Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis Log - W32/Cryptor and more


  • This topic is locked This topic is locked
24 replies to this topic

#1 snoper

snoper

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 02 April 2009 - 08:55 AM

AVG reports W32/Cryyptor. I have been unable to remove the delete the DLL (c:\windows\system32\hfzoejv.dll) in safe mode or on reboot. I am also attaching a DDS log

Attached is the HiJackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:00 AM, on 4/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
c:\program files\common files\mozilla shared\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousManager.exe
C:\Program Files\Trend Micro\HijackThis\Fix.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: CDelHotkeys Object - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O2 - BHO: (no name) - {AD43173C-763B-4061-B948-3DE0FA0F0127} - c:\windows\system32\hfzoejv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\WINDOWS\system32\shdocvw.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/28.30/uploader2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193194115265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1193194105421
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://www.creative.com/su/ocx/15023/CTPID.cab
O20 - Winlogon Notify: hpghulnk - C:\WINDOWS\SYSTEM32\hfzoejv.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

--
End of file - 9295 bytes

Attached Files

  • Attached File  DDS.txt   17.43KB   4 downloads


BC AdBot (Login to Remove)

 


#2 snoper

snoper
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 02 April 2009 - 09:01 AM

DDS Log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Nagendra at 6:49:33.26 on Thu 04/02/2009
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.758.129 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousManager.exe
C:\Program Files\Trend Micro\HijackThis\Fix.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\mozilla shared\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nagendra\Desktop\AV\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet

explorer\DeliciousExtension.dll
BHO: : {ad43173c-763b-4061-b948-3de0fa0f0127} - c:\windows\system32\hfzoejv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet

explorer\DeliciousExtension.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet

explorer\DeliciousExtension.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TpShocks] TpShocks.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for

internet explorer\DeliciousExtension.dll
IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for

internet explorer\DeliciousExtension.dll
IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for

internet explorer\DeliciousExtension.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3}
Trusted Zone: ml.com\www.benefits
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -

hxxp://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15015/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} -

hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/28.30/uploader2.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193194115265
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193194105421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15023/CTPID.cab
Notify: hpghulnk - hfzoejv.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina ACGina psqlpwd ACGina c:\program files\thinkvantage fingerprint

software\psqlpwd.dll ACGina uihodax.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nagendra\applic~1\mozilla\firefox\profiles\8r08mkso.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\nagendra\application

data\mozilla\firefox\profiles\8r08mkso.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\nagendra\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

============= SERVICES / DRIVERS ===============

R0 noittukv;noittukv;c:\windows\system32\drivers\noittukv.sys [1980-1-1 23424]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-6-10 116264]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-6-10 19496]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-7-19 14848]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-7-19 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2005-7-19 4224]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2005-7-19 4442]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 fcqwhxik;IP in IP Tunnel Monitor;c:\windows\system32\svchost.exe -k netsvcs [1980-1-1 14336]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-2-21 53248]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys

[2008-11-21 12560]
R2 SSIPDDP;SSIPDDP;c:\windows\system32\drivers\SSIPDDP.SYS [2005-11-23 54272]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe

[2008-5-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9

360448]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-7-19 6528]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 37312]
S1 SAVRT;SAVRT;- --> - [?]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;c:\windows\system32\drivers\Awrtpd.sys [2008-4-29 12960]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-6-28 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-6-28 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-6-28 42112]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090328.003\naveng.sys [2009-3-28 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090328.003\navex15.sys [2009-3-28 876144]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [2005-4-21 14336]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-6-2 611664]
S4 ccEvtMgr;Symantec Event Manager;- --> - [?]

=============== Created Last 30 ================

2009-04-02 06:40 <DIR> --d----- c:\docume~1\nagendra\applic~1\mbobkqlu
2009-03-31 06:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-03-29 18:35 <DIR> --d----- c:\program files\CleanUp!
2009-03-29 18:27 <DIR> --d----- c:\program files\AVG
2009-03-29 18:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-29 14:56 <DIR> --d----- c:\docume~1\nagendra\applic~1\STOPzilla!
2009-03-29 14:55 <DIR> --d----- c:\program files\STOPzilla!
2009-03-29 14:48 <DIR> --d----- c:\program files\uTorrent
2009-03-29 14:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-03-29 14:11 <DIR> --d----- c:\program files\common files\iS3
2009-03-29 14:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-03-27 07:56 <DIR> --d----- c:\program files\Microsoft Common
2009-03-25 23:40 110,592 a------- c:\windows\system32\SynTPCo4.dll
2009-03-23 22:45 <DIR> --d----- c:\documents and settings\nagendra\.housecall6.6
2009-03-23 22:15 <DIR> --d----- c:\program files\Trend Micro
2009-03-23 06:30 <DIR> --d----- c:\docume~1\nagendra\applic~1\Avaya
2009-03-21 06:54 <DIR> --d----- c:\program files\Lavasoft
2009-03-15 21:08 45,056 a------- c:\windows\system32\wnaspi32.dll
2009-03-15 21:08 25,244 a------- c:\windows\system32\drivers\aspi32.sys
2009-03-15 21:08 5,600 a------- c:\windows\system\winaspi.dll
2009-03-15 21:08 4,672 a------- c:\windows\system\wowpost.exe
2009-03-15 21:08 203,776 a------- c:\windows\system32\clrviddc.dll
2009-03-15 21:04 <DIR> --d----- c:\program files\common files\xing shared
2009-03-11 08:10 <DIR> --d----- c:\docume~1\nagendra\applic~1\Windows Search
2009-03-04 22:07 1,692,984 a------- c:\windows\system32\cspcore.dll
2009-03-04 22:07 955,704 a------- c:\windows\system32\cssuserdatadispatcher.dll
2009-03-04 21:57 734,520 a------- c:\windows\system32\tcsrpc.dll
2009-03-04 21:57 427,320 a------- c:\windows\system32\tvttsp.dll

==================== Find3M ====================

2009-03-15 21:04 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-01 15:50 33,536 a------- c:\windows\system32\drivers\tvtfilter.sys
2009-02-23 22:19 30,144 a------- c:\windows\system32\drivers\psadd.sys
2009-02-21 16:06 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-15 03:17 636,264 a------- c:\windows\system32\dllcache\iexplore.exe
2009-01-15 03:17 392,040 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 03:13 5,888,512 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-15 03:12 10,963,968 a------- c:\windows\system32\dllcache\ieframe.dll
2009-01-15 03:06 1,182,720 a------- c:\windows\system32\dllcache\urlmon.dll
2009-01-15 03:06 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-01-15 03:06 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-01-15 03:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 03:05 911,872 a------- c:\windows\system32\dllcache\wininet.dll
2009-01-15 03:05 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-01-15 03:05 109,056 a------- c:\windows\system32\dllcache\occache.dll
2009-01-15 03:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 03:05 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-01-15 03:04 755,200 a------- c:\windows\system32\dllcache\VGX.dll
2009-01-15 03:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 03:04 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-01-15 03:04 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-01-15 03:02 1,975,296 a------- c:\windows\system32\dllcache\iertutil.dll
2009-01-15 03:02 593,920 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-15 03:02 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-01-15 03:01 183,808 a------- c:\windows\system32\dllcache\iepeers.dll
2009-01-15 03:01 59,904 a------- c:\windows\system32\dllcache\icardie.dll
2009-01-15 03:01 54,272 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-15 03:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 03:01 34,304 a------- c:\windows\system32\dllcache\imgutil.dll
2009-01-15 03:01 348,160 a------- c:\windows\system32\dllcache\dxtmsft.dll
2009-01-15 03:01 46,592 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-01-15 03:01 216,064 a------- c:\windows\system32\dllcache\dxtrans.dll
2009-01-15 03:01 66,560 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-01-15 03:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 03:00 48,128 a------- c:\windows\system32\dllcache\mshtmler.dll
2009-01-15 03:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 03:00 45,568 a------- c:\windows\system32\dllcache\mshta.exe
2009-01-15 02:53 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-01-15 02:50 156,160 a------- c:\windows\system32\msls31.dll
2009-01-15 02:50 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-01-15 02:35 445,440 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-13 19:27 30 a------- C:\deleteprefetch.bat
2009-01-10 22:00 79,360 -------- c:\windows\system32\dllcache\iecompat.dll
2008-11-09 17:52 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2008-11-09 17:52 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT

============= FINISH: 6:51:01.56 ===============

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:06 AM

Posted 02 April 2009 - 05:27 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 snoper

snoper
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 03 April 2009 - 10:55 AM

Hi Sam,
Thanks for the quick response. I was able to get the log from OTListIt2 however everytime I run GMER I get a blue screen in the middle of the san. I have tried 5 times so far. Let me know what I should do to avoid this.

Attached is the log for OTListIt2 :
OTListIt2.txt

OTListIt logfile created on: 4/3/2009 6:59:44 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.9.1 Folder = C:\Documents and Settings\Nagendra\Desktop\AV
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.36 Mb Total Physical Memory | 266.77 Mb Available Physical Memory | 35.18% Memory free
1.81 Gb Paging File | 1.13 Gb Available in Paging File | 62.68% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.29 Gb Total Space | 7.08 Gb Free Space | 21.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: Nagendra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/09/29 11:17:54 | 00,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2008/08/20 17:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2009/01/20 18:38:36 | 00,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2008/08/20 17:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 17:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2002/09/20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2008/05/14 17:25:12 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/05/14 17:32:28 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/05/14 17:42:30 | 01,155,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/10/09 18:05:16 | 00,360,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2008/11/21 11:56:20 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2008/10/20 11:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\program files\lenovo\system update\suservice.exe
PRC - [2009/01/20 18:38:48 | 00,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008/04/13 17:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/01/20 18:31:08 | 00,159,744 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009/01/20 18:36:48 | 00,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2008/10/08 02:38:00 | 00,256,576 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2008/08/01 16:29:02 | 00,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2008/10/06 11:06:48 | 01,323,008 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/10/06 11:14:18 | 00,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/01/20 18:39:48 | 00,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/01/15 03:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/01/15 03:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/10 06:03:44 | 00,685,296 | ---- | M] (Yahoo!) -- C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousManager.exe
PRC - [2008/04/13 17:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\taskmgr.exe
PRC - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2009/01/15 03:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/04/03 06:57:59 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nagendra\Desktop\AV\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/06/02 12:26:46 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Disabled | Stopped])
SRV - [2009/01/20 18:38:36 | 00,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])
SRV - [2009/01/20 18:38:48 | 00,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])
SRV - [2008/07/19 09:22:42 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [Disabled | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - File not found -- -- (ccEvtMgr [Disabled | Stopped])
SRV - [2005/04/08 15:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Disabled | Stopped])
SRV - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/08/20 17:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2004/08/04 05:00:00 | 00,104,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hfzoejv.dll -- (fcqwhxik [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/09/29 11:17:54 | 00,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/13 17:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/02/21 16:06:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Disabled | Stopped])
SRV - [2004/08/04 05:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Disabled | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
SRV - [2008/11/21 11:56:20 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service [Auto | Running])
SRV - [2008/08/20 17:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2008/08/20 17:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])
SRV - File not found -- -- (SNDSrvc [Disabled | Stopped])
SRV - [2002/09/20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2008/10/20 11:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\program files\lenovo\system update\suservice.exe -- (SUService [Auto | Running])
SRV - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2009/03/04 21:54:34 | 00,750,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Disabled | Stopped])
SRV - [2008/06/10 16:39:52 | 00,039,976 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.exe -- (TPHDEXLGSVC [Disabled | Stopped])
SRV - [2006/06/29 22:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSVC.exe -- (TpKmpSVC [Disabled | Stopped])
SRV - [2009/03/04 21:57:08 | 00,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService [Disabled | Stopped])
SRV - [2008/05/14 17:25:12 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service [Auto | Running])
SRV - [2008/05/14 17:32:28 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Running])
SRV - [2008/05/14 17:42:30 | 01,155,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
SRV - [2008/10/09 18:05:16 | 00,360,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 12:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
DRV - [2008/04/29 11:20:00 | 00,015,648 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter [On_Demand | Stopped])
DRV - [2008/04/29 11:19:50 | 00,012,960 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\AWRTPD.sys -- (Ad-Watch Real-Time Scanner [On_Demand | Stopped])
DRV - [2004/05/17 09:23:48 | 00,133,200 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/09/28 17:07:02 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\drivers\ANC.SYS -- (ANC [System | Running])
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [1999/09/10 04:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2007/05/02 11:34:32 | 00,161,792 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [On_Demand | Stopped])
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/10/06 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/10/06 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/10/06 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (drvmcdb [Boot | Running])
DRV - [2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (drvnddm [Auto | Running])
DRV - [2004/03/24 20:21:30 | 00,006,689 | ---- | M] (Dallas Semiconductor MAXIM) -- C:\WINDOWS\SYSTEM32\drivers\DS1410D.SYS -- (DS1410D [Auto | Running])
DRV - [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/02/25 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2007/03/01 22:00:14 | 00,011,712 | ---- | M] (IBM Corporation) -- C:\WINDOWS\SYSTEM32\EGATHDRV.SYS -- (EGATHDRV [Auto | Running])
DRV - [2005/10/18 17:52:38 | 00,242,304 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2005/10/18 17:53:24 | 00,998,656 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/09/15 11:16:48 | 01,173,468 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2008/09/29 11:17:16 | 00,023,848 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])
DRV - [2008/05/12 20:22:04 | 00,004,224 | ---- | M] () -- C:\WINDOWS\system32\Drivers\IBMBLDID.sys -- (IBMTPCHK [System | Running])
DRV - [2005/05/16 02:30:00 | 00,016,000 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
DRV - [2005/10/05 17:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/11/02 15:36:10 | 00,018,176 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motccgp.sys -- (motccgp [On_Demand | Stopped])
DRV - [2007/01/22 19:33:00 | 00,007,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motccgpfl.sys -- (motccgpfl [On_Demand | Stopped])
DRV - [2007/10/10 17:41:50 | 00,042,112 | ---- | M] (Motorola Inc) -- C:\WINDOWS\system32\DRIVERS\motodrv.sys -- (MotDev [On_Demand | Stopped])
DRV - [2007/06/18 15:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2009/02/20 02:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090328.003\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/02/20 02:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090328.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,023,424 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\noittukv.sys -- (noittukv [Boot | Running])
DRV - [2008/04/13 11:54:36 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Running])
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2001/05/31 09:44:54 | 00,012,270 | ---- | M] (Palm, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2000/05/31 20:29:54 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS -- (PMEM [Auto | Running])
DRV - [2004/05/19 13:41:26 | 00,013,757 | ---- | M] (National Semiconductor Corp.) -- C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys -- (portio [On_Demand | Stopped])
DRV - [2009/02/23 22:19:33 | 00,030,144 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\DRIVERS\psadd.sys -- (psadd [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/05/20 22:32:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2008/08/04 12:32:26 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2005/02/04 20:14:32 | 00,053,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002/12/17 06:41:10 | 00,076,288 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel [Auto | Running])
DRV - [2008/06/10 16:39:52 | 00,116,264 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf [Boot | Running])
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2006/10/02 02:55:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Smapint.sys -- (Smapint [System | Running])
DRV - [2008/11/21 01:11:46 | 00,012,560 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp2 [Auto | Running])
DRV - [2005/02/10 16:31:34 | 00,260,224 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2002/12/17 06:41:10 | 00,026,120 | R--- | M] (Rainbow Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS -- (Sntnlusb [On_Demand | Stopped])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2005/03/30 21:48:20 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
DRV - [2005/11/23 10:56:54 | 00,054,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\SSIPDDP.SYS -- (SSIPDDP [Auto | Running])
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2005/04/01 20:36:04 | 00,123,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [Disabled | Running])
DRV - [2005/04/05 11:17:00 | 00,017,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])
DRV - [2005/04/05 11:17:02 | 00,267,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys -- (SYMTDI [Disabled | Stopped])
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008/10/06 10:47:36 | 00,225,696 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/08/08 04:10:46 | 00,050,704 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\System32\Drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
DRV - [2006/10/02 02:55:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS -- (TDSMAPI [System | Running])
DRV - [2008/06/10 16:39:52 | 00,019,496 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN [Boot | Running])
DRV - [2006/09/26 15:13:00 | 00,014,848 | ---- | M] (Lenovo, Ltd. and IBM Corporation) -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM [Boot | Running])
DRV - [2005/07/05 15:57:06 | 00,017,699 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV [System | Running])
DRV - [2006/09/26 15:13:00 | 00,006,528 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\System32\DRIVERS\TPInput.sys -- (TPInput [On_Demand | Running])
DRV - [2005/10/09 21:35:28 | 00,017,792 | ---- | M] (Winbond Electronics Corp.) -- C:\WINDOWS\system32\DRIVERS\tpm.sys -- (TPM [On_Demand | Running])
DRV - [2005/04/21 16:44:54 | 00,014,336 | ---- | M] (National Semiconductor Corp.) -- C:\WINDOWS\system32\DRIVERS\nsctpm11.sys -- (TPM11 [On_Demand | Stopped])
DRV - [2004/11/30 17:38:24 | 00,004,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\Tppwrif.sys -- (TPPWRIF [System | Running])
DRV - [2007/03/09 03:57:02 | 00,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS -- (TSMAPIP [System | Running])
DRV - [2009/03/01 15:50:43 | 00,033,536 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\DRIVERS\tvtfilter.sys -- (tvtfilter [Auto | Running])
DRV - [2008/02/22 16:54:40 | 00,037,312 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\DRIVERS\Tvti2c.sys -- (TVTI2C [On_Demand | Running])
DRV - [2008/07/11 11:48:00 | 00,046,144 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\DRIVERS\tvtumon.sys -- (tvtumon [System | Running])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/01/07 14:36:16 | 02,216,064 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2005/10/18 17:52:30 | 00,721,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\S-1-5-21-1384193946-1213119400-3037156660-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\S-1-5-21-1384193946-1213119400-3037156660-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.9.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:1.3.9
FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.18.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.1.0.2
FF - prefs.js..extensions.enabledItems: firefox-extension@shareaholic.com:1.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/30 05:32:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/30 05:32:28 | 00,000,000 | ---D | M]

[2009/02/21 17:50:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Extensions
[2009/02/21 17:50:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/30 05:43:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions
[2009/03/15 12:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/03/16 21:07:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/03/05 06:14:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/02/21 18:06:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
[2009/03/05 06:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\firefox@ghostery.com
[2009/02/21 18:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\firefox-extension@shareaholic.com
[2009/02/21 18:11:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\piclens@cooliris.com
[2009/02/21 18:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\firefox-extension@shareaholic.com
[2009/02/21 18:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\firefox-extension@shareaholic.com\chrome
[2009/02/21 18:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\firefox-extension@shareaholic.com\defaults
[2009/02/21 17:49:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/30 05:32:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/30 05:32:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/30 05:32:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/19 16:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 16:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 16:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 16:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 16:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 16:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 16:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CDelHotkeys Object) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O2 - BHO: () - {AD43173C-763B-4061-B948-3DE0FA0F0127} - c:\windows\system32\hfzoejv.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\..\Toolbar\WebBrowser: (no name) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)
O4 - HKLM..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TpShocks] TpShocks.exe (Lenovo.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\..Trusted Domains: ml.com ([www.benefits] https in Trusted sites)
O15 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/d/c.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15015/CTSUEng.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/28.30/uploader2.cab (UploadListView Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1193194115265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1193194105421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/...all-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15023/CTPID.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\OrCAD\OrCAD_10.0\tools\Capture\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\OrCAD\OrCAD_10.0\tools\Capture\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\system32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\hpghulnk: DllName - hfzoejv.dll - C:\WINDOWS\system32\hfzoejv.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/27 04:31:46 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/04/02 06:40:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Local Settings\Application Data\mbobkqlu
[2009/04/02 06:40:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Application Data\mbobkqlu
[2009/04/01 07:03:20 | 79,526,7072 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/31 19:49:00 | 02,348,416 | ---- | C] () -- C:\Documents and Settings\Nagendra\Desktop\FixDwndp.exe
[2009/03/31 19:34:23 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/03/31 06:58:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/03/29 21:06:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Local Settings\Application Data\{028B02B0-8BEA-4BEF-94B8-56F75FC9FFDC}
[2009/03/29 20:29:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Local Settings\Application Data\Help
[2009/03/29 20:29:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Application Data\Help
[2009/03/29 18:35:19 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/03/29 18:27:15 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/29 18:27:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/29 14:56:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Application Data\STOPzilla!
[2009/03/29 14:55:47 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009/03/29 14:48:56 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/03/29 14:17:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/03/29 14:11:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/03/29 14:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/03/29 14:09:28 | 00,292,352 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Nagendra\Desktop\STOPzilla_Setup.exe
[2009/03/28 17:11:20 | 00,055,296 | ---- | C] () -- C:\Documents and Settings\Nagendra\Desktop\MC8366-B0-Spur.doc
[2009/03/27 20:20:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/03/27 07:56:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Common
[2009/03/25 23:40:21 | 00,110,592 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo4.dll
[2009/03/23 22:15:55 | 00,001,704 | ---- | C] () -- C:\Documents and Settings\Nagendra\Desktop\HijackThis.lnk
[2009/03/23 22:15:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/23 06:30:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Application Data\Avaya
[2009/03/21 06:54:27 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2009/03/21 06:54:27 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/21 06:54:09 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/20 21:30:55 | 00,160,454 | ---- | C] () -- C:\Documents and Settings\Nagendra\My Documents\ap-5112-rvr-mar20.zip
[2009/03/18 07:13:50 | 00,000,436 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2009/03/15 21:08:59 | 00,045,056 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\wnaspi32.dll
[2009/03/15 21:08:59 | 00,025,244 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys
[2009/03/15 21:08:59 | 00,005,600 | ---- | C] (Adaptec) -- C:\WINDOWS\System\winaspi.dll
[2009/03/15 21:08:59 | 00,004,672 | ---- | C] (Adaptec) -- C:\WINDOWS\System\wowpost.exe
[2009/03/15 21:08:56 | 00,203,776 | ---- | C] (Iterated Systems, Inc.) -- C:\WINDOWS\System32\clrviddc.dll
[2009/03/15 21:04:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/03/13 22:02:39 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Nagendra\My Documents\Hindi Movie Songs lyrics.doc
[2009/03/12 21:17:57 | 01,911,218 | ---- | C] () -- C:\Documents and Settings\Nagendra\Desktop\Scan_0041.JPG
[2009/03/11 08:10:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Application Data\Windows Search
[2009/03/10 21:23:50 | 00,011,749 | ---- | C] () -- C:\Documents and Settings\Nagendra\Desktop\EmiratesOnlineCheck-in1.PDF
[2009/03/08 13:33:12 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Nagendra\My Documents\Default.rdp

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/04/03 07:00:00 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{01FF64D2-A3F8-4736-AC1C-059A560A0713}.job
[2009/04/03 06:44:54 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2009/04/03 06:40:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/03 06:40:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/03 06:39:57 | 79,526,7072 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/02 07:18:47 | 00,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1384193946-1213119400-3037156660-1005.job
[2009/04/01 07:42:24 | 00,001,421 | ---- | M] () -- C:\Documents and Settings\Nagendra\Desktop\Malwarebytes.Anti-Malware.v1.35 [mininova].torrent
[2009/04/01 00:00:02 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2009/03/31 19:49:00 | 02,348,416 | ---- | M] () -- C:\Documents and Settings\Nagendra\Desktop\FixDwndp.exe
[2009/03/30 20:07:07 | 00,000,664 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/30 20:07:07 | 00,000,274 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/30 20:07:07 | 00,000,194 | RHS- | M] () -- C:\BOOT.INI
[2009/03/29 17:34:33 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/29 14:09:37 | 00,292,352 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Nagendra\Desktop\STOPzilla_Setup.exe
[2009/03/29 12:51:55 | 00,000,401 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/29 12:47:12 | 00,001,704 | ---- | M] () -- C:\Documents and Settings\Nagendra\Desktop\HijackThis.lnk
[2009/03/29 08:04:33 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/28 17:11:23 | 00,055,296 | ---- | M] () -- C:\Documents and Settings\Nagendra\Desktop\MC8366-B0-Spur.doc
[2009/03/26 06:56:37 | 00,002,280 | ---- | M] () -- C:\Documents and Settings\Nagendra\Desktop\Google Chrome.lnk
[2009/03/23 06:26:12 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\Nagendra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/23 02:41:00 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2009/03/21 06:54:27 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2009/03/21 06:54:27 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/21 06:45:22 | 01,615,732 | ---- | M] () -- C:\Documents and Settings\Nagendra\My Documents\ProcessExplorer.zip
[2009/03/20 21:30:57 | 00,160,454 | ---- | M] () -- C:\Documents and Settings\Nagendra\My Documents\ap-5112-rvr-mar20.zip
[2009/03/18 07:09:11 | 00,000,188 | ---- | M] () -- C:\WINDOWS\x
[2009/03/15 21:08:56 | 00,203,776 | ---- | M] (Iterated Systems, Inc.) -- C:\WINDOWS\System32\clrviddc.dll
[2009/03/15 21:04:11 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2009/03/15 21:04:11 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/03/14 06:35:18 | 00,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/14 06:35:18 | 00,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/13 22:16:54 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Nagendra\My Documents\Hindi Movie Songs lyrics.doc
[2009/03/12 21:18:03 | 01,911,218 | ---- | M] () -- C:\Documents and Settings\Nagendra\Desktop\Scan_0041.JPG
[2009/03/11 03:10:03 | 00,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/10 21:23:52 | 00,011,749 | ---- | M] () -- C:\Documents and Settings\Nagendra\Desktop\EmiratesOnlineCheck-in1.PDF
[2009/03/09 21:22:09 | 00,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2009/03/09 18:40:40 | 00,554,992 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 13:33:12 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Nagendra\My Documents\Default.rdp
< End of report >

Extras.txt

OTListIt Extras logfile created on: 4/3/2009 6:59:44 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.9.1 Folder = C:\Documents and Settings\Nagendra\Desktop\AV
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.36 Mb Total Physical Memory | 266.77 Mb Available Physical Memory | 35.18% Memory free
1.81 Gb Paging File | 1.13 Gb Available in Paging File | 62.68% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.29 Gb Total Space | 7.08 Gb Free Space | 21.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: Nagendra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"80:TCP" = 80:TCP:*:Enabled:dll32
"7171:TCP" = 7171:TCP:*:Enabled:dll32

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2003/01/27 13:57:04 | 00,036,864 | ---- | M] () -- C:\OrCAD\OrCAD_10.0\tools\bin\cdsNameServer.exe:*:Enabled:cdsNameServer
[2003/01/27 13:58:38 | 00,024,576 | ---- | M] () -- C:\OrCAD\OrCAD_10.0\tools\bin\cdsMsgServer.exe:*:Enabled:cdsMsgServer
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2005/11/10 12:27:16 | 00,049,250 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
[2009/01/15 03:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/11/26 00:34:38 | 01,888,256 | ---- | M] (www.sopcast.com) -- C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast
[2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/03/30 13:34:08 | 25,263,144 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath
[2007/11/20 00:30:34 | 00,567,384 | ---- | M] (www.sopcast.com) -- C:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver
[2009/03/29 14:48:56 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = ThinkPad SATA Power Management Driver
"{0ADC98E8-BDD7-42F7-AC15-093C1B54CDAE}" = Macrovision FLEXid Drivers
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{1742237A-0E60-40A1-9B5C-824450FCBD59}" = FLEXid8 Driver
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1D253515-7FE6-4EBA-A0D9-FB8AACEBFDEF}" = Bommarillu
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{43F7B024-C08A-4E78-848D-D65AA9D05478}" = TD AMERITRADE StrategyDesk 2.3
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel® PROSet/Wireless WiFi Software
"{5A633ED0-E5D7-4D65-AB8D-53ED43510284}" = Symantec AntiVirus
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4121C0A-438D-426D-986F-4E14BBBAB2A3}" = MGC Visual Studio 7 Runtime
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = Palm Desktop
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D634DB3B-654C-4FC5-83CC-64600B06841B}" = PADS2005 SPac1
"{DB6D0A87-77BA-4083-85D1-D07604B3FAD7}" = CLIE MS SCSI Driver
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}" = Garmin POI Loader
"{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}" = Sansa Updater
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{F445476A-42DE-11D4-80D0-00C04F2750A6}" = Epocrates Essentials
"{F6A3CF9D-A775-41F6-AA22-68EF52893339}" = Release OrCAD 10.0
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"Creative File Manager" = NOMAD Explorer
"Creative Jukebox Driver" = Creative Jukebox Driver
"CutePDF Writer Installation" = CutePDF Writer 2.5
"Delicious Add-on for Internet Explorer" = Delicious Add-on for Internet Explorer
"ffdshow" = ffdshow
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"InstallShield_{D634DB3B-654C-4FC5-83CC-64600B06841B}" = PADS2005 SPac1
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"MentorGraphicsJI" = Mentor Graphics Products
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor for Windows" = Lenovo System Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"ProInst" = Intel PROSet Wireless
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer
"Registry Fix_is1" = RegistryFix v7.0
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"Skype_is1" = Skype 3.1
"SpeedUpMyPC_is1" = Uniblue SpeedUpMyPC 3
"SpyEraser_is1" = Uniblue SpyEraser
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Tournament Bracket Builder_is1" = Tournament Bracket Builder 1.2
"TPKBDLED" = Scroll Lock Indicator Utility
"VLC media player" = VideoLAN VLC media player 0.8.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"x264 Revision 564 x264.nl" = x264 Revision 564 x264.nl (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1384193946-1213119400-3037156660-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/1/2009 9:34:36 AM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18372, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000100c8.

Error - 4/1/2009 9:35:02 AM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18372, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000100c8.

Error - 4/1/2009 9:35:22 AM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18372, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000100c8.

Error - 4/1/2009 9:35:40 AM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18372, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000100c8.

Error - 4/1/2009 9:35:59 AM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18372, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000100c8.

Error - 4/1/2009 9:36:29 AM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18372, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000100c8.

Error - 4/1/2009 9:36:48 AM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18372, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000100c8.

Error - 4/1/2009 9:37:06 AM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18372, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000100c8.

Error - 4/1/2009 9:37:26 AM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18372, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000100c8.

Error - 4/1/2009 9:37:45 AM | Computer Name = FAMILY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18372, faulting
module ntdll.dll, version 5.1.2600.5512, fault address 0x000100c8.

[ System Events ]
Error - 4/2/2009 9:38:09 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SAVRT

Error - 4/2/2009 9:38:34 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%2

Error - 4/2/2009 9:38:39 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%2

Error - 4/2/2009 11:20:37 AM | Computer Name = FAMILY | Source = DCOM | ID = 10010
Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register
with DCOM within the required timeout.

Error - 4/3/2009 9:40:17 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SAVRT

Error - 4/3/2009 9:40:50 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%2

Error - 4/3/2009 9:40:57 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%2

Error - 4/3/2009 9:48:00 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7031
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.

Error - 4/3/2009 9:49:18 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%2

Error - 4/3/2009 9:50:30 AM | Computer Name = FAMILY | Source = Service Control Manager | ID = 7000
Description = The SAVRT service failed to start due to the following error: %%2


< End of report >

Regards
Snoper

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:06 AM

Posted 03 April 2009 - 03:24 PM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O2 - BHO: () - {AD43173C-763B-4061-B948-3DE0FA0F0127} - c:\windows\system32\hfzoejv.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - SITEguard - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O20 - Winlogon\Notify\hpghulnk: DllName - hfzoejv.dll - C:\WINDOWS\system32\hfzoejv.dll (Microsoft Corporation)
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

=================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 snoper

snoper
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 04 April 2009 - 09:20 AM

Ran OTList 2 again: Before and after rebook it kept telling me c:\windows\system32\hfzoejv.dll is not a valid windows image check against installation disc. Also ran mbam.

Log:
OTListIt logfile created on: 4/4/2009 7:06:44 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.9.1 Folder = C:\Documents and Settings\Nagendra\Desktop\AV
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

758.36 Mb Total Physical Memory | 355.32 Mb Available Physical Memory | 46.85% Memory free
1.81 Gb Paging File | 1.48 Gb Available in Paging File | 81.70% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.29 Gb Total Space | 7.18 Gb Free Space | 21.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILY
Current User Name: Nagendra
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/09/29 11:17:54 | 00,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2008/08/20 17:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2009/01/20 18:38:36 | 00,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2008/08/20 17:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 17:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2002/09/20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/05/14 17:25:12 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/05/14 17:32:28 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/05/14 17:42:30 | 01,155,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/10/09 18:05:16 | 00,360,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2008/11/21 11:56:20 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2008/10/20 11:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\program files\lenovo\system update\suservice.exe
PRC - [2009/01/20 18:38:48 | 00,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008/04/13 17:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/13 17:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/04/03 06:57:59 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nagendra\Desktop\AV\OTListIt2.exe
PRC - [2009/01/20 18:39:48 | 00,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/06/02 12:26:46 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Disabled | Stopped])
SRV - [2009/01/20 18:38:36 | 00,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])
SRV - [2009/01/20 18:38:48 | 00,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])
SRV - [2008/07/19 09:22:42 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [Disabled | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - File not found -- -- (ccEvtMgr [Disabled | Stopped])
SRV - [2005/04/08 15:54:50 | 00,083,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2005/04/08 15:54:52 | 00,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Disabled | Stopped])
SRV - [2005/04/17 12:30:32 | 00,019,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/08/20 17:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2004/08/04 05:00:00 | 00,104,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hfzoejv.dll -- (fcqwhxik [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/09/29 11:17:54 | 00,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/13 17:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2009/02/21 16:06:42 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Disabled | Stopped])
SRV - [2004/08/04 05:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Disabled | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [Disabled | Stopped])
SRV - [2008/11/21 11:56:20 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service [Auto | Running])
SRV - [2008/08/20 17:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2008/08/20 17:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2005/04/17 12:30:42 | 00,124,608 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])
SRV - File not found -- -- (SNDSrvc [Disabled | Stopped])
SRV - [2002/09/20 14:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2005/03/30 21:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2008/10/20 11:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\program files\lenovo\system update\suservice.exe -- (SUService [Auto | Running])
SRV - [2005/04/17 12:30:40 | 01,706,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2009/03/04 21:54:34 | 00,750,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Disabled | Stopped])
SRV - [2008/06/10 16:39:52 | 00,039,976 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.exe -- (TPHDEXLGSVC [Disabled | Stopped])
SRV - [2006/06/29 22:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSVC.exe -- (TpKmpSVC [Disabled | Stopped])
SRV - [2009/03/04 21:57:08 | 00,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService [Disabled | Stopped])
SRV - [2008/05/14 17:25:12 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service [Auto | Running])
SRV - [2008/05/14 17:32:28 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Running])
SRV - [2008/05/14 17:42:30 | 01,155,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
SRV - [2008/10/09 18:05:16 | 00,360,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 12:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
DRV - [2008/04/29 11:20:00 | 00,015,648 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter [On_Demand | Stopped])
DRV - [2008/04/29 11:19:50 | 00,012,960 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\AWRTPD.sys -- (Ad-Watch Real-Time Scanner [On_Demand | Stopped])
DRV - [2004/05/17 09:23:48 | 00,133,200 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/09/28 17:07:02 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\System32\drivers\ANC.SYS -- (ANC [System | Running])
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [1999/09/10 04:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2007/05/02 11:34:32 | 00,161,792 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [On_Demand | Stopped])
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2005/10/06 06:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 13:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/10/06 06:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 13:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/10/06 06:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/10/06 06:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2005/09/12 04:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (drvmcdb [Boot | Running])
DRV - [2005/08/12 06:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (drvnddm [Auto | Running])
DRV - [2004/03/24 20:21:30 | 00,006,689 | ---- | M] (Dallas Semiconductor MAXIM) -- C:\WINDOWS\SYSTEM32\drivers\DS1410D.SYS -- (DS1410D [Auto | Running])
DRV - [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/02/25 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2007/03/01 22:00:14 | 00,011,712 | ---- | M] (IBM Corporation) -- C:\WINDOWS\SYSTEM32\EGATHDRV.SYS -- (EGATHDRV [Auto | Running])
DRV - [2005/10/18 17:52:38 | 00,242,304 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2005/10/18 17:53:24 | 00,998,656 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/09/15 11:16:48 | 01,173,468 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2008/09/29 11:17:16 | 00,023,848 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])
DRV - [2008/05/12 20:22:04 | 00,004,224 | ---- | M] () -- C:\WINDOWS\system32\Drivers\IBMBLDID.sys -- (IBMTPCHK [System | Running])
DRV - [2005/05/16 02:30:00 | 00,016,000 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\ctpdusb.sys -- (Jukebox3 [On_Demand | Stopped])
DRV - [2005/10/05 17:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2007/11/02 15:36:10 | 00,018,176 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motccgp.sys -- (motccgp [On_Demand | Stopped])
DRV - [2007/01/22 19:33:00 | 00,007,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motccgpfl.sys -- (motccgpfl [On_Demand | Stopped])
DRV - [2007/10/10 17:41:50 | 00,042,112 | ---- | M] (Motorola Inc) -- C:\WINDOWS\system32\DRIVERS\motodrv.sys -- (MotDev [On_Demand | Stopped])
DRV - [2007/06/18 15:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2009/02/20 02:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090328.003\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/02/20 02:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090328.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,023,424 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\noittukv.sys -- (noittukv [Boot | Running])
DRV - [2008/04/13 11:54:36 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Running])
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2001/05/31 09:44:54 | 00,012,270 | ---- | M] (Palm, Inc.) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD [On_Demand | Stopped])
DRV - [2000/05/31 20:29:54 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS -- (PMEM [Auto | Running])
DRV - [2004/05/19 13:41:26 | 00,013,757 | ---- | M] (National Semiconductor Corp.) -- C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys -- (portio [On_Demand | Stopped])
DRV - [2009/02/23 22:19:33 | 00,030,144 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\DRIVERS\psadd.sys -- (psadd [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/05/20 22:32:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2008/08/04 12:32:26 | 00,011,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2005/02/04 20:14:32 | 00,053,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2002/12/17 06:41:10 | 00,076,288 | ---- | M] (Rainbow Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel [Auto | Running])
DRV - [2008/06/10 16:39:52 | 00,116,264 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf [Boot | Running])
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2006/10/02 02:55:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Smapint.sys -- (Smapint [System | Running])
DRV - [2008/11/21 01:11:46 | 00,012,560 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp2 [Auto | Running])
DRV - [2005/02/10 16:31:34 | 00,260,224 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2002/12/17 06:41:10 | 00,026,120 | R--- | M] (Rainbow Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS -- (Sntnlusb [On_Demand | Stopped])
DRV - [2001/08/17 14:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2005/03/30 21:48:20 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
DRV - [2005/11/23 10:56:54 | 00,054,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\SSIPDDP.SYS -- (SSIPDDP [Auto | Running])
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2005/04/01 20:36:04 | 00,123,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [Disabled | Running])
DRV - [2005/04/05 11:17:00 | 00,017,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])
DRV - [2005/04/05 11:17:02 | 00,267,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symtdi.sys -- (SYMTDI [Disabled | Stopped])
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008/10/06 10:47:36 | 00,225,696 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/08/08 04:10:46 | 00,050,704 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\System32\Drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
DRV - [2006/10/02 02:55:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS -- (TDSMAPI [System | Running])
DRV - [2008/06/10 16:39:52 | 00,019,496 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN [Boot | Running])
DRV - [2006/09/26 15:13:00 | 00,014,848 | ---- | M] (Lenovo, Ltd. and IBM Corporation) -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM [Boot | Running])
DRV - [2005/07/05 15:57:06 | 00,017,699 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV [System | Running])
DRV - [2006/09/26 15:13:00 | 00,006,528 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\System32\DRIVERS\TPInput.sys -- (TPInput [On_Demand | Running])
DRV - [2005/10/09 21:35:28 | 00,017,792 | ---- | M] (Winbond Electronics Corp.) -- C:\WINDOWS\system32\DRIVERS\tpm.sys -- (TPM [On_Demand | Running])
DRV - [2005/04/21 16:44:54 | 00,014,336 | ---- | M] (National Semiconductor Corp.) -- C:\WINDOWS\system32\DRIVERS\nsctpm11.sys -- (TPM11 [On_Demand | Stopped])
DRV - [2004/11/30 17:38:24 | 00,004,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\Tppwrif.sys -- (TPPWRIF [System | Running])
DRV - [2007/03/09 03:57:02 | 00,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS -- (TSMAPIP [System | Running])
DRV - [2009/03/01 15:50:43 | 00,033,536 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\DRIVERS\tvtfilter.sys -- (tvtfilter [Auto | Running])
DRV - [2008/02/22 16:54:40 | 00,037,312 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\DRIVERS\Tvti2c.sys -- (TVTI2C [On_Demand | Running])
DRV - [2008/07/11 11:48:00 | 00,046,144 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\DRIVERS\tvtumon.sys -- (tvtumon [System | Running])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/01/07 14:36:16 | 02,216,064 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2005/10/18 17:52:30 | 00,721,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\S-1-5-21-1384193946-1213119400-3037156660-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\S-1-5-21-1384193946-1213119400-3037156660-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.9.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:1.3.9
FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.18.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.1.0.2
FF - prefs.js..extensions.enabledItems: firefox-extension@shareaholic.com:1.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/30 05:32:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/30 05:32:28 | 00,000,000 | ---D | M]

[2009/02/21 17:50:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Extensions
[2009/02/21 17:50:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/30 05:43:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions
[2009/03/15 12:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/03/16 21:07:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/03/05 06:14:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/02/21 18:06:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
[2009/03/05 06:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\firefox@ghostery.com
[2009/02/21 18:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\firefox-extension@shareaholic.com
[2009/02/21 18:11:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\piclens@cooliris.com
[2009/02/21 18:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\firefox-extension@shareaholic.com
[2009/02/21 18:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\firefox-extension@shareaholic.com\chrome
[2009/02/21 18:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nagendra\Application Data\mozilla\Firefox\Profiles\8r08mkso.default\extensions\firefox-extension@shareaholic.com\defaults
[2009/02/21 17:49:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/30 05:32:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/30 05:32:19 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/30 05:32:19 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/19 16:28:04 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/01/19 16:28:04 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 16:28:04 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 16:28:04 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/01/19 16:28:04 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 16:28:04 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 16:28:04 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CDelHotkeys Object) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O2 - BHO: () - {AD43173C-763B-4061-B948-3DE0FA0F0127} - c:\windows\system32\hfzoejv.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O3 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\..\Toolbar\WebBrowser: (no name) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)
O4 - HKLM..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TpShocks] TpShocks.exe (Lenovo.)
O4 - HKLM..\RunOnce: [OTListIt] C:\Documents and Settings\Nagendra\Desktop\AV\OTListIt2.exe (OldTimer Tools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\..Trusted Domains: ml.com ([www.benefits] https in Trusted sites)
O15 - HKU\S-1-5-21-1384193946-1213119400-3037156660-1005\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/d/c.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/su/ocx/15015/CTSUEng.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/28.30/uploader2.cab (UploadListView Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1193194115265 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1193194105421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/...all-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/su/ocx/15023/CTPID.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\OrCAD\OrCAD_10.0\tools\Capture\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\OrCAD\OrCAD_10.0\tools\Capture\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\system32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\hpghulnk: DllName - hfzoejv.dll - C:\WINDOWS\system32\hfzoejv.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/27 04:31:46 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/04/04 07:03:57 | 03,225,536 | -H-- | C] () -- C:\Documents and Settings\Nagendra\Local Settings\Application Data\IconCache.db
[2009/04/04 07:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Local Settings\Application Data\mbobkqlu
[2009/04/04 07:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Application Data\mbobkqlu
[2009/04/04 07:02:32 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/01 07:42:22 | 00,001,421 | ---- | C] () -- C:\Documents and Settings\Nagendra\Desktop\Malwarebytes.Anti-Malware.v1.35 [mininova].torrent
[2009/04/01 07:03:20 | 79,526,7072 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/31 19:49:00 | 02,348,416 | ---- | C] () -- C:\Documents and Settings\Nagendra\Desktop\FixDwndp.exe
[2009/03/31 19:34:23 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/03/31 06:58:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/03/29 21:06:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Local Settings\Application Data\{028B02B0-8BEA-4BEF-94B8-56F75FC9FFDC}
[2009/03/29 20:29:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Local Settings\Application Data\Help
[2009/03/29 20:29:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Application Data\Help
[2009/03/29 18:35:19 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/03/29 18:27:15 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/29 18:27:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/29 14:56:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Application Data\STOPzilla!
[2009/03/29 14:55:47 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009/03/29 14:48:56 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/03/29 14:17:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/03/29 14:11:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/03/29 14:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/03/29 14:09:28 | 00,292,352 | ---- | C] (iS3, Inc.) -- C:\Documents and Settings\Nagendra\Desktop\STOPzilla_Setup.exe
[2009/03/28 17:11:20 | 00,055,296 | ---- | C] () -- C:\Documents and Settings\Nagendra\Desktop\MC8366-B0-Spur.doc
[2009/03/27 20:20:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/03/27 07:56:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Common
[2009/03/25 23:40:21 | 00,110,592 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo4.dll
[2009/03/23 22:15:55 | 00,001,704 | ---- | C] () -- C:\Documents and Settings\Nagendra\Desktop\HijackThis.lnk
[2009/03/23 22:15:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/23 06:30:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Application Data\Avaya
[2009/03/21 06:54:27 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2009/03/21 06:54:27 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/21 06:54:09 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/20 21:30:55 | 00,160,454 | ---- | C] () -- C:\Documents and Settings\Nagendra\My Documents\ap-5112-rvr-mar20.zip
[2009/03/18 07:13:50 | 00,000,436 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2009/03/15 21:08:59 | 00,045,056 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\wnaspi32.dll
[2009/03/15 21:08:59 | 00,025,244 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys
[2009/03/15 21:08:59 | 00,005,600 | ---- | C] (Adaptec) -- C:\WINDOWS\System\winaspi.dll
[2009/03/15 21:08:59 | 00,004,672 | ---- | C] (Adaptec) -- C:\WINDOWS\System\wowpost.exe
[2009/03/15 21:08:56 | 00,203,776 | ---- | C] (Iterated Systems, Inc.) -- C:\WINDOWS\System32\clrviddc.dll
[2009/03/15 21:04:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/03/13 22:02:39 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Nagendra\My Documents\Hindi Movie Songs lyrics.doc
[2009/03/12 21:17:57 | 01,911,218 | ---- | C] () -- C:\Documents and Settings\Nagendra\Desktop\Scan_0041.JPG
[2009/03/11 08:10:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nagendra\Application Data\Windows Search
[2009/03/10 21:23:50 | 00,011,749 | ---- | C] () -- C:\Documents and Settings\Nagendra\Desktop\EmiratesOnlineCheck-in1.PDF
[2009/03/08 13:33:12 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Nagendra\My Documents\Default.rdp

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/04/04 07:05:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/04 07:05:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/04 07:05:16 | 79,526,7072 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/04 07:03:57 | 03,225,536 | -H-- | M] () -- C:\Documents and Settings\Nagendra\Local Settings\Application Data\IconCache.db
[2009/04/04 07:03:46 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2009/04/04 07:00:00 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{01FF64D2-A3F8-4736-AC1C-059A560A0713}.job
[2009/04/03 07:21:11 | 00,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1384193946-1213119400-3037156660-1005.job
[2009/04/01 07:42:24 | 00,001,421 | ---- | M] () -- C:\Documents and Settings\Nagendra\Desktop\Malwarebytes.Anti-Malware.v1.35 [mininova].torrent
[2009/04/01 00:00:02 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2009/03/31 19:49:00 | 02,348,416 | ---- | M] () -- C:\Documents and Settings\Nagendra\Desktop\FixDwndp.exe
[2009/03/30 20:07:07 | 00,000,664 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/03/30 20:07:07 | 00,000,274 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/30 20:07:07 | 00,000,194 | RHS- | M] () -- C:\BOOT.INI
[2009/03/29 17:34:33 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/29 14:09:37 | 00,292,352 | ---- | M] (iS3, Inc.) -- C:\Documents and Settings\Nagendra\Desktop\STOPzilla_Setup.exe
[2009/03/29 12:51:55 | 00,000,401 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/03/29 12:47:12 | 00,001,704 | ---- | M] () -- C:\Documents and Settings\Nagendra\Desktop\HijackThis.lnk
[2009/03/29 08:04:33 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/28 17:11:23 | 00,055,296 | ---- | M] () -- C:\Documents and Settings\Nagendra\Desktop\MC8366-B0-Spur.doc
[2009/03/26 06:56:37 | 00,002,280 | ---- | M] () -- C:\Documents and Settings\Nagendra\Desktop\Google Chrome.lnk
[2009/03/23 06:26:12 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\Nagendra\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/23 02:41:00 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2009/03/21 06:54:27 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2009/03/21 06:54:27 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/03/21 06:45:22 | 01,615,732 | ---- | M] () -- C:\Documents and Settings\Nagendra\My Documents\ProcessExplorer.zip
[2009/03/20 21:30:57 | 00,160,454 | ---- | M] () -- C:\Documents and Settings\Nagendra\My Documents\ap-5112-rvr-mar20.zip
[2009/03/18 07:09:11 | 00,000,188 | ---- | M] () -- C:\WINDOWS\x
[2009/03/15 21:08:56 | 00,203,776 | ---- | M] (Iterated Systems, Inc.) -- C:\WINDOWS\System32\clrviddc.dll
[2009/03/15 21:04:11 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2009/03/15 21:04:11 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/03/14 06:35:18 | 00,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/14 06:35:18 | 00,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/13 22:16:54 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Nagendra\My Documents\Hindi Movie Songs lyrics.doc
[2009/03/12 21:18:03 | 01,911,218 | ---- | M] () -- C:\Documents and Settings\Nagendra\Desktop\Scan_0041.JPG
[2009/03/11 03:10:03 | 00,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/10 21:23:52 | 00,011,749 | ---- | M] () -- C:\Documents and Settings\Nagendra\Desktop\EmiratesOnlineCheck-in1.PDF
[2009/03/09 21:22:09 | 00,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 7.0.lnk
[2009/03/09 18:40:40 | 00,554,992 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/08 13:33:12 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Nagendra\My Documents\Default.rdp
< End of report >

#7 snoper

snoper
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 04 April 2009 - 09:24 AM

MBAM Log:
Malwarebytes' Anti-Malware 1.35
Database version: 1939
Windows 5.1.2600 Service Pack 3

4/4/2009 7:23:22 AM
mbam-log-2009-04-04 (07-23-22).txt

Scan type: Quick Scan
Objects scanned: 78326
Time elapsed: 10 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\hfzoejv.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ad43173c-763b-4061-b948-3de0fa0f0127} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hpghulnk (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ad43173c-763b-4061-b948-3de0fa0f0127} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fcqwhxik (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fcqwhxik (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcqwhxik (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ad43173c-763b-4061-b948-3de0fa0f0127} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\hfzoejv.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jsgbdgn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\Microsoft Common\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:06 AM

Posted 04 April 2009 - 11:24 AM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 snoper

snoper
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 05 April 2009 - 09:27 AM

Attached is the ComboFix log:

ComboFix 09-04-04.01 - Nagendra 2009-04-05 7:12:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.758.314 [GMT -7:00]
Running from: c:\documents and settings\Nagendra\Desktop\AV\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 )))))))))))))))))))))))))))))))
.

2009-04-05 07:06 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-04 07:11 . 2009-04-04 07:11 <DIR> d-------- c:\documents and settings\Nagendra\Application Data\Malwarebytes
2009-04-04 07:11 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-04 07:11 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-04 07:10 . 2009-04-04 07:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-04 07:10 . 2009-04-04 07:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-04 07:03 . 2009-04-04 07:03 <DIR> d-------- c:\documents and settings\Nagendra\Application Data\mbobkqlu
2009-04-04 07:02 . 2009-04-04 07:02 <DIR> d-------- C:\_OTListIt
2009-03-31 19:34 . 2009-03-31 19:39 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-03-31 07:06 . 2009-03-31 07:06 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\mbobkqlu
2009-03-31 06:58 . 2009-03-31 06:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-03-29 18:35 . 2009-03-29 20:29 <DIR> d-------- c:\program files\CleanUp!
2009-03-29 18:27 . 2009-03-29 18:27 <DIR> d-------- c:\program files\AVG
2009-03-29 18:27 . 2009-04-01 08:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-29 14:56 . 2009-03-29 14:56 <DIR> d-------- c:\documents and settings\Nagendra\Application Data\STOPzilla!
2009-03-29 14:55 . 2009-03-29 19:48 <DIR> d-------- c:\program files\STOPzilla!
2009-03-29 14:48 . 2009-03-29 14:48 <DIR> d-------- c:\program files\uTorrent
2009-03-29 14:17 . 2009-03-29 14:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-03-29 14:11 . 2009-03-29 14:11 <DIR> d-------- c:\program files\Common Files\iS3
2009-03-29 14:11 . 2009-03-29 20:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-25 23:40 . 2008-10-06 11:26 110,592 --a------ c:\windows\system32\SynTPCo4.dll
2009-03-23 22:45 . 2009-03-23 22:45 <DIR> d-------- c:\documents and settings\Nagendra\.housecall6.6
2009-03-23 22:15 . 2009-03-23 22:15 <DIR> d-------- c:\program files\Trend Micro
2009-03-23 06:30 . 2009-03-23 06:30 <DIR> d-------- c:\documents and settings\Nagendra\Application Data\Avaya
2009-03-22 21:18 . 2009-03-29 20:35 <DIR> d--hs---- c:\documents and settings\NetworkService\PrivacIE
2009-03-22 21:18 . 2009-03-29 20:35 <DIR> d--hs---- c:\documents and settings\NetworkService\IECompatCache
2009-03-22 21:18 . 2009-03-27 21:19 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Delicious IE Extension
2009-03-22 21:17 . 2009-03-29 20:35 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-03-21 06:54 . 2009-03-21 06:54 <DIR> d-------- c:\program files\Lavasoft
2009-03-15 21:08 . 2009-03-15 21:08 203,776 --a------ c:\windows\system32\clrviddc.dll
2009-03-15 21:08 . 1999-09-10 04:06 45,056 --a------ c:\windows\system32\wnaspi32.dll
2009-03-15 21:08 . 1999-09-10 04:06 25,244 --a------ c:\windows\system32\drivers\aspi32.sys
2009-03-15 21:08 . 1999-09-10 04:06 5,600 --a------ c:\windows\system\winaspi.dll
2009-03-15 21:08 . 1999-09-10 04:06 4,672 --a------ c:\windows\system\wowpost.exe
2009-03-15 21:04 . 2009-03-15 21:04 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-11 08:10 . 2009-03-11 08:10 <DIR> d-------- c:\documents and settings\Nagendra\Application Data\Windows Search

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 14:04 --------- d-----w c:\documents and settings\Nagendra\Application Data\Delicious IE Extension
2009-04-02 13:44 --------- d-----w c:\documents and settings\Nagendra\Application Data\uTorrent
2009-03-30 03:35 --------- d-----w c:\documents and settings\Nagendra\Application Data\Azureus
2009-03-28 23:46 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-26 06:38 --------- d-----w c:\program files\Lenovo
2009-03-26 06:38 --------- d-----w c:\program files\Common Files\Lenovo
2009-03-25 03:42 --------- d-----w c:\program files\SopCast
2009-03-24 05:25 --------- d-----w c:\program files\QuickTime
2009-03-21 13:52 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-18 14:13 --------- d-----w c:\program files\PCDR5
2009-03-16 04:04 --------- d-----w c:\program files\Common Files\Real
2009-03-14 13:47 --------- d-----w c:\program files\Bommarillu
2009-03-14 13:40 --------- d-----w c:\program files\Windows Desktop Search
2009-03-01 22:50 33,536 ----a-w c:\windows\system32\drivers\tvtfilter.sys
2009-02-26 05:17 --------- d-----w c:\documents and settings\All Users\Application Data\PCDr
2009-02-26 04:45 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 05:47 --------- d-----w c:\documents and settings\Nagendra\Application Data\Lenovo
2009-02-24 05:47 --------- d-----w c:\documents and settings\All Users\Application Data\Lenovo
2009-02-24 05:19 30,144 ----a-w c:\windows\system32\drivers\psadd.sys
2009-02-24 04:17 --------- d-----w c:\program files\Delicious Add-on for Internet Explorer
2009-02-21 23:15 --------- d-----w c:\documents and settings\NetworkService\Application Data\Avaya
2009-02-21 23:06 --------- d-----w c:\program files\Java
2009-02-21 15:57 --------- d-----w c:\documents and settings\Kavitha\Application Data\Intel
2009-02-21 15:57 --------- d-----w c:\documents and settings\Administrator\Application Data\Intel
2009-02-21 15:56 --------- d-----w c:\program files\Intel
2009-02-21 15:56 --------- d-----w c:\program files\Common Files\Intel
2009-02-21 15:56 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2009-02-21 15:56 --------- d-----w c:\documents and settings\Nagendra\Application Data\Intel
2009-02-21 15:56 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2009-02-21 15:56 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2009-02-21 15:53 --------- d-----w c:\program files\ThinkVantage Fingerprint Software
2009-02-21 15:52 --------- d-----w c:\program files\Common Files\ThinkVantage Fingerprint Software
2009-02-21 15:52 --------- d-----w c:\program files\Common Files\SPBA
2009-02-21 15:51 --------- d-----w c:\documents and settings\All Users\Application Data\UIB
2009-02-17 13:58 --------- d-----w c:\program files\TD AMERITRADE
2009-02-17 13:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 00:49 --------- d-----w c:\documents and settings\Nagendra\Application Data\dvdcss
2009-02-16 00:05 --------- d-----w c:\documents and settings\Nagendra\Application Data\AdobeUM
2009-02-15 19:35 --------- d-----w c:\program files\Tournament Bracket Builder
2009-01-14 02:27 30 ----a-w C:\deleteprefetch.bat
2008-11-10 00:52 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-11-10 00:52 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD43173C-763B-4061-B948-3DE0FA0F0127}]
2004-08-04 05:00 104448 --a------ c:\windows\system32\hfzoejv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-01-20 159744]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-01-20 425984]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-11-21 385024]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-04 3093816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"TpShocks"="TpShocks.exe" [2008-08-01 c:\windows\system32\TpShocks.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hpghulnk]
2004-08-04 05:00 104448 c:\windows\system32\hfzoejv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.X264"= x264vfw.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll uihodax.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nagendra^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
--------- 2005-03-17 19:08 208896 c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 c:\program files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
--a------ 2009-03-04 22:21 3093816 c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-10-06 06:20 122940 c:\windows\system32\dla\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--------- 2008-10-08 02:38 256576 c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
--a------ 2004-08-06 02:10 442368 c:\program files\IBM\Messages By IBM\ibmmessages.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-09-15 10:50 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-09-15 10:54 118784 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-09-15 10:53 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 16:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
--a------ 2008-04-13 17:12 169984 c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
--------- 2008-11-21 11:55 385024 c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
--a------ 2007-10-22 13:52 75584 c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-03-30 13:34 25263144 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-08-06 07:27 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 09:11 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-21 16:06 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2008-10-06 11:06 1323008 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2008-10-06 11:14 118784 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
--a------ 2006-10-02 11:19 94208 c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKBDLED]
--a------ 2002-10-08 22:28 40960 c:\windows\system32\TpScrLk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
--a------ 2007-01-09 17:28 868352 c:\program files\ThinkPad\Utilities\TpKmapAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
--a------ 2008-05-14 17:42 487424 c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2005-10-17 01:11 65536 c:\windows\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
--a------ 2008-08-01 16:29 181536 c:\windows\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TSSCoreService"=2 (0x2)
"IDriverT"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"TVT Backup Service"=2 (0x2)
"TVT Backup Protection Service"=2 (0x2)
"TpKmpSVC"=2 (0x2)
"TPHDEXLGSVC"=2 (0x2)
"ThinkVantage Registry Monitor Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\OrCAD\\OrCAD_10.0\\tools\\bin\\cdsNameServer.exe"=
"c:\\OrCAD\\OrCAD_10.0\\tools\\bin\\cdsMsgServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 noittukv;noittukv;c:\windows\system32\drivers\noittukv.sys [1980-01-01 23424]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-06-10 116264]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-06-10 19496]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-07-19 14848]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-07-19 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2005-07-19 4224]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2005-07-19 4442]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-05-09 46144]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2009-02-21 53248]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2008-11-21 12560]
R2 SSIPDDP;SSIPDDP;c:\windows\system32\drivers\SSIPDDP.SYS [2005-11-23 54272]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 360448]
R3 EraserUtilDrv10910;EraserUtilDrv10910;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [2009-03-28 101936]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-07-19 6528]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-09-13 37312]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-06-28 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-06-28 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-06-28 42112]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [2005-04-21 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fcqwhxik

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1384193946-1213119400-3037156660-1005.job
- c:\documents and settings\Nagendra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 20:13]

2009-04-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 13:57]

2009-04-05 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-11-21 11:56]

2009-03-23 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 10:42]

2009-02-01 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 10:42]

2009-02-01 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-01-08 10:14]

2009-04-05 c:\windows\Tasks\User_Feed_Synchronization-{01FF64D2-A3F8-4736-AC1C-059A560A0713}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 03:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} -
Trusted Zone: ml.com\www.benefits
FF - ProfilePath - c:\documents and settings\Nagendra\Application Data\Mozilla\Firefox\Profiles\8r08mkso.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Nagendra\Application Data\Mozilla\Firefox\Profiles\8r08mkso.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Nagendra\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 07:19:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]
"ImagePath"="-"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\vrlogon.dll

- - - - - - - > 'lsass.exe'(732)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\windows\uihodax.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\locator.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.EXE
.
**************************************************************************
.
Completion time: 2009-04-05 7:24:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-05 14:24:04

Pre-Run: 7,569,182,720 bytes free
Post-Run: 7,474,737,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

341 --- E O F --- 2009-03-13 03:44:57

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:06 AM

Posted 05 April 2009 - 06:36 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
fcqwhxik
noittukv

NetSvc::
fcqwhxik

File::
c:\windows\system32\drivers\noittukv.sys
c:\windows\system32\hfzoejv.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hpghulnk]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD43173C-763B-4061-B948-3DE0FA0F0127}]
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.



Also run a new scan with Malwarebytes and post the resulting log back here.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 snoper

snoper
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 05 April 2009 - 07:38 PM

ComboFix Log:

ComboFix 09-04-04.01 - Nagendra 2009-04-05 16:54:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.758.360 [GMT -7:00]
Running from: c:\documents and settings\Nagendra\Desktop\AV\ComboFix.exe
Command switches used :: c:\documents and settings\Nagendra\Desktop\AV\CFScript
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\drivers\noittukv.sys
c:\windows\system32\hfzoejv.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\noittukv.sys
c:\windows\system32\hfzoejv.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCQWHXIK
-------\Legacy_NOITTUKV
-------\Service_noittukv


((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.

2009-04-05 07:06 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-04 07:11 . 2009-04-04 07:11 <DIR> d-------- c:\documents and settings\Nagendra\Application Data\Malwarebytes
2009-04-04 07:11 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-04 07:11 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-04 07:10 . 2009-04-04 07:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-04 07:10 . 2009-04-04 07:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-04 07:03 . 2009-04-04 07:03 <DIR> d-------- c:\documents and settings\Nagendra\Application Data\mbobkqlu
2009-04-04 07:02 . 2009-04-04 07:02 <DIR> d-------- C:\_OTListIt
2009-03-31 19:34 . 2009-03-31 19:39 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-03-31 07:06 . 2009-03-31 07:06 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\mbobkqlu
2009-03-31 06:58 . 2009-03-31 06:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-03-29 18:35 . 2009-03-29 20:29 <DIR> d-------- c:\program files\CleanUp!
2009-03-29 18:27 . 2009-03-29 18:27 <DIR> d-------- c:\program files\AVG
2009-03-29 18:27 . 2009-04-01 08:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-29 14:56 . 2009-03-29 14:56 <DIR> d-------- c:\documents and settings\Nagendra\Application Data\STOPzilla!
2009-03-29 14:55 . 2009-03-29 19:48 <DIR> d-------- c:\program files\STOPzilla!
2009-03-29 14:48 . 2009-03-29 14:48 <DIR> d-------- c:\program files\uTorrent
2009-03-29 14:17 . 2009-03-29 14:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-03-29 14:11 . 2009-03-29 14:11 <DIR> d-------- c:\program files\Common Files\iS3
2009-03-29 14:11 . 2009-03-29 20:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-25 23:40 . 2008-10-06 11:26 110,592 --a------ c:\windows\system32\SynTPCo4.dll
2009-03-23 22:45 . 2009-03-23 22:45 <DIR> d-------- c:\documents and settings\Nagendra\.housecall6.6
2009-03-23 22:15 . 2009-03-23 22:15 <DIR> d-------- c:\program files\Trend Micro
2009-03-23 06:30 . 2009-03-23 06:30 <DIR> d-------- c:\documents and settings\Nagendra\Application Data\Avaya
2009-03-22 21:18 . 2009-03-29 20:35 <DIR> d--hs---- c:\documents and settings\NetworkService\PrivacIE
2009-03-22 21:18 . 2009-03-29 20:35 <DIR> d--hs---- c:\documents and settings\NetworkService\IECompatCache
2009-03-22 21:18 . 2009-03-27 21:19 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Delicious IE Extension
2009-03-22 21:17 . 2009-03-29 20:35 <DIR> d--hs---- c:\documents and settings\NetworkService\IETldCache
2009-03-21 06:54 . 2009-03-21 06:54 <DIR> d-------- c:\program files\Lavasoft
2009-03-15 21:08 . 2009-03-15 21:08 203,776 --a------ c:\windows\system32\clrviddc.dll
2009-03-15 21:08 . 1999-09-10 04:06 45,056 --a------ c:\windows\system32\wnaspi32.dll
2009-03-15 21:08 . 1999-09-10 04:06 25,244 --a------ c:\windows\system32\drivers\aspi32.sys
2009-03-15 21:08 . 1999-09-10 04:06 5,600 --a------ c:\windows\system\winaspi.dll
2009-03-15 21:08 . 1999-09-10 04:06 4,672 --a------ c:\windows\system\wowpost.exe
2009-03-15 21:04 . 2009-03-15 21:04 <DIR> d-------- c:\program files\Common Files\xing shared
2009-03-11 08:10 . 2009-03-11 08:10 <DIR> d-------- c:\documents and settings\Nagendra\Application Data\Windows Search

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 23:55 23,424 ----a-w c:\windows\system32\drivers\zkbumuea.sys
2009-04-05 23:48 --------- d-----w c:\documents and settings\Nagendra\Application Data\Delicious IE Extension
2009-04-02 13:44 --------- d-----w c:\documents and settings\Nagendra\Application Data\uTorrent
2009-03-30 03:35 --------- d-----w c:\documents and settings\Nagendra\Application Data\Azureus
2009-03-28 23:46 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-26 06:38 --------- d-----w c:\program files\Lenovo
2009-03-26 06:38 --------- d-----w c:\program files\Common Files\Lenovo
2009-03-25 03:42 --------- d-----w c:\program files\SopCast
2009-03-24 05:25 --------- d-----w c:\program files\QuickTime
2009-03-21 13:52 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-18 14:13 --------- d-----w c:\program files\PCDR5
2009-03-16 04:04 --------- d-----w c:\program files\Common Files\Real
2009-03-14 13:47 --------- d-----w c:\program files\Bommarillu
2009-03-14 13:40 --------- d-----w c:\program files\Windows Desktop Search
2009-03-01 22:50 33,536 ----a-w c:\windows\system32\drivers\tvtfilter.sys
2009-02-26 05:17 --------- d-----w c:\documents and settings\All Users\Application Data\PCDr
2009-02-26 04:45 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 05:47 --------- d-----w c:\documents and settings\Nagendra\Application Data\Lenovo
2009-02-24 05:47 --------- d-----w c:\documents and settings\All Users\Application Data\Lenovo
2009-02-24 05:19 30,144 ----a-w c:\windows\system32\drivers\psadd.sys
2009-02-24 04:17 --------- d-----w c:\program files\Delicious Add-on for Internet Explorer
2009-02-21 23:15 --------- d-----w c:\documents and settings\NetworkService\Application Data\Avaya
2009-02-21 23:06 --------- d-----w c:\program files\Java
2009-02-21 15:57 --------- d-----w c:\documents and settings\Kavitha\Application Data\Intel
2009-02-21 15:57 --------- d-----w c:\documents and settings\Administrator\Application Data\Intel
2009-02-21 15:56 --------- d-----w c:\program files\Intel
2009-02-21 15:56 --------- d-----w c:\program files\Common Files\Intel
2009-02-21 15:56 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2009-02-21 15:56 --------- d-----w c:\documents and settings\Nagendra\Application Data\Intel
2009-02-21 15:56 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2009-02-21 15:56 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2009-02-21 15:53 --------- d-----w c:\program files\ThinkVantage Fingerprint Software
2009-02-21 15:52 --------- d-----w c:\program files\Common Files\ThinkVantage Fingerprint Software
2009-02-21 15:52 --------- d-----w c:\program files\Common Files\SPBA
2009-02-21 15:51 --------- d-----w c:\documents and settings\All Users\Application Data\UIB
2009-02-17 13:58 --------- d-----w c:\program files\TD AMERITRADE
2009-02-17 13:55 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 00:49 --------- d-----w c:\documents and settings\Nagendra\Application Data\dvdcss
2009-02-16 00:05 --------- d-----w c:\documents and settings\Nagendra\Application Data\AdobeUM
2009-02-15 19:35 --------- d-----w c:\program files\Tournament Bracket Builder
2009-01-14 02:27 30 ----a-w C:\deleteprefetch.bat
2008-11-10 00:52 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-11-10 00:52 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-01-20 159744]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-01-20 425984]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-11-21 385024]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-04 3093816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"TpShocks"="TpShocks.exe" [2008-08-01 c:\windows\system32\TpShocks.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"vidc.X264"= x264vfw.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll uihodax.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nagendra^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
--------- 2005-03-17 19:08 208896 c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 c:\program files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
--a------ 2009-03-04 22:21 3093816 c:\program files\Lenovo\Client Security Solution\cssauth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-10-06 06:20 122940 c:\windows\system32\dla\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--------- 2008-10-08 02:38 256576 c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
--a------ 2004-08-06 02:10 442368 c:\program files\IBM\Messages By IBM\ibmmessages.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-09-15 10:50 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-09-15 10:54 118784 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-09-15 10:53 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 16:50 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
--a------ 2008-04-13 17:12 169984 c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
--------- 2008-11-21 11:55 385024 c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
--a------ 2007-10-22 13:52 75584 c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-03-30 13:34 25263144 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-08-06 07:27 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 09:11 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-21 16:06 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2008-10-06 11:06 1323008 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2008-10-06 11:14 118784 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
--a------ 2006-10-02 11:19 94208 c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKBDLED]
--a------ 2002-10-08 22:28 40960 c:\windows\system32\TpScrLk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
--a------ 2007-01-09 17:28 868352 c:\program files\ThinkPad\Utilities\TpKmapAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
--a------ 2008-05-14 17:42 487424 c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2005-10-17 01:11 65536 c:\windows\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
--a------ 2008-08-01 16:29 181536 c:\windows\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TSSCoreService"=2 (0x2)
"IDriverT"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"TVT Backup Service"=2 (0x2)
"TVT Backup Protection Service"=2 (0x2)
"TpKmpSVC"=2 (0x2)
"TPHDEXLGSVC"=2 (0x2)
"ThinkVantage Registry Monitor Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\OrCAD\\OrCAD_10.0\\tools\\bin\\cdsNameServer.exe"=
"c:\\OrCAD\\OrCAD_10.0\\tools\\bin\\cdsMsgServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-06-10 116264]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-06-10 19496]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-07-19 14848]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-07-19 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2005-07-19 4224]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2005-07-19 4442]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-05-09 46144]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2009-02-21 53248]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2008-11-21 12560]
R2 SSIPDDP;SSIPDDP;c:\windows\system32\drivers\SSIPDDP.SYS [2005-11-23 54272]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 360448]
R3 EraserUtilDrv10910;EraserUtilDrv10910;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [2009-03-28 101936]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-07-19 6528]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-09-13 37312]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-06-28 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-06-28 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-06-28 42112]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [2005-04-21 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NOITTUKV

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1384193946-1213119400-3037156660-1005.job
- c:\documents and settings\Nagendra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-08 20:13]

2009-04-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 13:57]

2009-04-06 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-11-21 11:56]

2009-03-23 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 10:42]

2009-02-01 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-12-07 10:42]

2009-02-01 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-01-08 10:14]

2009-04-06 c:\windows\Tasks\User_Feed_Synchronization-{01FF64D2-A3F8-4736-AC1C-059A560A0713}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 03:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} -
Trusted Zone: ml.com\www.benefits
FF - ProfilePath - c:\documents and settings\Nagendra\Application Data\Mozilla\Firefox\Profiles\8r08mkso.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\Nagendra\Application Data\Mozilla\Firefox\Profiles\8r08mkso.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 17:02:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]
"ImagePath"="-"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\vrlogon.dll

- - - - - - - > 'lsass.exe'(736)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\windows\uihodax.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\locator.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\rundll32.exe
c:\progra~1\ThinkPad\UTILIT~1\PWMUIAux.EXE
.
**************************************************************************
.
Completion time: 2009-04-05 17:07:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-06 00:07:04
ComboFix2.txt 2009-04-05 14:24:09

Pre-Run: 7,418,998,784 bytes free
Post-Run: 7,454,298,112 bytes free

343 --- E O F --- 2009-03-13 03:44:57

mbam log
Malwarebytes' Anti-Malware 1.35
Database version: 1939
Windows 5.1.2600 Service Pack 3

4/5/2009 5:35:47 PM
mbam-log-2009-04-05 (17-35-47).txt

Scan type: Quick Scan
Objects scanned: 78968
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:06 AM

Posted 06 April 2009 - 03:57 PM

Please post a new log from DDS.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 snoper

snoper
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 06 April 2009 - 09:18 PM

Computer seems to be behaving better

DDS Log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Nagendra at 19:14:07.17 on Mon 04/06/2009
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.758.310 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Nagendra\Desktop\AV\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TpShocks] TpShocks.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3}
Trusted Zone: ml.com\www.benefits
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15015/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/28.30/uploader2.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193194115265
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193194105421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_1/PhotoCenter_ActiveX_Control.cab?
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15023/CTPID.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina psqlpwd c:\program files\thinkvantage fingerprint software\psqlpwd.dll uihodax.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nagendra\applic~1\mozilla\firefox\profiles\8r08mkso.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\nagendra\application data\mozilla\firefox\profiles\8r08mkso.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\nagendra\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-6-10 116264]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-6-10 19496]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-7-19 14848]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-7-19 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2005-7-19 4224]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2005-7-19 4442]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-2-21 53248]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2008-11-21 12560]
R2 SSIPDDP;SSIPDDP;c:\windows\system32\drivers\SSIPDDP.SYS [2005-11-23 54272]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-14 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-7-19 6528]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 37312]
S1 SAVRT;SAVRT;- --> - [?]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;c:\windows\system32\drivers\Awrtpd.sys [2008-4-29 12960]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-6-28 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-6-28 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-6-28 42112]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090405.003\naveng.sys [2009-4-5 89104]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090405.003\navex15.sys [2009-4-5 876144]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [2005-4-21 14336]
S4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-6-2 611664]
S4 ccEvtMgr;Symantec Event Manager;- --> - [?]

=============== Created Last 30 ================

2009-04-05 19:59 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-05 19:59 1,409 a------- c:\windows\QTFont.for
2009-04-05 07:08 <DIR> a-dshr-- C:\cmdcons
2009-04-05 07:07 161,792 a------- c:\windows\SWREG.exe
2009-04-05 07:07 98,816 a------- c:\windows\sed.exe
2009-04-05 07:06 73,728 a------- C:\pv.exe-BAD
2009-04-04 07:11 <DIR> --d----- c:\docume~1\nagendra\applic~1\Malwarebytes
2009-04-04 07:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-04 07:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-04 07:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-04 07:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-04 07:03 <DIR> --d----- c:\docume~1\nagendra\applic~1\mbobkqlu
2009-04-04 07:02 <DIR> --d----- C:\_OTListIt
2009-03-31 06:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations
2009-03-29 18:35 <DIR> --d----- c:\program files\CleanUp!
2009-03-29 18:27 <DIR> --d----- c:\program files\AVG
2009-03-29 18:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-29 14:56 <DIR> --d----- c:\docume~1\nagendra\applic~1\STOPzilla!
2009-03-29 14:55 <DIR> --d----- c:\program files\STOPzilla!
2009-03-29 14:48 <DIR> --d----- c:\program files\uTorrent
2009-03-29 14:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-03-29 14:11 <DIR> --d----- c:\program files\common files\iS3
2009-03-29 14:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-03-25 23:40 110,592 a------- c:\windows\system32\SynTPCo4.dll
2009-03-23 22:45 <DIR> --d----- c:\documents and settings\nagendra\.housecall6.6
2009-03-23 22:15 <DIR> --d----- c:\program files\Trend Micro
2009-03-23 06:30 <DIR> --d----- c:\docume~1\nagendra\applic~1\Avaya
2009-03-21 06:54 <DIR> --d----- c:\program files\Lavasoft
2009-03-15 21:08 45,056 a------- c:\windows\system32\wnaspi32.dll
2009-03-15 21:08 25,244 a------- c:\windows\system32\drivers\aspi32.sys
2009-03-15 21:08 5,600 a------- c:\windows\system\winaspi.dll
2009-03-15 21:08 4,672 a------- c:\windows\system\wowpost.exe
2009-03-15 21:08 203,776 a------- c:\windows\system32\clrviddc.dll
2009-03-15 21:04 <DIR> --d----- c:\program files\common files\xing shared
2009-03-11 08:10 <DIR> --d----- c:\docume~1\nagendra\applic~1\Windows Search

==================== Find3M ====================

2009-04-05 19:59 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2009-04-05 19:59 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2009-04-05 16:55 23,424 a------- c:\windows\system32\drivers\zkbumuea.sys
2009-03-15 21:04 348,160 a------- c:\windows\system32\msvcr71.dll
2009-03-04 22:07 1,692,984 a------- c:\windows\system32\cspcore.dll
2009-03-04 22:07 955,704 a------- c:\windows\system32\cssuserdatadispatcher.dll
2009-03-04 21:57 734,520 a------- c:\windows\system32\tcsrpc.dll
2009-03-04 21:57 427,320 a------- c:\windows\system32\tvttsp.dll
2009-03-01 15:50 33,536 a------- c:\windows\system32\drivers\tvtfilter.sys
2009-02-23 22:19 30,144 a------- c:\windows\system32\drivers\psadd.sys
2009-02-21 16:06 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-15 03:17 636,264 a------- c:\windows\system32\dllcache\iexplore.exe
2009-01-15 03:17 392,040 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 03:13 5,888,512 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-15 03:12 10,963,968 a------- c:\windows\system32\dllcache\ieframe.dll
2009-01-15 03:06 1,182,720 a------- c:\windows\system32\dllcache\urlmon.dll
2009-01-15 03:06 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-01-15 03:06 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-01-15 03:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 03:05 911,872 a------- c:\windows\system32\dllcache\wininet.dll
2009-01-15 03:05 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-01-15 03:05 109,056 a------- c:\windows\system32\dllcache\occache.dll
2009-01-15 03:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 03:05 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-01-15 03:04 755,200 a------- c:\windows\system32\dllcache\VGX.dll
2009-01-15 03:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 03:04 18,944 -------- c:\windows\system32\dllcache\corpol.dll
2009-01-15 03:04 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-01-15 03:02 1,975,296 a------- c:\windows\system32\dllcache\iertutil.dll
2009-01-15 03:02 593,920 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-15 03:02 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-01-15 03:01 183,808 a------- c:\windows\system32\dllcache\iepeers.dll
2009-01-15 03:01 59,904 a------- c:\windows\system32\dllcache\icardie.dll
2009-01-15 03:01 54,272 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-15 03:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 03:01 34,304 a------- c:\windows\system32\dllcache\imgutil.dll
2009-01-15 03:01 348,160 a------- c:\windows\system32\dllcache\dxtmsft.dll
2009-01-15 03:01 46,592 a------- c:\windows\system32\dllcache\pngfilt.dll
2009-01-15 03:01 216,064 a------- c:\windows\system32\dllcache\dxtrans.dll
2009-01-15 03:01 66,560 a------- c:\windows\system32\dllcache\mshtmled.dll
2009-01-15 03:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 03:00 48,128 a------- c:\windows\system32\dllcache\mshtmler.dll
2009-01-15 03:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 03:00 45,568 a------- c:\windows\system32\dllcache\mshta.exe
2009-01-15 02:53 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-01-15 02:50 156,160 a------- c:\windows\system32\msls31.dll
2009-01-15 02:50 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-01-15 02:35 445,440 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-13 19:27 30 a------- C:\deleteprefetch.bat
2009-01-10 22:00 79,360 -------- c:\windows\system32\dllcache\iecompat.dll

============= FINISH: 19:15:05.93 ===============


Attach.txt LOG

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/27/2005 4:31:23 AM
System Uptime: 4/6/2009 6:21:48 PM (1 hours ago)

Motherboard: IBM | | 1875D6U
Processor: Intel® Pentium® M processor 1.73GHz | None | 1729/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 33 GiB total, 6.651 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP3: 4/4/2009 7:17:37 AM - System Checkpoint
RP4: 4/5/2009 7:07:41 AM - ComboFix created restore point
RP5: 4/5/2009 4:54:18 PM - ComboFix created restore point
RP6: 4/6/2009 6:36:49 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
Access IBM
Access IBM Message Center
Ad-Aware
Adobe Bridge 1.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.1.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.0
Bommarillu
CCleaner (remove only)
CLIE MS SCSI Driver
Client Security - Password Manager
Compatibility Pack for the 2007 Office system
Creative Jukebox Driver
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.5
Delicious Add-on for Internet Explorer
Epocrates Essentials
ffdshow
FLEXid8 Driver
Garmin POI Loader
Garmin WebUpdater
Google Chrome
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
IBM 32-bit Runtime Environment for Java 2, v1.4.2
IBM Themes
IBM ThinkVantage Technologies Welcome Message
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver for Mobile
Intel® PROSet/Wireless WiFi Software
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ 6 Update 12
Java™ SE Runtime Environment 6 Update 1
Lenovo System Toolbox
LiveUpdate 2.6 (Symantec Corporation)
Macrovision FLEXid Drivers
Malwarebytes' Anti-Malware
Mentor Graphics Products
MGC Visual Studio 7 Runtime
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.8)
mProSafe
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
mWlsSafe
Nikon Message Center
NOMAD Explorer
PADS2005 SPac1
Palm Desktop
PictureProject
QuickTime
RealPlayer
RegistryFix v7.0
Release OrCAD 10.0
Rescue and Recovery
Rescue and Recovery Critical Patch for Windows Update (KB917422)
Sansa Media Converter
Sansa Updater
SBC Yahoo! Applications
Scroll Lock Indicator Utility
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Sentinel System Driver
Skype 3.1
Skype Plugin Manager
Sonic DLA
Sonic Express Labeler
Sonic RecordNow!
Sonic Update Manager
Sony Download Taxi 1.5.0.0
SoundMAX
Symantec AntiVirus
System Migration Assistant
System Update
TD AMERITRADE StrategyDesk 2.3
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Integrated 56K Modem
ThinkPad Keyboard Customizer Utility
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Presentation Director
ThinkPad SATA Power Management Driver
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkPad UltraNav Wizard
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.8
Tournament Bracket Builder 1.2
TrackPoint Accessibility Features
Uniblue RegistryBooster 2
Uniblue SpeedUpMyPC 3
Uniblue SpyEraser
Update for Windows Internet Explorer 8 (KB961813)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.5
Virtual Earth 3D (Beta)
Wallpapers
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8 Release Candidate 1
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
x264 Revision 564 x264.nl (remove only)
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Video Codec
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/31/2009 7:11:45 AM, error: Service Control Manager [7000] - The SAVRT service failed to start due to the following error: The system cannot find the file specified.
3/31/2009 7:11:14 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SAVRT
3/31/2009 7:11:10 AM, error: Service Control Manager [7023] - The Logical Disk Manager Support service terminated with the following error: Access is denied.
3/31/2009 6:30:51 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/30/2009 6:04:21 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/30/2009 6:01:08 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ANC AvgLdx86 AvgMfx86 eeCtrl Fips IBMTPCHK intelppm SAVRT SAVRTPEL Smapint TDSMAPI TPHKDRV TPPWRIF TSMAPIP tvtumon
3/30/2009 5:54:21 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC AvgLdx86 AvgMfx86 AvgTdiX eeCtrl Fips IBMTPCHK intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL Smapint Tcpip TDSMAPI TPHKDRV TPPWRIF TSMAPIP tvtumon
3/30/2009 5:54:21 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2009 5:54:21 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2009 5:54:21 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2009 5:54:21 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2009 5:23:10 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.
3/31/2009 7:24:51 PM, error: Service Control Manager [7034] - The AVGIDSWatcher service terminated unexpectedly. It has done this 1 time(s).
3/31/2009 7:25:44 PM, error: Service Control Manager [7000] - The AVG8 E-mail Scanner service failed to start due to the following error: The system cannot find the file specified.
4/3/2009 6:48:00 AM, error: Service Control Manager [7031] - The Symantec AntiVirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
4/3/2009 8:18:55 AM, error: System Error [1003] - Error code 10000050, parameter1 fb679019, parameter2 00000000, parameter3 a91cc571, parameter4 00000000.
4/4/2009 7:27:14 AM, error: Service Control Manager [7023] - The Microsoft USB 2.0 Enhanced Host Controller Miniport Monitor service terminated with the following error: %1 is not a valid Win32 application.
4/5/2009 1:22:57 PM, error: Service Control Manager [7031] - The TVT Windows Update Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.

==== End Of File ===========================

#14 snoper

snoper
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:06 PM

Posted 06 April 2009 - 10:52 PM

The system is still slow.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:06 AM

Posted 07 April 2009 - 11:25 AM

Please uninstall these programs:

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ SE Runtime Environment 6 Update 1



=================


Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Folder::
c:\documents and settings\Nagendra\Application Data\mbobkqlu
c:\documents and settings\NetworkService\Application Data\mbobkqlu

File::
C:\pv.exe
c:\windows\system32\drivers\zkbumuea.sys

Driver::
NOITTUKV

DDS::
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
LSA: Notification Packages = scecli ACGina psqlpwd c:\program files\thinkvantage fingerprint software\psqlpwd.dll uihodax.dll
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.


This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


===================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Posted Image

Edited by Buckeye_Sam, 07 April 2009 - 11:26 AM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users