Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow computer, not sure if i have anything


  • This topic is locked This topic is locked
8 replies to this topic

#1 jasonbourne000

jasonbourne000

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 28 December 2008 - 11:55 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:18 PM, on 12/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\lxdmcoms.exe
C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
c:\program files\lenovo\system update\suservice.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PDTray.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
D:\My Stuff\Program Stuff\virus stuff\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {1270188D-C1BD-4E5C-AE6C-6A2212DED7AF} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58D8EB16-14E2-4D03-A1AF-77C9E3D8E4A2} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E6D0CB9-0B15-4AA3-9612-D850BA170B9D} - (no file)
O2 - BHO: (no name) - {80761B29-E27D-4503-8451-8F0E96C9B3BE} - (no file)
O2 - BHO: (no name) - {8A7FE152-1DBB-4ED8-AC13-3DC0C9246699} - (no file)
O2 - BHO: (no name) - {C717D27E-4985-42A4-AD47-C64F6E551A8E} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: (no name) - {FC9F68DA-8485-41AA-9EA3-FA7C639DC486} - (no file)
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [PDTray] C:\PROGRA~1\ThinkPad\UTILIT~1\PDTray.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Bluetooth.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.4.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EyesSecurity - Unknown owner - c:\program files\eyes software inc\eyes protection\eyessecurity.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxdmCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdmserv.exe
O23 - Service: lxdm_device - - C:\WINDOWS\system32\lxdmcoms.exe
O23 - Service: Movielink Core Service - Blockbuster - C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14789 bytes

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:36 PM

Posted 09 January 2009 - 09:49 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 jasonbourne000

jasonbourne000
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 15 January 2009 - 04:54 PM

DDS (Ver_09-01-07.01) - NTFSx86
Run by Numinus at 16:49:02.08 on Thu 01/15/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.317 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdmcoms.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PDTray.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Numinus\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = 127.0.0.1:81
uInternet Settings,ProxyOverride = local;*.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: {1270188D-C1BD-4E5C-AE6C-6A2212DED7AF} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {58D8EB16-14E2-4D03-A1AF-77C9E3D8E4A2} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E6D0CB9-0B15-4AA3-9612-D850BA170B9D} - No File
BHO: {80761B29-E27D-4503-8451-8F0E96C9B3BE} - No File
BHO: {8A7FE152-1DBB-4ED8-AC13-3DC0C9246699} - No File
BHO: {C717D27E-4985-42A4-AD47-C64F6E551A8E} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: {FC9F68DA-8485-41AA-9EA3-FA7C639DC486} - No File
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [dxlock]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Aim6]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [TpShocks] TpShocks.exe
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [PDTray] c:\progra~1\thinkpad\utilit~1\PDTray.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\ATIPTAXX.EXE
StartupFolder: c:\docume~1\numinus\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\numinus\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Bluetooth.lnk.disabled
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\ibm\bluetooth software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: {FC9F68DA-8485-41AA-9EA3-FA7C639DC486} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\numinus\applic~1\mozilla\firefox\profiles\oaxbphx5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\mozilla firefox\extensions\{ad55c869-668e-457c-b270-0cfb2f61116f}\components\FFAlert.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll

============= SERVICES / DRIVERS ===============

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2008-2-20 6912]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2008-12-1 16384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-10-22 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090115.004\naveng.sys [2009-1-15 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090115.004\navex15.sys [2009-1-15 876112]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R4 lxdm_device;lxdm_device;c:\windows\system32\lxdmcoms.exe -service --> c:\windows\system32\lxdmcoms.exe -service [?]
R4 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-6-6 116928]
R4 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-6-6 1821376]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-2 24652]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2007-9-25 15744]
S4 EyesSecurity;EyesSecurity;c:\program files\eyes software inc\eyes protection\eyessecurity.exe --> c:\program files\eyes software inc\eyes protection\eyessecurity.exe [?]
S4 lxdmCATSCustConnectService;lxdmCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdmserv.exe [2008-2-22 99248]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-01-11 14:03 <DIR> --d----- C:\More My Stuff
2009-01-04 23:05 11 a----r-- c:\windows\amunres.lsl
2009-01-04 22:18 <DIR> --d----- c:\program files\SoftJock
2009-01-04 04:17 <DIR> --d----- c:\program files\Sfpack
2009-01-04 03:22 <DIR> --d----- c:\docume~1\numinus\applic~1\FabFilter
2009-01-04 03:17 <DIR> --d----- c:\program files\FabFilter
2009-01-04 03:17 <DIR> --d----- c:\program files\common files\VST3
2009-01-04 03:17 <DIR> --d----- c:\program files\common files\Digidesign
2009-01-03 02:50 <DIR> --d----- c:\program files\Ares
2008-12-27 22:32 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-21 00:08 <DIR> --d-h--- c:\windows\PIF

==================== Find3M ====================

2009-01-11 00:00 5,427 a------- c:\windows\system32\EGATHDRV.SYS
2008-12-28 22:33 4,704 a------- c:\windows\system32\tmp.reg
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-10-26 12:21 7 a------- C:\tw0001.dat
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-21 23:02 10,752 a------- c:\windows\system32\PSS6D5F0.DLL
2008-10-21 23:02 10,752 a------- c:\windows\system32\PSS6D5EF.DLL
2008-10-21 23:02 10,752 a------- c:\windows\system32\PSS6D5EE.DLL
2008-10-21 23:02 10,752 a------- c:\windows\system32\PSS6D5ED.DLL
2008-10-21 23:02 10,752 a------- c:\windows\system32\PSS6D5EC.DLL
2008-10-21 23:02 10,752 a------- c:\windows\system32\PSS6D5EB.DLL
2008-10-21 23:02 10,752 a------- c:\windows\system32\PSS6D5EA.DLL
2008-10-21 23:02 10,752 a------- c:\windows\system32\PSS6D5E9.DLL
2008-10-21 23:02 10,752 a------- c:\windows\system32\PSS6D5E8.DLL
2008-10-21 23:02 10,752 a------- c:\windows\system32\PSS6D5E7.DLL
2008-10-21 23:02 10,752 a------- c:\windows\system32\PSS6D5E6.DLL
2008-10-21 23:02 10,752 a------- c:\windows\system32\PSS6D5E5.DLL
2008-10-21 22:05 29,539 a------- c:\windows\fonts\nihilschiz_homicide-effect.zip
2008-10-21 22:05 47,434 a------- c:\windows\fonts\gemfonts_buffied.zip
2008-10-21 22:05 7,046 a------- c:\windows\fonts\filmfonts_resident-evil.zip
2008-10-21 22:04 42,010 a------- c:\windows\fonts\bens-fonts_bn-manson-nights.zip
2008-10-21 22:04 32,370 a------- c:\windows\fonts\brain-eaters_blood-of-dracula.zip
2008-10-21 22:04 145,607 a------- c:\windows\fonts\blue-vinyl_my-scars-.zip
2008-10-21 22:02 482,088 a------- c:\windows\fonts\billy-argel_black-oak-.zip
2008-10-21 22:02 413,494 a------- c:\windows\fonts\billy-argel_sniper.zip
2008-10-21 21:59 275,864 a------- c:\windows\fonts\billy-argel_dirty-and-classic.zip
2008-03-18 10:27 310,109 a--sh--- c:\windows\system32\abccf.ini2
2008-03-26 10:43 275,596 a--sh--- c:\windows\system32\suxbc.ini2
2008-09-29 05:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-09-29 05:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat
2008-09-29 05:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
2008-08-01 13:49 32,768 a--sh--- c:\windows\temp\cookies\index.dat
2008-08-01 13:49 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2008-08-01 13:49 49,152 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 16:49:30.48 ===============

#4 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 18 January 2009 - 10:41 AM

Hi, sorry the delay.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#5 jasonbourne000

jasonbourne000
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 18 January 2009 - 11:41 PM

ComboFix 09-01-18.01 - Numinus 2009-01-18 23:32:38.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.757 [GMT -5:00]
Running from: c:\documents and settings\Numinus\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\BMe3db1cff.txt
c:\windows\BMe3db1cff.xml
c:\windows\system32\abccf.ini
c:\windows\system32\abccf.ini2
c:\windows\system32\axptohml.ini
c:\windows\system32\bqsaqvdv.ini
c:\windows\system32\bxcdxntm.ini
c:\windows\system32\byiwdtby.ini
c:\windows\system32\cfekejfd.ini
c:\windows\system32\drewibgs.ini
c:\windows\system32\dxjyjsuw.ini
c:\windows\system32\iljkilqf.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\nmnejkst.ini
c:\windows\system32\ononteux.ini
c:\windows\system32\plugin1.dat
c:\windows\system32\rutwa.ini
c:\windows\system32\rvwkswhj.ini
c:\windows\system32\suxbc.ini
c:\windows\system32\suxbc.ini2
c:\windows\system32\tmp.reg
c:\windows\system32\tqmpebms.ini
c:\windows\system32\xerxhrwr.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-18 22:44 . 2009-01-18 22:44 230 --a------ c:\windows\system32\spupdsvc.inf
2009-01-18 22:43 . 2006-11-07 23:01 66,048 --a------ c:\windows\ieResetIcons.exe
2009-01-16 00:29 . 2009-01-18 22:31 <DIR> d-------- C:\C Stuff
2009-01-11 14:03 . 2009-01-13 13:47 <DIR> d-------- C:\More My Stuff
2009-01-04 23:05 . 2009-01-04 23:05 11 -ra------ c:\windows\amunres.lsl
2009-01-04 22:18 . 2009-01-04 22:18 <DIR> d-------- c:\program files\SoftJock
2009-01-04 04:17 . 2009-01-04 04:17 <DIR> d-------- c:\program files\Sfpack
2009-01-04 03:22 . 2009-01-04 03:22 <DIR> d-------- c:\documents and settings\Numinus\Application Data\FabFilter
2009-01-04 03:17 . 2009-01-04 03:17 <DIR> d-------- c:\program files\FabFilter
2009-01-04 03:17 . 2009-01-04 03:17 <DIR> d-------- c:\program files\Common Files\VST3
2009-01-04 03:17 . 2009-01-04 03:17 <DIR> d-------- c:\program files\Common Files\Digidesign
2009-01-03 02:50 . 2009-01-03 02:51 <DIR> d-------- c:\program files\Ares
2008-12-27 22:32 . 2008-12-27 22:32 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-21 00:08 . 2008-12-21 00:08 <DIR> d--h----- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 03:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-19 03:15 --------- d-----w c:\program files\Symantec AntiVirus
2009-01-18 05:32 5,427 ----a-w c:\windows\system32\EGATHDRV.SYS
2009-01-15 21:06 --------- d-----w c:\documents and settings\All Users\Application Data\x3watch
2009-01-13 04:24 --------- d-----w c:\documents and settings\Numinus\Application Data\uTorrent
2009-01-12 07:12 --------- d-----w c:\documents and settings\Numinus\Application Data\SSH
2009-01-12 03:18 --------- d-----w c:\documents and settings\Numinus\Application Data\tunebite
2009-01-07 20:07 --------- d-----w c:\program files\uTorrent
2009-01-04 08:30 --------- d-----w c:\program files\VstPlugins
2008-12-28 03:32 --------- d-----w c:\program files\Java
2008-12-16 19:56 --------- d--ha-w c:\documents and settings\All Users\Application Data\GTek
2008-12-16 19:56 --------- d--h--w c:\documents and settings\Numinus\Application Data\GTek
2008-12-16 19:56 --------- d-----w c:\program files\Lightwright 4
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-02 05:46 --------- d-----w c:\documents and settings\Numinus\Application Data\U3
2008-12-01 23:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 15:36 --------- d-----w c:\program files\Lenovo
2008-12-01 15:36 --------- d-----w c:\program files\Common Files\Lenovo
2008-11-30 04:09 --------- d-----w c:\program files\Apple Software Update
2008-11-30 04:08 --------- d-----w c:\program files\iTunes
2008-11-30 04:08 --------- d-----w c:\program files\iPod
2008-11-30 04:08 --------- d-----w c:\program files\Common Files\Apple
2008-11-30 04:08 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 04:06 --------- d-----w c:\program files\Bonjour
2008-11-30 04:05 --------- d-----w c:\program files\QuickTime
2008-11-28 03:56 --------- d-----w c:\program files\Blockbuster
2008-11-28 03:56 --------- d-----w c:\documents and settings\All Users\Application Data\Movielink
2008-11-26 06:45 --------- d-----w c:\program files\Eyes Software Inc
2008-11-24 14:18 --------- d-----w c:\program files\Common Files\Adobe
2008-10-26 17:21 7 ----a-w C:\tw0001.dat
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-22 04:02 10,752 ----a-w c:\windows\system32\PSS6D5F0.DLL
2008-10-22 04:02 10,752 ----a-w c:\windows\system32\PSS6D5EF.DLL
2008-10-22 04:02 10,752 ----a-w c:\windows\system32\PSS6D5EE.DLL
2008-10-22 04:02 10,752 ----a-w c:\windows\system32\PSS6D5ED.DLL
2008-10-22 04:02 10,752 ----a-w c:\windows\system32\PSS6D5EC.DLL
2008-10-22 04:02 10,752 ----a-w c:\windows\system32\PSS6D5EB.DLL
2008-10-22 04:02 10,752 ----a-w c:\windows\system32\PSS6D5EA.DLL
2008-10-22 04:02 10,752 ----a-w c:\windows\system32\PSS6D5E9.DLL
2008-10-22 04:02 10,752 ----a-w c:\windows\system32\PSS6D5E8.DLL
2008-10-22 04:02 10,752 ----a-w c:\windows\system32\PSS6D5E7.DLL
2008-10-22 04:02 10,752 ----a-w c:\windows\system32\PSS6D5E6.DLL
2008-10-22 04:02 10,752 ----a-w c:\windows\system32\PSS6D5E5.DLL
2008-10-22 03:05 7,046 ----a-w c:\windows\Fonts\filmfonts_resident-evil.zip
2008-10-22 03:05 47,434 ----a-w c:\windows\Fonts\gemfonts_buffied.zip
2008-10-22 03:05 29,539 ----a-w c:\windows\Fonts\nihilschiz_homicide-effect.zip
2008-10-22 03:04 42,010 ----a-w c:\windows\Fonts\bens-fonts_bn-manson-nights.zip
2008-10-22 03:04 32,370 ----a-w c:\windows\Fonts\brain-eaters_blood-of-dracula.zip
2008-10-22 03:04 145,607 ----a-w c:\windows\Fonts\blue-vinyl_my-scars-.zip
2008-10-22 03:02 482,088 ----a-w c:\windows\Fonts\billy-argel_black-oak-.zip
2008-10-22 03:02 413,494 ----a-w c:\windows\Fonts\billy-argel_sniper.zip
2008-10-22 02:59 275,864 ----a-w c:\windows\Fonts\billy-argel_dirty-and-classic.zip
2008-09-29 10:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-09-29 10:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092920080930\index.dat
2008-09-29 10:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2005-01-27 12:08 657920 a8eac5330876548e9966a7d13025d196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-03-10 02:43 657920 c8663b488996e89a84c3d17c1d12b79e c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-02 18:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-02 21:09 659456 6e533d155b259eb2363d3e04b5be309f c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-20 22:38 661504 af785c4947676a7fc1673fdc5c8d0b5b c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
2007-01-04 09:05 665088 3ffa1573fc274e5aa7467d03941c45ee c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
2007-04-25 04:08 823808 431defbb4a3d7b0dc062c1b064623a2f c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
2007-06-27 09:40 824320 d6ed5e042c5207553e7f5e842918137f c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
2007-12-06 21:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 08:03 827392 6316c2f0c61271c8abdff7429174879e c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-22 22:35 827392 41546b396a526918da7995a02ea04e51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 11:01 827904 c66402a06b83b036c195242c0c8cf83c c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-08-26 04:08 827904 77c192fe56a70d7fa0247ba0a6201c32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
2008-10-16 15:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
2004-08-04 02:00 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\$NtUninstallKB890923$\wininet.dll
2005-03-10 03:02 656896 6f018d6319be4f96426ea829b79e05d5 c:\windows\$NtUninstallKB928090$\wininet.dll
2007-04-25 03:41 822784 0586a7f0b2fdb94d624f399d4728e7c8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
2007-12-06 21:21 824832 806d274c9a6c3aaea5eae8e4af841e04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
2008-04-22 23:16 826368 f6589be784647cfdbc22ea51ccb1a57a c:\windows\ie7updates\KB953838-IE7\wininet.dll
2008-08-26 02:24 826368 ef8eba98145bfa44e80d17a3b3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
2008-04-13 19:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows\ServicePackFiles\i386\wininet.dll
2007-01-04 08:37 658944 8c393df5234cbcbff1ee31902d6b40ae c:\windows\system32\wininet.dll
2007-01-04 08:37 658944 8c393df5234cbcbff1ee31902d6b40ae c:\windows\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\program files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe" [2008-03-24 218496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-06-06 125632]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-02 185896]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-20 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-20 208896]
"PDTray"="c:\progra~1\ThinkPad\UTILIT~1\PDTray.exe" [2003-12-10 73728]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"ATIPTA"="c:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2007-02-06 344064]
"TpShocks"="TpShocks.exe" [2007-11-22 c:\windows\system32\TpShocks.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]

c:\documents and settings\Numinus\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-02-24 44384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk.disabled [2008-06-20 637]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 19:14 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Lexmark 5000 Series Fax Server"="c:\program files\Lexmark 5000 Series\fm3032.exe" /s
"lxdmamon"="c:\program files\Lexmark 5000 Series\lxdmamon.exe"
"lxdmmon.exe"="c:\program files\Lexmark 5000 Series\lxdmmon.exe"
"x3watch"=c:\program files\X3watch\x3watch.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\WINDOWS\\system32\\lxdmcoms.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmamon.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\frun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmjswx.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\LXDMFax.exe"=
"c:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Microsoft Studios\\Windows Media Professional Exhibitor\\Controller\\WMEUI.exe"=
"c:\\Program Files\\Microsoft Studios\\Windows Media Professional Exhibitor\\Player\\ProExhibitorEngine.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2967:UDP"= 2967:UDP:Symantec AntiVirus Managed Client (2967:UDP)
"7001:UDP"= 7001:UDP:AFS CacheManager Callback (7001:UDP)
"2967:TCP"= 2967:TCP:Symantec AntiVirus Managed Client (2967:TCP)
"7001:TCP"= 7001:TCP:AFS CacheManager Callback (7001:TCP)
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2008-02-20 6912]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
S1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2008-12-01 16384]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-22 99376]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2007-09-25 15744]
S4 EyesSecurity;EyesSecurity;c:\program files\eyes software inc\eyes protection\eyessecurity.exe --> c:\program files\eyes software inc\eyes protection\eyessecurity.exe [?]
S4 lxdm_device;lxdm_device;c:\windows\system32\lxdmcoms.exe -service --> c:\windows\system32\lxdmcoms.exe -service [?]
S4 lxdmCATSCustConnectService;lxdmCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdmserv.exe [2008-02-22 99248]
S4 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [2006-03-13 58368]
S4 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-06-06 116928]
S4 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-03-02 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d821bd0-e0b0-11dc-899a-00054e479820}]
\Shell\AutoRun\command - g:\wd_windows_tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\wmp10.inf,PerUserStub
.
Contents of the 'Scheduled Tasks' folder

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-25 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2005-04-20 01:38]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1270188D-C1BD-4E5C-AE6C-6A2212DED7AF} - (no file)
BHO-{58D8EB16-14E2-4D03-A1AF-77C9E3D8E4A2} - (no file)
BHO-{7E6D0CB9-0B15-4AA3-9612-D850BA170B9D} - (no file)
BHO-{80761B29-E27D-4503-8451-8F0E96C9B3BE} - (no file)
BHO-{8A7FE152-1DBB-4ED8-AC13-3DC0C9246699} - (no file)
BHO-{C717D27E-4985-42A4-AD47-C64F6E551A8E} - (no file)
HKCU-Run-dxlock - (no file)
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = 127.0.0.1:81
uInternet Settings,ProxyOverride = local;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Numinus\Application Data\Mozilla\Firefox\Profiles\oaxbphx5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\Mozilla Firefox\extensions\{ad55c869-668e-457c-b270-0cfb2f61116f}\components\FFAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 23:36:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\system32\Ati2evxx.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2009-01-18 23:38:24
ComboFix-quarantined-files.txt 2009-01-19 04:37:59

Pre-Run: 5,639,020,544 bytes free
Post-Run: 6,006,661,120 bytes free

306 --- E O F --- 2009-01-15 21:14:55

#6 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 20 January 2009 - 07:09 AM

Hi,

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please, ready carefuly the link above of how use ComboFix

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)


We request to disable any antivirus.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


In the link above you'll see procedures to install the Revocery Console, please follow that instructions and post a new ComboFix log.

Thanks.
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#7 jasonbourne000

jasonbourne000
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 20 February 2009 - 06:10 PM

Sorry this took so long. In the meantime, my computer has gotten suspiciously slower.

Here's my ComboFix log.

------------------------------------------------------------------

ComboFix 09-02-18.01 - Numinus 2009-02-19 15:43:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.445 [GMT -5:00]
Running from: c:\documents and settings\Numinus\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.

2009-02-10 22:25 . 2009-02-10 22:25 10,752 --a------ c:\windows\system32\PSS01A7F.DLL
2009-02-06 02:38 . 2009-02-06 02:39 167 --a------ c:\documents and settings\Numinus\udownload.dat
2009-02-03 00:27 . 2009-02-11 00:33 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-03 00:07 . 2009-02-03 00:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lenovo
2009-01-25 01:01 . 2009-01-25 02:55 245 --a------ c:\windows\checkip.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 20:44 --------- d-----w c:\program files\Symantec AntiVirus
2009-02-15 05:00 5,427 ----a-w c:\windows\system32\EGATHDRV.SYS
2009-02-13 17:18 --------- d-----w c:\program files\Google
2009-02-07 06:09 --------- d-----w c:\documents and settings\Numinus\Application Data\tunebite
2009-02-06 06:19 --------- d-----w c:\program files\Napster
2009-02-05 05:39 --------- d-----w c:\documents and settings\Numinus\Application Data\uTorrent
2009-02-03 04:41 --------- d-----w c:\documents and settings\Numinus\Application Data\Lenovo
2009-02-03 04:38 --------- d-----w c:\program files\Lenovo
2009-02-03 04:38 --------- d-----w c:\program files\Common Files\Lenovo
2009-02-03 04:38 --------- d-----w c:\documents and settings\Administrator\Application Data\Lenovo
2009-02-03 04:34 23,552 ----a-w c:\windows\system32\drivers\psasrv.exe
2009-02-03 04:34 17,536 ----a-w c:\windows\system32\drivers\psadd.sys
2009-02-03 02:43 --------- d-----w c:\documents and settings\All Users\Application Data\x3watch
2009-01-19 05:17 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-19 04:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-12 07:12 --------- d-----w c:\documents and settings\Numinus\Application Data\SSH
2009-01-07 20:07 --------- d-----w c:\program files\uTorrent
2009-01-05 03:18 --------- d-----w c:\program files\SoftJock
2009-01-04 09:17 --------- d-----w c:\program files\Sfpack
2009-01-04 08:30 --------- d-----w c:\program files\VstPlugins
2009-01-04 08:22 --------- d-----w c:\documents and settings\Numinus\Application Data\FabFilter
2009-01-04 08:17 --------- d-----w c:\program files\FabFilter
2009-01-04 08:17 --------- d-----w c:\program files\Common Files\VST3
2009-01-04 08:17 --------- d-----w c:\program files\Common Files\Digidesign
2009-01-03 07:51 --------- d-----w c:\program files\Ares
2008-12-28 03:32 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-28 03:32 --------- d-----w c:\program files\Java
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-09-29 10:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-09-29 10:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092920080930\index.dat
2008-09-29 10:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-18_23.36.55.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
- 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
- 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2004-08-04 07:00:00 61,440 -c--a-w c:\windows\ie7\admparse.dll
+ 2004-08-04 07:00:00 99,840 -c--a-w c:\windows\ie7\advpack.dll
+ 2004-08-04 07:00:00 35,328 -c--a-w c:\windows\ie7\corpol.dll
+ 2004-09-23 01:45:40 28,672 -c--a-w c:\windows\ie7\custsat.dll
+ 2007-01-04 13:36:36 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll
+ 2007-01-04 13:36:36 205,312 -c--a-w c:\windows\ie7\dxtrans.dll
+ 2007-01-04 13:36:37 55,808 -c--a-w c:\windows\ie7\extmgr.dll
+ 2004-08-04 07:00:00 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
+ 2004-08-04 07:00:00 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe
+ 2004-08-04 07:00:00 139,264 -c--a-w c:\windows\ie7\ieakeng.dll
+ 2004-08-04 07:00:00 216,576 -c--a-w c:\windows\ie7\ieaksie.dll
+ 2004-08-04 07:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll
+ 2004-08-04 07:00:00 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll
+ 2007-01-04 10:36:30 18,432 -c--a-w c:\windows\ie7\iedw.exe
+ 2004-08-04 07:00:00 81,920 -c--a-w c:\windows\ie7\ieencode.dll
+ 2007-01-04 13:36:37 251,392 -c--a-w c:\windows\ie7\iepeers.dll
+ 2004-08-04 07:00:00 48,640 -c--a-w c:\windows\ie7\iernonce.dll
+ 2004-08-04 07:00:00 62,976 -c--a-w c:\windows\ie7\iesetup.dll
+ 2004-08-04 07:00:00 93,184 -c--a-w c:\windows\ie7\iexplore.exe
+ 2004-08-04 07:00:00 35,840 -c--a-w c:\windows\ie7\imgutil.dll
+ 2007-01-04 13:36:38 96,256 -c--a-w c:\windows\ie7\inseng.dll
+ 2007-01-04 13:36:38 16,384 -c--a-w c:\windows\ie7\jsproxy.dll
+ 2004-08-04 07:00:00 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
+ 2004-08-04 07:00:00 29,184 -c--a-w c:\windows\ie7\mshta.exe
+ 2007-01-04 13:36:48 3,056,640 -c--a-w c:\windows\ie7\mshtml.dll
+ 2007-01-04 13:36:51 448,512 -c--a-w c:\windows\ie7\mshtmled.dll
+ 2004-08-04 07:00:00 56,832 -c--a-w c:\windows\ie7\mshtmler.dll
+ 2004-08-04 07:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll
+ 2007-01-04 13:36:52 146,432 -c--a-w c:\windows\ie7\msrating.dll
+ 2007-01-04 13:36:54 532,480 -c--a-w c:\windows\ie7\mstime.dll
+ 2004-08-04 07:00:00 96,256 -c--a-w c:\windows\ie7\occache.dll
+ 2007-01-04 13:36:54 39,424 -c--a-w c:\windows\ie7\pngfilt.dll
+ 2007-08-13 23:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-08-13 23:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 22:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 22:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
+ 2004-08-04 07:00:00 37,888 -c--a-w c:\windows\ie7\url.dll
+ 2007-01-25 12:48:49 615,424 -c--a-w c:\windows\ie7\urlmon.dll
+ 2006-12-19 18:08:07 852,480 -c--a-w c:\windows\ie7\vgx.dll
+ 2004-08-04 07:00:00 276,480 -c--a-w c:\windows\ie7\webcheck.dll
+ 2007-01-04 13:37:08 658,944 -c--a-w c:\windows\ie7\wininet.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2007-08-13 23:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2007-08-13 23:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2007-08-13 23:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2007-08-13 23:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2007-08-13 23:36:26 61,952 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2007-08-13 23:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2007-08-13 23:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2007-08-13 23:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2007-08-13 22:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2007-02-12 21:10:12 2,451,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dat
+ 2007-07-11 17:27:48 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2007-08-13 23:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2007-08-13 23:54:10 6,049,280 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2007-08-13 23:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2007-08-13 23:34:04 266,752 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2007-08-13 23:39:10 13,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2007-08-13 23:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2007-08-13 23:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2007-08-13 23:54:10 458,752 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2007-08-13 23:54:10 50,688 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2007-08-13 23:54:12 3,578,368 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2007-08-13 23:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2007-08-13 23:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2007-08-13 23:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2007-08-13 23:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2007-08-13 23:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:34 22,752 -c----w c:\windows\ie7updates\KB956390-IE7\spcustom.dll
+ 2007-03-06 01:22:36 14,048 -c----w c:\windows\ie7updates\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2007-03-06 01:22:59 716,000 -c----w c:\windows\ie7updates\KB956390-IE7\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\updspapi.dll
+ 2007-08-13 23:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2007-08-13 23:54:10 1,162,240 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2007-08-13 23:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2007-08-13 23:54:10 818,688 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-10-17 07:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:31 22,752 -c----w c:\windows\ie7updates\KB960714-IE7\spcustom.dll
+ 2007-03-06 01:22:33 14,048 -c----w c:\windows\ie7updates\KB960714-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst.exe
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2007-03-06 01:22:56 716,000 -c----w c:\windows\ie7updates\KB960714-IE7\update.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\updspapi.dll
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
+ 2007-04-02 18:25:59 19,456 ----a-w c:\windows\msagent\intl\agt0401.dll
+ 2007-04-02 18:26:00 19,456 ----a-w c:\windows\msagent\intl\agt040d.dll
- 2004-08-04 07:00:00 61,440 ----a-w c:\windows\system32\admparse.dll
+ 2007-08-13 23:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
- 2004-08-04 07:00:00 99,840 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2004-08-04 07:00:00 10,752 ----a-w c:\windows\system32\c_iscii.dll
- 2004-08-04 07:00:00 61,440 -c--a-w c:\windows\system32\dllcache\admparse.dll
+ 2007-08-13 23:39:20 71,680 -c--a-w c:\windows\system32\dllcache\admparse.dll
- 2004-08-04 07:00:00 99,840 -c--a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2007-04-02 18:25:59 19,456 -c--a-w c:\windows\system32\dllcache\agt0401.dll
+ 2007-04-02 18:26:00 19,456 -c--a-w c:\windows\system32\dllcache\agt040d.dll
+ 2006-09-23 18:12:50 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll
- 2004-09-23 01:45:40 28,672 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 23:54:10 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
- 2007-01-04 13:36:36 357,888 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2007-01-04 13:36:36 205,312 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2007-01-04 13:36:37 55,808 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 07:00:00 38,912 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 23:18:02 60,416 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
- 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-12-20 23:15:13 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2004-08-04 07:00:00 34,304 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 07:00:00 139,264 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 07:00:00 216,576 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 07:00:00 221,184 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2004-08-04 07:00:00 323,584 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2007-01-04 10:36:30 18,432 -c--a-w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 23:44:02 69,120 -c--a-w c:\windows\system32\dllcache\iedw.exe
- 2004-08-04 07:00:00 81,920 ----a-w c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 23:45:18 78,336 -c--a-w c:\windows\system32\dllcache\ieencode.dll
- 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2007-01-04 13:36:37 251,392 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 23:54:10 191,488 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 07:00:00 48,640 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-12-20 23:15:22 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2004-08-04 07:00:00 62,976 -c--a-w c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 23:39:12 55,296 -c--a-w c:\windows\system32\dllcache\iesetup.dll
- 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2004-08-04 07:00:00 93,184 -c--a-w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2004-08-04 07:00:00 35,840 -c--a-w c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-13 23:36:06 36,352 -c--a-w c:\windows\system32\dllcache\imgutil.dll
- 2007-01-04 13:36:38 96,256 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 23:39:02 92,672 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2004-08-04 07:00:00 450,560 -c--a-w c:\windows\system32\dllcache\jscript.dll
+ 2008-05-09 10:53:39 512,000 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2007-01-04 13:36:38 16,384 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 00:09:55 6,144 -c--a-w c:\windows\system32\dllcache\kbdinbe1.dll
+ 2008-04-14 00:09:55 6,144 -c--a-w c:\windows\system32\dllcache\kbdinben.dll
+ 2008-04-14 00:09:55 6,656 -c--a-w c:\windows\system32\dllcache\kbdinmal.dll
+ 2008-04-14 00:09:55 6,144 -c--a-w c:\windows\system32\dllcache\kbdnepr.dll
+ 2008-04-14 00:09:55 6,144 -c--a-w c:\windows\system32\dllcache\kbdpash.dll
- 2004-08-04 07:00:00 22,016 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 23:44:18 40,960 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
- 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 07:00:00 29,184 -c--a-w c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 23:32:30 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
- 2007-01-04 13:36:48 3,056,640 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-17 02:35:14 3,594,752 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2007-01-04 13:36:51 448,512 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 07:00:00 56,832 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 23:01:12 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
- 2004-08-04 07:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 23:54:10 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
- 2007-01-04 13:36:52 146,432 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2007-01-04 13:36:54 532,480 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 07:00:00 96,256 -c--a-w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2007-01-04 13:36:54 39,424 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2006-09-23 18:12:50 1,497,088 -c----w c:\windows\system32\dllcache\shdocvw.dll
+ 2006-09-23 18:12:50 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll
- 2004-08-04 07:00:00 37,888 -c--a-w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2007-01-25 12:48:49 615,424 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2004-08-04 07:00:00 417,792 -c--a-w c:\windows\system32\dllcache\vbscript.dll
+ 2008-05-09 10:53:40 430,080 -c--a-w c:\windows\system32\dllcache\vbscript.dll
- 2006-12-19 18:08:07 852,480 -c--a-w c:\windows\system32\dllcache\vgx.dll
+ 2008-05-27 17:23:58 765,952 -c--a-w c:\windows\system32\dllcache\vgx.dll
- 2004-08-04 07:00:00 276,480 -c--a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2007-01-04 13:37:08 658,944 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2007-01-04 13:36:36 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ------w c:\windows\system32\dxtmsft.dll
- 2007-01-04 13:36:36 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ------w c:\windows\system32\dxtrans.dll
- 2007-01-04 13:36:37 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ------w c:\windows\system32\extmgr.dll
- 2008-12-10 08:04:32 1,609,760 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-27 16:28:37 1,663,816 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 07:00:00 6,144 ----a-w c:\windows\system32\ftlx041e.dll
+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
- 2004-08-04 07:00:00 34,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2004-08-04 07:00:00 139,264 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ------w c:\windows\system32\ieakeng.dll
- 2004-08-04 07:00:00 216,576 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ------w c:\windows\system32\ieaksie.dll
- 2004-08-04 07:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat
+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2004-08-04 07:00:00 323,584 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2004-08-04 07:00:00 81,920 ----a-w c:\windows\system32\ieencode.dll
+ 2007-08-13 23:45:18 78,336 ----a-w c:\windows\system32\ieencode.dll
+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2007-01-04 13:36:37 251,392 ----a-w c:\windows\system32\iepeers.dll
+ 2007-08-13 23:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
- 2004-08-04 07:00:00 48,640 ----a-w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2004-08-04 07:00:00 62,976 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-13 23:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2007-08-13 23:54:10 180,736 ------w c:\windows\system32\ieui.dll
- 2004-08-04 07:00:00 35,840 ----a-w c:\windows\system32\imgutil.dll
+ 2007-08-13 23:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
- 2007-01-04 13:36:38 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2007-08-13 23:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
- 2004-08-04 07:00:00 450,560 ----a-w c:\windows\system32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ----a-w c:\windows\system32\jscript.dll
- 2007-01-04 13:36:38 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbda1.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbda2.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbda3.dll
+ 2004-08-04 07:00:00 5,120 ----a-w c:\windows\system32\kbdarme.dll
+ 2004-08-04 07:00:00 5,120 ----a-w c:\windows\system32\kbdarmw.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbddiv1.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbddiv2.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdfa.dll
+ 2004-08-04 07:00:00 5,120 ----a-w c:\windows\system32\kbdgeo.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdheb.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdindev.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdinguj.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdinhin.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdinkan.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdinmar.dll
+ 2004-08-04 07:00:00 6,144 ----a-w c:\windows\system32\kbdinpun.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdintam.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdintel.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdsyr1.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdsyr2.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdth0.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdth1.dll
+ 2004-08-04 07:00:00 6,144 ----a-w c:\windows\system32\kbdth2.dll
+ 2004-08-04 07:00:00 6,144 ----a-w c:\windows\system32\kbdth3.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdurdu.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdusa.dll
+ 2004-08-04 07:00:00 5,632 ----a-w c:\windows\system32\kbdvntc.dll
- 2004-08-04 07:00:00 22,016 ----a-w c:\windows\system32\licmgr10.dll
+ 2007-08-13 23:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
- 2008-03-25 00:21:00 2,889,088 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2008-03-25 00:21:00 218,496 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-01-19 05:19:46 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe
- 2004-08-04 07:00:00 29,184 ----a-w c:\windows\system32\mshta.exe
+ 2007-08-13 23:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
- 2007-01-04 13:36:48 3,056,640 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-17 02:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2007-01-04 13:36:51 448,512 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ------w c:\windows\system32\mshtmled.dll
- 2004-08-04 07:00:00 56,832 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-08-13 23:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
- 2004-08-04 07:00:00 146,432 ----a-w c:\windows\system32\msls31.dll
+ 2007-08-13 23:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
- 2007-01-04 13:36:52 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ------w c:\windows\system32\msrating.dll
- 2007-01-04 13:36:54 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ------w c:\windows\system32\mstime.dll
- 2004-08-04 07:00:00 96,256 ----a-w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ------w c:\windows\system32\occache.dll
- 2007-01-04 13:36:54 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ------w c:\windows\system32\pngfilt.dll
- 2008-05-22 23:10:40 3,433,204 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2009-02-03 05:07:21 141,440 ----a-w c:\windows\system32\Restore\rstrlog.dat
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
+ 2004-08-04 07:00:00 185,344 ----a-w c:\windows\system32\Thawbrkr.dll
- 2004-08-04 07:00:00 37,888 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
- 2007-01-25 12:48:49 615,424 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2004-08-04 07:00:00 417,792 ----a-w c:\windows\system32\vbscript.dll
+ 2008-05-09 10:53:40 430,080 ----a-w c:\windows\system32\vbscript.dll
- 2004-08-04 07:00:00 276,480 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-13 23:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe
+ 2009-02-18 00:58:30 16,384 ----atw c:\windows\temp\Perflib_Perfdata_6ec.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-06-06 125632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-20 110592]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"TpShocks"="TpShocks.exe" [2007-11-22 c:\windows\system32\TpShocks.exe]

c:\documents and settings\Numinus\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-02-24 44384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 19:14 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk.disabled
backup=c:\windows\pss\Bluetooth.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Numinus^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk.disabled]
path=c:\documents and settings\Numinus\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2007-02-06 21:00 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
--a------ 2005-04-20 01:38 208896 c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMLREF]
--a------ 2005-04-20 01:38 20480 c:\program files\ThinkPad\Utilities\BMMLREF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMMONWND]
--a------ 2005-04-20 01:38 396288 c:\progra~1\ThinkPad\UTILIT~1\BATINFEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
--a------ 2006-07-14 21:13 2341632 c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--a------ 2007-04-27 01:33 243248 c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDTray]
--a------ 2003-12-10 01:32 73728 c:\progra~1\ThinkPad\UTILIT~1\PDTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
--------- 2008-03-26 02:06 59680 c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
--a------ 2007-01-09 16:28 868352 c:\program files\ThinkPad\Utilities\TpKmapAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-13 19:12 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pharos Systems ComTaskMaster"=2 (0x2)
"Movielink Core Service"=2 (0x2)
"mnmsrvc"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"lxdm_device"=2 (0x2)
"iPod Service"=3 (0x3)
"gupdate1c98862f8806960"=2 (0x2)
"btwdins"=2 (0x2)
"BthServ"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"lxdmCATSCustConnectService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Lexmark 5000 Series Fax Server"="c:\program files\Lexmark 5000 Series\fm3032.exe" /s
"lxdmamon"="c:\program files\Lexmark 5000 Series\lxdmamon.exe"
"lxdmmon.exe"="c:\program files\Lexmark 5000 Series\lxdmmon.exe"
"x3watch"=c:\program files\X3watch\x3watch.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"TVT Scheduler Proxy"=c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
"Adobe_ID0EYTHM"=c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"DLA"=c:\windows\System32\DLA\DLACTRLW.EXE
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\WINDOWS\\system32\\lxdmcoms.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmamon.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\frun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\lxdmmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdmjswx.exe"=
"c:\\Program Files\\Lexmark 5000 Series\\LXDMFax.exe"=
"c:\\Program Files\\Microsoft Expression\\Media 1.0\\Media.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Microsoft Studios\\Windows Media Professional Exhibitor\\Controller\\WMEUI.exe"=
"c:\\Program Files\\Microsoft Studios\\Windows Media Professional Exhibitor\\Player\\ProExhibitorEngine.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2967:UDP"= 2967:UDP:Symantec AntiVirus Managed Client (2967:UDP)
"7001:UDP"= 7001:UDP:AFS CacheManager Callback (7001:UDP)
"2967:TCP"= 2967:TCP:Symantec AntiVirus Managed Client (2967:TCP)
"7001:TCP"= 7001:TCP:AFS CacheManager Callback (7001:TCP)
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2008-02-20 6912]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2008-12-01 16384]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-06-06 116928]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-03-02 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-22 99376]
S2 EyesSecurity;EyesSecurity;c:\program files\eyes software inc\eyes protection\eyessecurity.exe --> c:\program files\eyes software inc\eyes protection\eyessecurity.exe [?]
S2 gupdate1c98862f8806960;Google Update Service (gupdate1c98862f8806960);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-01-25 42000]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2007-09-25 15744]
S4 lxdm_device;lxdm_device;c:\windows\system32\lxdmcoms.exe -service --> c:\windows\system32\lxdmcoms.exe -service [?]
S4 lxdmCATSCustConnectService;lxdmCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdmserv.exe [2008-02-22 99248]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d821bd0-e0b0-11dc-899a-00054e479820}]
\Shell\AutoRun\command - g:\wd_windows_tools\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
rundll32.exe advpack.dll,LaunchINFSection c:\\WINDOWS\\INF\\wmp10.inf,PerUserStub
.
Contents of the 'Scheduled Tasks' folder

2009-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-25 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2005-04-20 01:38]

2009-02-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 08:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = 127.0.0.1:81
uInternet Settings,ProxyOverride = local;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Numinus\Application Data\Mozilla\Firefox\Profiles\oaxbphx5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{ad55c869-668e-457c-b270-0cfb2f61116f}\components\FFAlert.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 15:45:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\Ati2evxx.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
Completion time: 2009-02-19 15:48:17
ComboFix-quarantined-files.txt 2009-02-19 20:48:03
ComboFix2.txt 2009-01-19 04:38:25

Pre-Run: 5,632,008,192 bytes free
Post-Run: 5,621,710,848 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

606 --- E O F --- 2009-02-11 02:57:18

#8 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 28 February 2009 - 09:59 AM

WOW, I didn't see this reply, sorry for the delay.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#9 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:36 PM

Posted 16 March 2009 - 12:14 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users