxh39.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd3933bc-fd20-11dc-8208-001558c3a766}]
\Shell\AutoRun\command - E:\n2de.cmd
\Shell\explore\Command - E:\n2de.cmd
\Shell\open\Command - E:\n2de.cmd
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []

2008-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-01 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-12-20 00:14]
.
- - - - ORPHANS REMOVED - - - -

BHO-{08425564-51D6-7F05-291C-C73981B83117} - c:\windows\system32\jduoccbmtyth.dll
BHO-{250df2a2-22bc-4adc-bac0-52aee49e124f} - c:\windows\system32\khxtmm.dll
BHO-{4EA7E485-6C5F-A306-AD9A-AE4732167546} - c:\windows\system32\kygsxdtdywto.dll
BHO-{4F48C43D-1D41-745D-6BE2-96415D31DBAA} - c:\windows\system32\enmkxovahikpc.dll
BHO-{72732424-048B-4346-BF57-33FAC6B0677C} - c:\windows\system32\rqRIccBR.dll
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKLM-Run-rtycwdcenfrcuemh - c:\windows\system32\jduoccbmtyth.dll
HKLM-Run-hkhoydzfcxh - c:\windows\system32\enmkxovahikpc.dll
HKLM-Run-{AB-B4-48-84-DW} - c:\windows\system32\rrwnw64p.exe
HKLM-Run-{89c06f29-325c-4dd3-ef6a-b3a38ecca844} - c:\windows\system32\enmkxovahikpc.dll
HKLM-Run-McENUI - c:\progra~1\McAfee\MHN\McENUI.exe
HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
HKLM-Run-Base road long save - c:\documents and settings\All Users\Application Data\File dvd base road\Beep Dash.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\student\Application Data\Mozilla\Firefox\Profiles\8ptrvp8k.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 17:36:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1352)
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\rpcnet.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-12-01 17:39:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-01 22:39:26
ComboFix2.txt 2008-03-30 02:12:12

Pre-Run: 45,060,714,496 bytes free
Post-Run: 45,089,054,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

388 --- E O F --- 2008-11-14 04:35:12





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:16 PM, on 12/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Documents and Settings\student\Application Data\NI.GSCNS\IUpd721.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\student\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [IUpd721] C:\Documents and Settings\student\Application Data\NI.GSCNS\IUpd721.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 9859 bytes

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 01 December 2008 - 07:01 PM

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



NEXT


1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
wmilibb

File::
c:\windows\system32\jmeaxqe.dll
c:\windows\system32\kygsxdtdywto.dll-uninst.exe
c:\windows\system32\g35.exe
c:\windows\system32\qfixykipiijbgq.exe
c:\windows\system32\urqQKbXN.dll.vir
c:\windows\system32\drivers\core.cache.dsk.vir
c:\windows\system32\c00DE12.mat.vir
c:\windows\system32\wuzemrsksdqmew.exe
c:\windows\cnerolf.dat
E:\launch.bat
F:\jiwsxh39.exe
E:\n2de.cmd

Folder::
c:\documents and settings\student\Application Data\IUpd721
c:\program files\AskSBar

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59b5d45c-e0f6-11dc-81b5-00197e657618}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9df1fcf-6d5e-11dc-a51b-001558c3a766}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2989044-fded-11dc-820a-001558c3a766}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd3933bc-fd20-11dc-8208-001558c3a766}]

DirLook::
c:\documents and settings\student\Application Data\NI.GSCNS
c:\temp\PRE45

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 m3hak

m3hak
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 02 December 2008 - 07:52 PM

ComboFix 08-12-01.03 - mnand697 2008-12-02 19:43:32.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.567 [GMT -5:00]
Running from: c:\documents and settings\student\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\student\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\cnerolf.dat
c:\windows\system32\c00DE12.mat.vir
c:\windows\system32\drivers\core.cache.dsk.vir
c:\windows\system32\g35.exe
c:\windows\system32\jmeaxqe.dll
c:\windows\system32\kygsxdtdywto.dll-uninst.exe
c:\windows\system32\qfixykipiijbgq.exe
c:\windows\system32\urqQKbXN.dll.vir
c:\windows\system32\wuzemrsksdqmew.exe
E:\launch.bat
E:\n2de.cmd
F:\jiwsxh39.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\student\Application Data\IUpd721
c:\documents and settings\student\Application Data\IUpd721\Logs\scns.log
c:\documents and settings\student\Application Data\NI.GSCNS
c:\documents and settings\student\Application Data\NI.GSCNS\dl.ini
c:\documents and settings\student\Application Data\NI.GSCNS\IUpd721.exe
c:\documents and settings\student\Application Data\NI.GSCNS\settings.ini
c:\program files\AskSBar
c:\windows\cnerolf.dat
c:\windows\system32\c00DE12.mat.vir
c:\windows\system32\drivers\core.cache.dsk.vir
c:\windows\system32\g35.exe
c:\windows\system32\jmeaxqe.dll
c:\windows\system32\kygsxdtdywto.dll-uninst.exe
c:\windows\system32\qfixykipiijbgq.exe
c:\windows\system32\urqQKbXN.dll.vir
c:\windows\system32\wuzemrsksdqmew.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WMILIBB
-------\Service_wmilibb


((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-01 17:59 . 2008-12-01 18:00 <DIR> d-------- c:\windows\system32\NtmsData
2008-11-30 09:51 . 2008-11-30 09:51 <DIR> d-------- c:\documents and settings\student\Application Data\Twain
2008-11-30 09:46 . 2008-11-30 09:46 <DIR> d-------- c:\program files\Webtools
2008-11-30 00:17 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2008-11-25 21:19 . 2008-11-25 21:19 <DIR> d-------- C:\rsit
2008-11-25 21:19 . 2008-11-25 21:33 <DIR> d-------- c:\program files\trend micro
2008-11-16 10:47 . 2008-12-02 19:46 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-16 10:47 . 2008-11-16 10:47 1,409 --a------ c:\windows\QTFont.for
2008-11-14 21:52 . 2008-12-02 19:45 47,104 --a------ c:\windows\system32\rpcnet.dll
2008-11-14 21:51 . 2008-11-14 21:51 47,104 --a------ c:\windows\system32\rpcnet.exe
2008-11-14 21:49 . 2008-11-14 21:49 17,408 --a------ c:\windows\system32\rpcnetp.dll
2008-11-14 21:17 . 2008-11-14 21:17 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-11-14 21:17 . 2008-11-14 21:17 385 --a------ c:\windows\system32\user_gensett.xml
2008-11-14 19:30 . 2008-11-14 19:30 <DIR> d-------- c:\windows\system32\logs
2008-11-14 17:57 . 2008-10-15 09:25 644,976 --a------ C:\autoruns.exe
2008-11-14 17:56 . 2008-11-14 18:51 <DIR> d-------- C:\Downloads
2008-11-13 20:02 . 2008-11-13 20:02 <DIR> d-------- c:\documents and settings\student\Application Data\XemiComputers
2008-11-13 19:57 . 2008-11-13 19:57 <DIR> d-------- c:\program files\XemiComputers
2008-11-08 22:45 . 2008-11-08 22:46 <DIR> d-------- c:\documents and settings\student\.housecall6.6
2008-11-08 22:45 . 2008-11-08 22:45 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-08 22:18 . 2008-11-08 22:18 <DIR> d-------- c:\documents and settings\student\Application Data\GlarySoft
2008-11-08 22:14 . 2008-12-01 17:27 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-08 22:13 . 2008-11-08 22:13 262,144 --a------ c:\documents and settings\temp
2008-11-08 22:12 . 2008-11-08 22:14 <DIR> d-------- c:\program files\Trojan Remover
2008-11-08 22:12 . 2008-11-08 22:12 <DIR> d-------- c:\documents and settings\student\Application Data\Simply Super Software
2008-11-08 22:12 . 2008-11-08 22:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-08 22:12 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-08 22:12 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-08 22:12 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-08 22:12 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-08 22:12 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-08 21:29 . 2008-11-08 15:41 267,592 --a------ c:\program files\Uninstall Ask Toolbar.dll
2008-11-08 19:43 . 2008-11-08 19:43 <DIR> d-------- c:\temp\PRE45

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 06:34 --------- d-----w c:\documents and settings\student\Application Data\uTorrent
2008-11-21 03:03 --------- d-----w c:\program files\Common Files\BitDefender
2008-11-21 03:03 --------- d-----w c:\program files\BitDefender
2008-11-15 00:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-15 00:13 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 00:12 --------- d-----w c:\program files\PCDR5
2008-10-24 11:10 453,632 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-03 22:44 --------- d-----w c:\documents and settings\student\Application Data\LimeWire
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\student\Application Data\NI.GSCNS ----

2008-11-08 19:43 403968 --a------ c:\documents and settings\student\Application Data\NI.GSCNS\IUpd721.exe
2008-11-08 19:43 23 --a------ c:\documents and settings\student\Application Data\NI.GSCNS\settings.ini
2008-11-08 19:43 222 --a------ c:\documents and settings\student\Application Data\NI.GSCNS\dl.ini

---- Directory of c:\temp\PRE45 ----

2008-11-08 19:43 1858 --a------ c:\temp\PRE45\pG8.log


((((((((((((((((((((((((((((( snapshot@2008-12-01_17.39.06.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-19 02:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-07-19 02:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-07-19 02:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 19:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 02:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 02:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 19:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 02:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 19:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 02:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 19:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
- 2008-10-07 16:19:42 16,721,856 ----a-w c:\windows\system32\MRT.exe
+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2008-12-01 22:35:43 17,408 ----a-w c:\windows\system32\rpcnetp.exe
+ 2008-12-03 00:45:48 17,408 ----a-w c:\windows\system32\rpcnetp.exe
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2008-07-19 02:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-19 02:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-19 02:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-19 02:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-19 02:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-03-27 4670968]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-12-25 409600]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-08-01 540672]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"TPKBDLED"="c:\windows\system32\TpScrLk.exe" [2002-10-08 40960]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-20 159744]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-02-02 120368]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-09-15 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-09-15 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-09-15 77824]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-29 243248]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-20 208896]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-10-19 69632]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"TpShocks"="TpShocks.exe" [2007-03-29 c:\windows\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 c:\windows\system32\TP4EX.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)
"LogonType"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-10-19 02:08 49152 c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 23:45 28672 c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 20:16 24576 c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2 (0x2)
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\SWSHARE\\CtmWeb\\ctmweb.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2007-03-02 100656]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2007-03-02 19760]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2007-04-26 11520]
R1 IBMTPCHK;IBMTPCHK;\??\c:\windows\system32\Drivers\IBMBLDID.sys [2007-04-26 6016]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2007-03-26 4442]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-01-07 569344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]
R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2007-04-26 54432]
.
Contents of the 'Scheduled Tasks' folder

2008-12-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []

2008-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-03 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-12-20 00:14]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-IUpd721 - c:\documents and settings\student\Application Data\NI.GSCNS\IUpd721.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 19:46:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1348)
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\rpcnet.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-12-02 19:48:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 00:48:34
ComboFix2.txt 2008-12-01 22:39:29
ComboFix3.txt 2008-03-30 02:12:12

Pre-Run: 45,070,635,008 bytes free
Post-Run: 45,059,997,696 bytes free

287 --- E O F --- 2008-12-02 00:29:50



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:52:20 PM, on 12/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\student\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 9185 bytes

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 02 December 2008 - 08:57 PM

Delete these two folders manually..

1. c:\documents and settings\student\Application
2. c:\temp\PRE45


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.





Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Post me these logs in your next reply..

1. Malwarebytes'
2. ESET Online Scanner
3. Tell me about your computer behaviour

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 m3hak

m3hak
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 03 December 2008 - 10:22 PM

I could not find the first folder, deleted the second one (PRE45).



Malwarebytes' Anti-Malware 1.30
Database version: 1450
Windows 5.1.2600 Service Pack 2

12/2/2008 10:15:08 PM
mbam-log-2008-12-02 (22-15-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 135302
Time elapsed: 30 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 81

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4549ce81-fdc4-406b-ae5d-0a1ead398c84} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6722331e-5a8d-4caf-9b0b-587f75705547} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instbndlkeyldr (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.mfc\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\3wPlayer (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\student\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\student\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\student\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\student\Application Data\Microsoft\Windows\sys32.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Uninstall Ask Toolbar.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\Program Files\Webtools\webtools.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\student\Application Data\gadcom\gadcom.exe.vir () -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\student\Application Data\gadcom\gadcom.exe3p1.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\student\Application Data\gadcom\gadcom.exe7m4.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\student\Application Data\NI.GSCNS\IUpd721.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Mjcore\Mjcore.dll.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\alikfq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\anmsnpqu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\bcblpchu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\blarqhnm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\byXOEvtr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfeednc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gvrgsejn.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hlbkgryo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hokxky.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\iifgGXnK.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcYqpMc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\digljogs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\drmwui.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\eappuuyq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\efcbYPHa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\efcdCTmM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\efcYponm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\fbeeey.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\fccccYOG.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkHBUmK.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkIBSkH.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkIYsPf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jsrxbn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kasleq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\khfCvUmM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kldjutnn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kuffav.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kuqcaq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lirjrnot.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nbtikv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\nljwqtbr.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\olyxmhio.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ongdhsyd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\opnnlICU.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\otgsva.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jjncpmnn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\khxtmm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wiwgteqd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\oxnaoemm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pacagqtu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pexmedkk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pkbhyg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\prun.exe.vir (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pxrbmieu.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\pyuyoy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qplylovq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rhaeutai.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rqRHxuuV.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\rqRIccBR.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\slucbl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqOIxXR.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqQIXQG.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\svldegjy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tinplawv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tlrpvbve.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\trdsnb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ulbsamnc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqQKbXN.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\uxsgcy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wjnstbrk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\womrnf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wvUkjjji.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xwwfrp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yayyvuRl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ybmtvjsx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yivdab.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\zwecwd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\MX5\NLIP56v.exe.vir (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\svm\crten4li.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{22D8D8C7-06FE-44AB-92FC-F80CFFA2CE3D}\RP6\A0000396.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\student\Application Data\RegistrySmart\Registry Backups\2008-03-29_01-55-08.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\student\Application Data\Twain\Twain.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\student\Application Data\Microsoft\Windows\lsass.exe.vir (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3662 (20081203)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=823729327578f84496f65de65287b80d
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-04 03:05:07
# local_time=2008-12-03 10:05:07 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=448630
# found=14
# scan_time=1934
C:\QooBox\Quarantine\C\autorun.inf.vir Win32/PSW.OnLineGames.MUU trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\dwwnw64r.exe.vir Win32/TrojanDownloader.Agent.AFZG trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\g35.exe.vir Win32/Adware.GooochiBiz application (deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\g35.exe.vir »NSIS »ý§€ Win32/Adware.GooochiBiz application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir a variant of Win32/Adware.MySideSearch application (deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir »NSIS »ý¤€ a variant of Win32/Adware.MySideSearch application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\jmeaxqe.dll.vir a variant of Win32/PSW.Delf.NLS trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\pamfplgn.dll.vir Win32/Adware.SuperJuan application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\pcntstdm.exe.vir a variant of Win32/Adware.ZenoSearch application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\rrwnw64p.exe.vir Win32/TrojanDownloader.Agent.AFZG trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\tgsbpp.dll.vir Win32/Adware.SuperJuan application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\umfyrpom.dll.vir Win32/Adware.SuperJuan application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\zmkyts.dll.vir Win32/Adware.SuperJuan application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\drt\ZVRE2I25.exe.vir Win32/Adware.GooochiBiz application (unable to clean - deleted) 00000000000000000000000000000000

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 03 December 2008 - 11:00 PM

Looks good to me.. How is your computer now?.. Please run RSIT once again and post the log here for my final review..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 m3hak

m3hak
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 04 December 2008 - 03:39 PM

whoaa thanks a lot, yeah its much faster and no more pop ups. *hugS*

Logfile of random's system information tool 1.04 (written by random/random)
Run by mnand697 at 2008-12-04 15:36:35
Microsoft Windows XP Professional Service Pack 2
System drive C: has 41 GB (54%) free of 76 GB
Total RAM: 1014 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:38 PM, on 12/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\student\Desktop\RSIT.exe
C:\Documents and Settings\student\Desktop\mnand697.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: E-Zsoft VideoDownloaderToolBar - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll (file missing)
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [InternetDownload_upgrade] "C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe" /upgrade
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download by VersalSoft Internet Download - C:\Program Files\VersalSoft\InternetDownload\adddownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 10004 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-24 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4322A444-92F8-4C3E-BD4C-013BA51E2871}]
E-Zsoft VideoDownloaderToolBar - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{4322A444-92F8-4C3E-BD4C-013BA51E2871} - E-Zsoft VideoDownloaderToolBar - C:\Program Files\VersalSoft\InternetDownload\VDTB.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2006-12-25 409600]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-08-01 540672]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2007-03-29 181808]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2006-06-02 856064]
"TPKBDLED"=C:\WINDOWS\system32\TpScrLk.exe [2002-10-08 40960]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-10-02 94208]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2006-02-14 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-02-14 512000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2007-02-02 120368]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-09-15 94208]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-09-15 118784]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-09-15 77824]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2006-11-29 243248]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940]
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-10-19 69632]
"AMSG"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe [2005-11-14 487424]
"InternetDownload_upgrade"=C:\Program Files\VersalSoft\InternetDownload\InternetDownload.exe /upgrade []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-03-27 4670968]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=2
"MSK80Service"=2
"MpfService"=2
"McSysmon"=3
"McShield"=2
"McProxy"=2
"McODS"=3
"McNASvc"=2
"mcmscsvc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll [2006-10-19 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-09-15 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0
"LogonType"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSharedDocuments"=1
"NoSMConfigurePrograms"=1
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\WINDOWS\SWSHARE\CtmWeb\ctmweb.exe"="C:\WINDOWS\SWSHARE\CtmWeb\ctmweb.exe:*:Enabled:ctmweb.exe"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\SWSHARE\CtmWeb\ctmweb.exe"="C:\SWSHARE\CtmWeb\ctmweb.exe:*:Enabled:ctmweb Computrace Installation/Management Application"
"C:\WINDOWS\SWSHARE\CtmWeb\ctmweb.exe"="C:\WINDOWS\SWSHARE\CtmWeb\ctmweb.exe:*:Enabled:ctmweb Computrace Installation/Management Application"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-03 21:03:01 ----D---- C:\Program Files\EsetOnlineScanner
2008-12-02 22:35:48 ----D---- C:\Program Files\Universal
2008-12-02 21:07:38 ----D---- C:\Documents and Settings\student\Application Data\Malwarebytes
2008-12-02 21:07:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-02 21:07:34 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-02 21:05:27 ----SHD---- C:\RECYCLER
2008-12-02 19:48:38 ----D---- C:\WINDOWS\temp
2008-12-02 19:48:37 ----A---- C:\ComboFix.txt
2008-12-02 19:43:08 ----D---- C:\ComboFix
2008-12-01 17:59:58 ----D---- C:\WINDOWS\system32\NtmsData
2008-12-01 17:31:40 ----A---- C:\Boot.bak
2008-12-01 17:31:35 ----RASHD---- C:\cmdcons
2008-12-01 17:30:49 ----A---- C:\WINDOWS\zip.exe
2008-12-01 17:30:49 ----A---- C:\WINDOWS\VFIND.exe
2008-12-01 17:30:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-01 17:30:49 ----A---- C:\WINDOWS\SWSC.exe
2008-12-01 17:30:49 ----A---- C:\WINDOWS\SWREG.exe
2008-12-01 17:30:49 ----A---- C:\WINDOWS\sed.exe
2008-12-01 17:30:49 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-01 17:30:49 ----A---- C:\WINDOWS\grep.exe
2008-12-01 17:30:49 ----A---- C:\WINDOWS\fdsv.exe
2008-11-30 09:51:31 ----D---- C:\Documents and Settings\student\Application Data\Twain
2008-11-30 00:17:03 ----D---- C:\SDFix
2008-11-25 21:19:11 ----D---- C:\rsit
2008-11-25 21:19:11 ----D---- C:\Program Files\trend micro
2008-11-14 21:52:06 ----A---- C:\WINDOWS\system32\rpcnet.dll
2008-11-14 21:51:31 ----A---- C:\WINDOWS\system32\rpcnet.exe
2008-11-14 21:49:45 ----A---- C:\WINDOWS\system32\rpcnetp.dll
2008-11-14 19:30:04 ----D---- C:\WINDOWS\system32\logs
2008-11-14 17:57:45 ----A---- C:\autoruns.exe
2008-11-14 17:56:35 ----D---- C:\Downloads
2008-11-13 23:35:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 23:34:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-13 20:02:25 ----D---- C:\Documents and Settings\student\Application Data\XemiComputers
2008-11-13 19:57:56 ----D---- C:\Program Files\XemiComputers
2008-11-08 22:18:35 ----D---- C:\Documents and Settings\student\Application Data\GlarySoft
2008-11-08 22:14:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-08 22:12:55 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2008-11-08 22:12:55 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2008-11-08 22:12:55 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2008-11-08 22:12:55 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2008-11-08 22:12:55 ----A---- C:\WINDOWS\system32\unacev2.dll
2008-11-08 22:12:54 ----D---- C:\Program Files\Trojan Remover
2008-11-08 22:12:54 ----D---- C:\Documents and Settings\student\Application Data\Simply Super Software
2008-11-08 22:12:54 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-11-08 19:49:08 ----A---- C:\WINDOWS\system32\a3d97055-.txt

======List of files/folders modified in the last 1 months======

2008-12-04 15:36:20 ----D---- C:\WINDOWS\Prefetch
2008-12-04 15:30:44 ----D---- C:\Program Files\Mozilla Firefox
2008-12-04 14:31:16 ----A---- C:\WINDOWS\system32\PROCDB.INI
2008-12-04 14:31:13 ----D---- C:\WINDOWS
2008-12-04 14:31:04 ----A---- C:\WINDOWS\system32\rpcnetp.exe
2008-12-04 03:34:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-04 03:33:38 ----SHD---- C:\WINDOWS\Installer
2008-12-04 03:33:08 ----D---- C:\Documents and Settings\student\Application Data\uTorrent
2008-12-04 02:17:45 ----A---- C:\WINDOWS\hpbafd.ini
2008-12-03 21:27:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-03 21:27:48 ----D---- C:\WINDOWS\system32
2008-12-03 21:03:01 ----RD---- C:\Program Files
2008-12-03 21:02:56 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-02 21:07:37 ----D---- C:\WINDOWS\system32\drivers
2008-12-02 21:05:28 ----D---- C:\Temp
2008-12-02 19:48:38 ----D---- C:\QooBox
2008-12-02 19:48:24 ----D---- C:\WINDOWS\erdnt
2008-12-02 19:46:06 ----A---- C:\WINDOWS\system.ini
2008-12-02 19:45:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-02 19:44:37 ----D---- C:\WINDOWS\system32\config
2008-12-02 19:44:08 ----D---- C:\WINDOWS\AppPatch
2008-12-02 19:44:08 ----D---- C:\Program Files\Common Files
2008-12-02 19:38:18 ----HD---- C:\WINDOWS\inf
2008-12-02 19:38:18 ----D---- C:\WINDOWS\Help
2008-12-01 18:04:46 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-01 18:04:46 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-01 17:31:40 ----RASH---- C:\boot.ini
2008-12-01 17:30:48 ----SHD---- C:\System Volume Information
2008-12-01 17:30:48 ----D---- C:\WINDOWS\system32\Restore
2008-11-30 00:00:29 ----D---- C:\swshare
2008-11-25 19:33:58 ----D---- C:\WINDOWS\network diagnostic
2008-11-20 22:03:53 ----D---- C:\Program Files\BitDefender
2008-11-20 22:03:46 ----D---- C:\Program Files\Common Files\BitDefender
2008-11-17 21:59:55 ----D---- C:\WINDOWS\system32\(null)
2008-11-16 00:14:27 ----D---- C:\WINDOWS\pss
2008-11-16 00:14:27 ----A---- C:\WINDOWS\win.ini
2008-11-14 19:14:31 ----SD---- C:\WINDOWS\Tasks
2008-11-14 19:13:53 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-14 19:13:27 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-14 19:12:48 ----D---- C:\Program Files\PCDR5
2008-11-14 19:06:28 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-13 23:35:07 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 23:35:05 ----A---- C:\WINDOWS\imsins.BAK
2008-11-13 23:34:33 ----D---- C:\WINDOWS\WinSxS
2008-11-08 22:41:11 ----SD---- C:\Documents and Settings\student\Application Data\Microsoft
2008-11-08 22:15:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-08 22:13:42 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 36096]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2006-12-20 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-01-10 7168]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544]
R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\system32\EGATHDRV.SYS []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-10-19 5120]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2007-03-26 33536]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 AR5211;AR5211; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-12-07 508672]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-16 15872]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-01-12 246680]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-08-28 990592]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-08-28 208384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-09-15 1173468]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2006-11-01 20016]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-03 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-02-14 177664]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]
R3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys [2007-01-07 17664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-09-16 57856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-08-28 728576]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2003-03-25 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2003-03-25 40256]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-07-20 54432]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 EntDrv51;EntDrv51; C:\WINDOWS\system32\drivers\EntDrv51.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys [2005-12-05 192512]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\drivers\NETw3x32.sys []
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2003-03-25 21216]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2003-03-25 5728]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\drivers\s24trans.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2006-12-25 53248]
R2 acs;ACU Configuration Service; C:\WINDOWS\system32\acs.exe [2006-12-05 360533]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2006-12-25 172032]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2006-11-01 36392]
R2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2006-10-19 73728]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2008-11-14 47104]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2007-10-24 13312]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-01-07 644672]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2007-03-02 37680]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2005-06-06 32768]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-07 569344]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-01-07 950272]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2007-08-01 1126400]
R2 tvtnetwk;tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [2007-01-07 45056]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 04 December 2008 - 08:27 PM

You are good to go.. :thumbsup:


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between combofix and /u is needed

    Posted Image




NEXT


I haven't seen any antivirus in your logs.. Antivirus is extremely crucial as without it you will get re-infected again! Do you have any? If you don't, please install ONLY ONE of these free and excellent antivirus below:


Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 m3hak

m3hak
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 06 December 2008 - 09:05 PM

Ok so i installed AVG Anti-virus and i did a whole computer scan. It found infections and healed em. I dont have the same problem anymore and the computer is fast but firefox does freeze at times and displays error messages, i dont know if that pertains to my original problem. oh did i mention i love you guys. THANKS!

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 06 December 2008 - 11:28 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users