Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojandownloader.xs (I've tried everything) [RESOLVED]


  • This topic is locked This topic is locked

#1
urifan

urifan

    Member

  • Member
  • PipPip
  • 13 posts
I'm definetly infected with something. Here are the symptons: Wallpaper was changed to blue and says "Warning: Spyware threat has been detected on you PC ....... Click here to scan your PC for spyware." I also keep getting sytemtray yellow triangle message, windows security center popups and etc... saying I'm infected with trojandownloader.xs and various other spyware. Need help removing these. Have most current windows updates, have run spybot S&D 1.5.2, AdAware 2007, and Symantec Virus scans with no luck. They find things, I remove them, but they keep coming back.

I am running windows XP.

Here is the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:00 AM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Drivers\trcboot.exe
C:\WINNT\System32\IPSSVC.EXE
C:\Program Files\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\AgentController\bin\RAService.exe
C:\Program Files\C4ebreg\c4ebreg.exe
C:\WINNT\system32\cmd.exe
c:\sdwork\issimsvc.exe
C:\Program Files\IBM\SCM\client\jacservice.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
C:\PROGRA~1\IBM\SCM\_jvm\bin\java.exe
C:\WINNT\system32\nutsrv4.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\System32\TPHDEXLG.EXE
C:\WINNT\system32\TpKmpSVC.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\WINNT\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\WINNT\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\mgmrwmrv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\TpScrLk.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINNT\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1155175130\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IBM\My Help\workspace\service\delayStart.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.3.14\pmonmh.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IBM\Sametime Connect\sametime.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\lotus\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\soffice.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe
C:\PROGRA~1\IBM\SAMETI~1\jre\bin\sametime75.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/jc...pt/wps/myportal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sdslab.raleigh.ibm.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/jc...pt/wps/myportal
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TPKBDLED] C:\WINNT\System32\TpScrLk.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155175130\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\RATIONAL\RATION~1\NUTCROOT\bin\ncoeenv.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [defergui] c:/sdwork/defergui.exe
O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\workspace\service\delayStart.exe"
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Sametime Connect 7.5] "C:\Program Files\IBM\Sametime Connect\sametime.exe" -noSplash
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [SODCPreLoad] C:\lotus\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\preload.exe C:\lotus\notes\data\workspace\.sodc\
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [PSA5h7qnli] C:\WINNT\wjexytut.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lotus Quickr Monitor.lnk = C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://sdslab.raleigh.ibm.com
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://quickr04.edc.ibm.com/qp2.cab
O16 - DPF: {8BF7B588-F4AC-4A6E-AF63-F664449EED2E} (IBM Browser plug-in for documents) - https://quickr.tap.i...in/DMPlugin.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bl...lnwebassist.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://amex50.webex...bex/ieatgpc.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rtp.raleigh.ibm.com,raleigh.ibm.com,ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rtp.raleigh.ibm.com,raleigh.ibm.com,ibm.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINNT\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINNT\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rational Agent Controller - Eclipse.org - C:\Program Files\IBM\AgentController\bin\RAService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINNT\System32\IPSSVC.EXE
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: SCM Client (jacservice) - Unknown owner - C:\Program Files\IBM\SCM\client\jacservice.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\ workspace\service\MyHelpService.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINNT\system32\nutsrv4.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINNT\system32\Drivers\trcboot.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe

--
End of file - 18344 bytes


*** UNINSTALL List ***
Access Help
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
AIM 6
AOL Uninstaller (Choose which Products to Remove)
AT&T Network Client
ATI - Software Uninstall Utility
ATI Display Driver
CMVC 4.0 Developer Client
CMVC 5.0 Developer Client
Crystal Reports Embeddable Designer for IBM Rational Application Developer
Download Accelerator Plus (DAP)
DraftDominator Version 8.0g Full
FileZilla (remove only)
Google SketchUp
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Help Center
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
IBM 32-bit SDK for Java 2, v1.4.2
IBM Ayudame
IBM DLA
IBM Dynamic Content Delivery (DCDClient-ISSI)
IBM Infoprint Select
IBM Installation Manager
IBM Lotus Sametime Connect 7.5.1
IBM MQSeries Integrator Agent for CICS Transaction Server
IBM My Help
IBM Personal Communications
IBM Printer Software Uninstall
IBM Rational Agent Controller
IBM Rational Application Developer V6.0
IBM Rational Developer for System z V7.1 (IBM Software Development Platform)
IBM Rational Developer for System z V7.1 (IBM Software Development Platform_1)
IBM Software Development Platform
IBM Software Development Platform_1
IBM Software Uninstall
IBM Tivoli Security Compliance Manager
IBM WebSphere Developer for zSeries Version 6.0.1
IBM WebSphere Integration Developer
IBM WebSphere Integration Developer V6.0.2
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterActual Player
InterVideo WinDVD
iTunes
Lenovo Battery Program
LiveUpdate 3.0 (Symantec Corporation)
Lotus Notes 8.0
Lotus NotesSQL 3.01 driver
Lotus SmartSuite - English
Malwarebytes' Anti-Malware
mCore
mDriver
Message Center
Microsoft Office Visio Viewer 2003 (English)
Microsoft Office XP Standard
MKS Platform Components 7.x
mMHouse
Mozilla Firefox (2.0.0.12)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mXML
Productivity Center Supplement for ThinkPad
QuickTime
Rational Rose Enterprise Edition
Scroll Lock Indicator Utility
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sierra Wireless MC5720 Package for Access Connections
Software Installer
Sonic Express Labeler
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
Symantec Client Security
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Presentation Director
ThinkPad UltraNav Driver
ThinkPad UltraNav Wizard
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Away Manager
ThinkVantage Productivity Center
TrackPoint Accessibility Features
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VMware Player
VMware Server Console
WebEx
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Workstation Security Tool 2.2
XoftSpySE
ZapNotes

Edited by urifan, 03 March 2008 - 09:33 PM.

  • 0

Advertisements


#2
urifan

urifan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
now getting lots of popups from SpyBot asking me to Allow/Deny Change when one of the Malware files tries to add a BHO value to the registry.

But still getting the fake security popups as well :)
  • 0

#3
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello urifan

Welcome to G2Go. :)
=====================
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#4
urifan

urifan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
kahdah,
thank you so very much for attempting to assist me, as I am sure you can imagine I am at wits end with this thing, but I bet everyone you assist feels that way. :)

I wasnt sure if I needed to shut anything down (SpyBot, network connections , etc.) before running ComboFix, so I left them going, and here is the log....


ComboFix 08-03-01.3 - Administrator 2008-03-02 11:56:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1321 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\install.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINNT\764.exe
C:\WINNT\7search.dll
C:\WINNT\absolute key logger.lnk
C:\WINNT\aconti.exe
C:\WINNT\aconti.ini
C:\WINNT\aconti.log
C:\WINNT\aconti.sdb
C:\WINNT\acontidialer.txt
C:\WINNT\adbar.dll
C:\WINNT\cbinst$.exe
C:\WINNT\daxtime.dll
C:\WINNT\default.htm
C:\WINNT\Downloaded Program Files\MyWebEx
C:\WINNT\Downloaded Program Files\MyWebEx\419\atarm.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\atas32.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\atasanot.exe
C:\WINNT\Downloaded Program Files\MyWebEx\419\atasctrl.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\atasnt40.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\atcarmcl.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\atdl2006.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\atjpeg60.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\atkbctl.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\atlchat.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\atmemmgr.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\atnetext.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\atpack.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\atres.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\attp.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\atwbxui6.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\h264dec.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\h264enc.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\ieatgpc.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\mmssl32.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\msess.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\mticket.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\mutiltpd.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\mvc.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\mwm.ini
C:\WINNT\Downloaded Program Files\MyWebEx\419\mwmcliun.exe
C:\WINNT\Downloaded Program Files\MyWebEx\419\mwmproxy.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\mwmres.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\mwmtrace.txt
C:\WINNT\Downloaded Program Files\MyWebEx\419\mwmupd.exe
C:\WINNT\Downloaded Program Files\MyWebEx\419\ratrace.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\raurl.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\uilibres.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\wbxcrypt.dll
C:\WINNT\Downloaded Program Files\MyWebEx\419\webexmgr.dll
C:\WINNT\dp0.dll
C:\WINNT\eventlowg.dll
C:\WINNT\fhfmm-Uninstaller.exe
C:\WINNT\fhfmm.exe
C:\WINNT\flt.dll
C:\WINNT\hcwprn.exe
C:\WINNT\hotporn.exe
C:\WINNT\ie_32.exe
C:\WINNT\iexplorr23.dll
C:\WINNT\jd2002.dll
C:\WINNT\kkcomp$.exe
C:\WINNT\kkcomp.dll
C:\WINNT\kkcomp.exe
C:\WINNT\kvnab$.exe
C:\WINNT\kvnab.dll
C:\WINNT\kvnab.exe
C:\WINNT\liqad$.exe
C:\WINNT\liqad.dll
C:\WINNT\liqad.exe
C:\WINNT\liqui-Uninstaller.exe
C:\WINNT\liqui.dll
C:\WINNT\liqui.exe
C:\WINNT\ngd.dll
C:\WINNT\pbar.dll
C:\WINNT\pbsysie.dll
C:\WINNT\settn.dll
C:\WINNT\spredirect.dll
C:\WINNT\system32\000070.exe
C:\WINNT\system32\000080.exe
C:\WINNT\system32\ace16win.dll
C:\WINNT\system32\acespy
C:\WINNT\system32\acespy\__acelog.ndx
C:\WINNT\system32\acespy\systune.exe
C:\WINNT\system32\ESHOPEE.exe
C:\WINNT\system32\msole32.exe
C:\WINNT\system32\vxddsk.exe
C:\WINNT\system32\wml.exe
C:\WINNT\vxddsk.exe
C:\WINNT\wbeCheck.exe
C:\WINNT\wbeInst$.exe
C:\WINNT\wml.exe
C:\WINNT\xadbrk.dll
C:\WINNT\xadbrk.exe
C:\WINNT\xadbrk_.exe
C:\WINNT\xxxvideo.exe

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
hxxp://windowsupdate.raleigh.ibm.com
.
((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.

2008-03-02 12:03 . 2008-03-02 12:03 <DIR> d-------- C:\WINNT\system32\acespy
2008-03-02 12:03 . 2008-03-02 12:03 <DIR> d-------- C:\Program Files\p2pnetworks
2008-03-02 12:03 . 2008-03-02 12:03 <DIR> d-------- C:\Program Files\e-zshopper
2008-03-02 12:03 . 2008-03-02 12:03 <DIR> d-------- C:\Program Files\amsys
2008-03-02 12:03 . 2008-03-02 12:03 <DIR> d-------- C:\Program Files\akl
2008-03-02 12:03 . 2008-03-02 12:03 <DIR> d-------- C:\Program Files\Accoona
2008-03-02 12:03 . 2008-03-02 12:03 <DIR> d-------- C:\Program Files\3721
2008-03-02 12:03 . 2008-03-02 12:03 27,648 --a------ C:\WINNT\spredirect.dll
2008-03-02 12:03 . 2008-03-02 12:03 27,648 --a------ C:\WINNT\iexplorr23.dll
2008-03-02 12:03 . 2008-03-02 12:03 23,296 --a------ C:\WINNT\system32\ESHOPEE.exe
2008-03-02 12:03 . 2008-03-02 12:03 19,968 --a------ C:\WINNT\jd2002.dll
2008-03-02 12:03 . 2008-03-02 12:03 15,104 --a------ C:\WINNT\adbar.dll
2008-03-02 12:03 . 2008-03-02 12:03 8,960 --a------ C:\WINNT\wbeInst$.exe
2008-03-02 12:03 . 2008-03-02 12:03 8,960 --a------ C:\WINNT\pbsysie.dll
2008-03-02 12:03 . 2008-03-02 12:03 8,448 --a------ C:\WINNT\wbeCheck.exe
2008-03-02 10:50 . 2008-03-02 10:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-02 09:27 . 2008-03-02 09:27 <DIR> d--h----- C:\WINNT\system32\GroupPolicy
2008-03-02 09:13 . 2008-03-02 09:14 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-02 09:13 . 2008-03-02 10:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-02 00:56 . 2008-03-02 00:56 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-02 00:56 . 2008-03-02 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-01 23:43 . 2008-03-01 23:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-01 23:43 . 2008-03-01 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-01 23:43 . 2008-03-01 23:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-03-01 22:31 . 2008-03-01 22:31 <DIR> d-------- C:\Program Files\XoftSpySE
2008-03-01 22:30 . 2008-03-02 10:57 <DIR> d-------- C:\Anti Spyware
2008-03-01 21:39 . 2008-03-01 21:39 <DIR> d--h----- C:\WINNT\PIF
2008-03-01 18:38 . 2008-03-01 18:38 89,099 --a------ C:\WINNT\system32\mgmrwmrv.exe
2008-02-29 22:30 . 2008-02-29 22:30 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-02-29 22:30 . 2008-02-29 22:30 1,409 --a------ C:\WINNT\QTFont.for
2008-02-28 18:42 . 2008-02-19 17:31 3,430,896 --a------ C:\WINNT\system32\AS_Storage_w32.dll
2008-02-28 18:41 . 2008-02-28 18:41 <DIR> d-------- C:\Program Files\Common Files\My Help
2008-02-28 18:41 . 2008-01-22 15:21 358,780 --a------ C:\WINNT\system32\launchmyhelp.exe
2008-02-26 17:06 . 2008-02-26 17:07 <DIR> d-------- C:\Java15_sun
2008-02-26 14:29 . 2008-02-26 14:29 <DIR> d-------- C:\Java16_Sun
2008-02-22 19:48 . 2008-02-22 20:15 <DIR> d-------- C:\Java16
2008-02-20 23:57 . 2008-02-21 00:10 <DIR> d-------- C:\BMS_12_Dev
2008-02-20 13:16 . 2008-02-20 13:16 64,730 --a------ C:\feptest.zip
2008-02-19 09:40 . 2008-02-19 09:40 184,710 --a------ C:\ADM_Tech_Preview.zip
2008-02-18 22:06 . 2008-02-20 13:27 <DIR> d-------- C:\version_rdz75_workspaces
2008-02-18 09:11 . 2008-02-18 09:55 <DIR> d-------- C:\wid61_workspaces
2008-02-16 00:52 . 2008-02-16 01:03 <DIR> d-------- C:\Documents and Settings\Administrator\waslogs
2008-02-15 23:44 . 2008-02-15 23:44 <DIR> d-------- C:\Documents and Settings\Administrator\Libraries
2008-02-15 09:36 . 2008-02-15 11:13 <DIR> d-------- C:\Component Arch
2008-02-13 15:05 . 2008-02-13 15:06 <DIR> d-------- C:\version_750_workspaces
2008-02-13 08:12 . 2007-12-18 04:51 179,584 -----c--- C:\WINNT\system32\dllcache\mrxdav.sys
2008-02-10 15:25 . 2008-02-14 15:13 <DIR> d-------- C:\BMSParser
2008-02-10 15:24 . 2008-02-10 15:48 <DIR> d-------- C:\BMS build test
2008-02-10 10:31 . 2008-02-10 14:47 <DIR> d-------- C:\Eclipse_3.4_M5-workspace
2008-02-10 10:20 . 2008-02-10 10:20 <DIR> d-------- C:\Eclipse_3.4_M5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 17:03 28,672 ----a-w C:\WINNT\system32\vxddsk.exe
2008-03-02 17:03 21,760 ----a-w C:\WINNT\764.exe
2008-03-02 17:03 21,504 ----a-w C:\WINNT\pbar.dll
2008-03-02 17:03 16,640 ----a-w C:\WINNT\system32\wml.exe
2008-03-02 17:03 14,848 ----a-w C:\WINNT\flt.dll
2008-03-02 17:03 14,592 ----a-w C:\WINNT\wml.exe
2008-03-02 17:03 10,752 ----a-w C:\WINNT\7search.dll
2008-03-02 15:46 --------- d-----w C:\Program Files\C4ebreg
2008-03-02 15:46 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-03-02 15:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-03-02 05:28 --------- d-----w C:\Program Files\Viewpoint
2008-03-02 05:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-02 05:28 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Viewpoint
2008-03-02 04:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-29 18:44 --------- d-----w C:\Program Files\WST
2008-02-29 13:13 --------- d-----w C:\Program Files\AT&T Network Client
2008-02-28 23:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 15:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\webex
2008-02-26 02:43 --------- d-----w C:\Program Files\IBM
2008-02-19 22:31 2,336,424 ----a-w C:\WINNT\system32\AS_Storage.dll
2008-02-15 20:12 202,827 ----a-w C:\WINNT\system32\atasnt40.dll
2008-02-11 21:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VMware
2008-02-11 18:32 --------- d-----w C:\Program Files\VMware
2008-02-10 12:23 --------- d-----w C:\Program Files\DAP
2008-02-06 15:59 57,344 ----a-w C:\WINNT\isamunin.exe
2008-02-06 15:55 7,012 ------w C:\WINNT\system32\drivers\PMEMNT.SYS
2008-01-11 15:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Juniper Networks
2008-01-04 19:19 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-14 16:32 12,632 ----a-w C:\WINNT\system32\lsdelete.exe
2007-12-07 01:07 659,456 ----a-w C:\WINNT\system32\wininet.dll
2007-12-04 18:38 550,912 ------w C:\WINNT\system32\oleaut32.dll
2007-11-26 14:20 54,056 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2006-09-25 18:19 389,120 ----a-w C:\Documents and Settings\Administrator\stas75_20060810.0001.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 3,350 2008-02-21 20:28:55 C:\Program Files\IBM\tivoli\dcd\client\ISSI\bak\cds\ISXuninst1.bat.bak

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Sametime Connect 7.5"="C:\Program Files\IBM\Sametime Connect\sametime.exe" [2007-04-16 15:59 565248]
"NetSP - restore settings on power failure"="C:\Program Files\AT&T Network Client\NetSP.exe" [2007-01-13 08:00 24576]
"SODCPreLoad"="C:\lotus\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\preload.exe" [2007-11-21 16:12 40960]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKBDLED"="C:\WINNT\System32\TpScrLk.exe" [2002-10-08 21:28 40960]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-05-10 15:03 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 00:11 65536 C:\WINNT\system32\TP4EX.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 13:17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 13:16 512000]
"AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [2005-11-14 14:23 487424]
"TpShocks"="TpShocks.exe" [2005-11-07 10:14 106496 C:\WINNT\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 01:22 237568]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-07 00:12 151552]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-12-07 00:12 208896]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-01-25 00:03 106496]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 18:04 864256]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-12-15 13:19 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 13:06 716800]
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [2008-02-25 05:54 211456]
"C4EBReg"="C:\Program Files\C4ebreg\c4ebreg.exe" [2008-02-06 10:58 372736]
"ISAMTray"="C:\Program Files\C4ebreg\isamtray.exe" [2008-02-06 10:58 249856]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 13:09 409600]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 12:59 98304]
"dla"="C:\WINNT\system32\dla\tfswctrl.exe" [2003-10-22 00:04 114741]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 10:58 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-03 14:04 155648]
"HostManager"="C:\Program Files\Common Files\AOL\1155175130\ee\AOLSoftware.exe" [2006-05-09 19:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 11:59 124520]
"NuTCSetupEnviron"="C:\PROGRA~1\RATIONAL\RATION~1\NUTCROOT\bin\ncoeenv.exe" [2001-01-02 16:25 16384]
"IMJPMIG8.1"="C:\WINNT\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32 208952]
"MSPY2002"="C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 21:31 59392]
"PHIME2002ASync"="C:\WINNT\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
"PHIME2002A"="C:\WINNT\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
"stgclean"="c:\sdwork\w32main2.exe" [2008-02-25 05:51 271360]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 20:33 125168]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"defergui"="c:/sdwork/defergui.exe" [2008-02-25 05:53 138752 c:\sdwork\defergui.exe]
"MyHelpService"="C:\Program Files\IBM\My Help\workspace\service\delayStart.exe" [2008-02-19 17:31 94208]
"pmonmh"="C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe" [2008-02-19 17:31 184371]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2006-04-24 22:02:56 622653]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-05 08:50:42 24576]
Lotus Quickr Monitor.lnk - C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe [2007-10-18 20:01:56 379016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"PSA5h7qnli"= C:\WINNT\wjexytut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok]
atmgrtok.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
pcsinst.dll 2003-08-11 02:04 49152 C:\WINNT\system32\pcsinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINNT\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 19:16 24576 C:\WINNT\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\1155175130\\ee\\aim6.exe"=
"C:\\Program Files\\IBM\\My Help\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\AT&T Network Client\\NetClient.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1155175130\\ee\\aolsoftware.exe"=

R0 Shockprf;Shockprf;C:\WINNT\system32\drivers\Shockprf.sys [2005-11-30 14:58]
R1 ANC;ANC;C:\WINNT\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINNT\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33]
R1 ShockMgr;ShockMgr;C:\WINNT\system32\drivers\ShockMgr.sys [2005-06-20 11:18]
R1 TPPWRIF;TPPWRIF;C:\WINNT\system32\drivers\Tppwrif.sys [2005-12-07 00:12]
R2 AppnApi;AppnApi;C:\WINNT\system32\drivers\appnapi.sys [2003-08-11 04:07]
R2 DCDClient-ISSI;IBM DCD Standard Client (DCDClient-ISSI);C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe [2007-07-06 15:34]
R2 IBM Rational Agent Controller;IBM Rational Agent Controller;C:\Program Files\IBM\AgentController\bin\RAService.exe [2005-06-23 21:18]
R2 ISAMSvc;IBM Standard Asset Manager Service;"C:\Program Files\C4ebreg\c4ebreg.exe" [2008-02-06 10:58]
R2 jacservice;SCM Client;C:\Program Files\IBM\SCM\client\jacservice.exe [2004-05-18 14:51]
R2 NsTrcNT;NsTrcNT;C:\WINNT\system32\drivers\nstrcnt.sys [2003-08-11 04:07]
R2 NuTCRACKERService;NuTCRACKER Service;C:\WINNT\system32\nutsrv4.exe [2001-01-02 13:55]
R2 pdlnctdl;Twinax CUT Adapter;C:\WINNT\system32\drivers\pdlnctdl.sys [2003-08-11 04:07]
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);C:\WINNT\system32\drivers\pdlndldl.sys [2003-08-11 04:07]
R3 agnfilt;AGN Filter Interface;C:\WINNT\system32\DRIVERS\agnfilt.sys [2006-05-19 09:46]
R3 Anydlc;Anydlc;C:\WINNT\system32\drivers\anydlc.sys [2003-08-11 04:07]
R3 Appn;Appn;C:\WINNT\system32\drivers\appn.sys [2003-08-11 04:07]
R3 AppnBase;AppnBase;C:\WINNT\system32\drivers\AppnBase.sys [2003-08-11 04:07]
R3 KLOGNT;KLOGNT;C:\WINNT\system32\drivers\klognt.sys [2003-08-11 04:07]
R3 pdlnacom;PDLC Adapter -- COM;C:\WINNT\system32\drivers\pdlnacom.sys [2003-08-11 04:07]
R3 pdlnafac;PDLC Adapter Factory;C:\WINNT\system32\drivers\pdlnafac.sys [2003-08-11 04:07]
R3 pdlnatcm;Twinax Adapter Common;C:\WINNT\system32\drivers\pdlnatcm.sys [2003-08-11 04:07]
R3 pdlnatdl;Twinax Adapter;C:\WINNT\system32\drivers\pdlnatdl.sys [2003-08-11 04:07]
R3 pdlncbas;PDLC CxM Classes;C:\WINNT\system32\drivers\pdlncbas.sys [2003-08-11 04:07]
R3 pdlncfwk;PDLC Connection Manager;C:\WINNT\system32\drivers\pdlncfwk.sys [2003-08-11 04:07]
R3 pdlndint;PDLC DLC Classes;C:\WINNT\system32\drivers\pdlndint.sys [2003-08-11 04:07]
R3 pdlndlpb;PDLC LAPB;C:\WINNT\system32\drivers\pdlndlpb.sys [2003-08-11 04:07]
R3 pdlndoem;PDLC OEM Interface;C:\WINNT\system32\drivers\pdlndoem.sys [2003-08-11 04:07]
R3 pdlndqll;PDLC QLLC;C:\WINNT\system32\drivers\pdlndqll.sys [2003-08-11 04:07]
R3 pdlndsdl;PDLC SDLC;C:\WINNT\system32\drivers\pdlndsdl.sys [2003-08-11 04:07]
R3 pdlndtdl;Twinax DLC;C:\WINNT\system32\drivers\pdlndtdl.sys [2003-08-11 04:07]
R3 pdlnebas;PDLC Environment;C:\WINNT\system32\drivers\pdlnebas.sys [2003-08-11 04:07]
R3 pdlnecfg;PDLC Configuration;C:\WINNT\system32\drivers\pdlnecfg.sys [2003-08-11 04:07]
R3 pdlnemap;PDLC Mapper;C:\WINNT\system32\drivers\pdlnemap.sys [2003-08-11 04:07]
R3 pdlnemsg;PDLC Message Driver;C:\WINNT\system32\drivers\pdlnemsg.sys [2003-08-11 04:07]
R3 pdlnepkt;PDLC Buffer Manager;C:\WINNT\system32\drivers\pdlnepkt.sys [2003-08-11 04:07]
R3 pdlnshay;PDLC Hayes At signalling;C:\WINNT\system32\drivers\pdlnshay.sys [2003-08-11 04:07]
R3 pdlnslea;PDLC SDLC Leased;C:\WINNT\system32\drivers\pdlnslea.sys [2003-08-11 04:07]
R3 pdlnsv25;PDLC V25bis signalling;C:\WINNT\system32\drivers\pdlnsv25.sys [2003-08-11 04:07]
R3 pdlnsx25;PDLC X.25;C:\WINNT\system32\drivers\pdlnsx25.sys [2003-08-11 04:07]
S2 MyHelp;My Help;C:\Program Files\IBM\My Help\ workspace\service\MyHelpService.exe []
S2 smihlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys []
S3 ABVPN2K;Net Firewall Miniport Interface;C:\WINNT\system32\DRIVERS\abvpn2k.sys [2004-06-03 16:47]
S3 avpnnic;AGN Virtual Network Adapter;C:\WINNT\system32\DRIVERS\avpnnic.sys [2003-04-04 12:48]
S3 gwiopm;gwiopm;C:\Program Files\wst\gwiopm.sys []
S3 swmx01;Sierra Wireless USB MUX Driver (#01);C:\WINNT\system32\DRIVERS\swmx01.sys [2005-08-05 13:31]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);C:\WINNT\system32\DRIVERS\SWNC5E01.sys [2005-08-05 13:42]
S3 TcUsb;TC USB Kernel Driver;C:\WINNT\system32\Drivers\tcusb.sys [2006-02-14 11:12]
S4 agnwifi;AT&T Wi-Fi Support Driver;C:\WINNT\system32\DRIVERS\agnwifi.sys [2004-04-29 17:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-02 15:46:54 C:\WINNT\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2008-03-02 15:46:35 C:\WINNT\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-03-02 03:34:46 C:\WINNT\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 12:03:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINNT\xadbrk.dll 19968 bytes
C:\WINNT\xadbrk.exe 17664 bytes
C:\WINNT\xadbrk_.exe 13312 bytes
C:\WINNT\pbsysie.dll 8960 bytes
C:\WINNT\kkcomp$.exe 23040 bytes
C:\WINNT\kkcomp.dll 13312 bytes
C:\WINNT\kkcomp.exe 29184 bytes
C:\WINNT\kvnab$.exe 29952 bytes
C:\WINNT\kvnab.dll 19200 bytes
C:\WINNT\kvnab.exe 14592 bytes
C:\WINNT\liqad$.exe 16128 bytes
C:\WINNT\liqad.dll 24832 bytes
C:\WINNT\liqad.exe 15360 bytes
C:\WINNT\liqui-Uninstaller.exe
C:\WINNT\liqui.dll
C:\WINNT\liqui.exe 29184 bytes
C:\WINNT\iexplorr23.dll 27648 bytes

scan completed successfully
hidden files: 17

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\system32\winlogon.exe
-> C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
-> C:\WINNT\system32\tphklock.dll
-> C:\WINNT\system32\notifyf2.dll
.
Completion time: 2008-03-02 12:44:35
ComboFix-quarantined-files.txt 2008-03-02 17:44:30
.
2008-02-13 13:14:05 --- E O F ---
  • 0

#5
urifan

urifan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
sorry almost forgot the Hijackthis log to go with the ComboFix log above...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:33 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Drivers\trcboot.exe
C:\WINNT\System32\IPSSVC.EXE
C:\Program Files\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\AgentController\bin\RAService.exe
C:\Program Files\C4ebreg\c4ebreg.exe
C:\WINNT\system32\cmd.exe
c:\sdwork\issimsvc.exe
C:\Program Files\IBM\SCM\client\jacservice.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
C:\PROGRA~1\IBM\SCM\_jvm\bin\java.exe
C:\WINNT\system32\nutsrv4.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\System32\TPHDEXLG.EXE
C:\WINNT\system32\TpKmpSVC.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\WINNT\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\WINNT\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\mgmrwmrv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\TpScrLk.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\WINNT\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1155175130\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.3.14\pmonmh.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\lotus\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\soffice.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\IAMSTATS.EXE
C:\WINNT\system32\cmd.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/jc...pt/wps/myportal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/jc...pt/wps/myportal
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TPKBDLED] C:\WINNT\System32\TpScrLk.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155175130\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\RATIONAL\RATION~1\NUTCROOT\bin\ncoeenv.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [defergui] c:/sdwork/defergui.exe
O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\workspace\service\delayStart.exe"
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Sametime Connect 7.5] "C:\Program Files\IBM\Sametime Connect\sametime.exe" -noSplash
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [SODCPreLoad] C:\lotus\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\preload.exe C:\lotus\notes\data\workspace\.sodc\
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [PSA5h7qnli] C:\WINNT\wjexytut.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lotus Quickr Monitor.lnk = C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://sdslab.raleigh.ibm.com
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://quickr04.edc.ibm.com/qp2.cab
O16 - DPF: {8BF7B588-F4AC-4A6E-AF63-F664449EED2E} (IBM Browser plug-in for documents) - https://quickr.tap.i...in/DMPlugin.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bl...lnwebassist.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://amex50.webex...bex/ieatgpc.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rtp.raleigh.ibm.com,raleigh.ibm.com,ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rtp.raleigh.ibm.com,raleigh.ibm.com,ibm.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINNT\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINNT\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rational Agent Controller - Eclipse.org - C:\Program Files\IBM\AgentController\bin\RAService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINNT\System32\IPSSVC.EXE
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: SCM Client (jacservice) - Unknown owner - C:\Program Files\IBM\SCM\client\jacservice.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\ workspace\service\MyHelpService.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINNT\system32\nutsrv4.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINNT\system32\Drivers\trcboot.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe

--
End of file - 19468 bytes
  • 0

#6
urifan

urifan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
kahdah,
do you think we have a chance at fixing this today? :pleasesayyes: I really cannot connect this thing to my work network tomorrow in the state it is in now.
  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Sorry had some company over.

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINNT\spredirect.dll
C:\WINNT\iexplorr23.dll
C:\WINNT\system32\ESHOPEE.exe
C:\WINNT\adbar.dll
C:\WINNT\wbeInst$.exe
C:\WINNT\pbsysie.dll
C:\WINNT\wbeCheck.exe
C:\WINNT\system32\mgmrwmrv.exe
C:\WINNT\system32\vxddsk.exe
C:\WINNT\764.exe
C:\WINNT\pbar.dll
C:\WINNT\system32\wml.exe
C:\WINNT\flt.dll
C:\WINNT\wml.exe
C:\WINNT\7search.dll
C:\WINNT\wjexytut.exe
C:\WINNT\xadbrk.dll 
C:\WINNT\xadbrk.exe 
C:\WINNT\xadbrk_.exe 
C:\WINNT\pbsysie.dll 
C:\WINNT\kkcomp$.exe 
C:\WINNT\kkcomp.dll 
C:\WINNT\kkcomp.exe 
C:\WINNT\kvnab$.exe 
C:\WINNT\kvnab.dll 
C:\WINNT\kvnab.exe 
C:\WINNT\liqad$.exe
C:\WINNT\liqad.dll 
C:\WINNT\liqad.exe
C:\WINNT\liqui-Uninstaller.exe
C:\WINNT\liqui.dll
C:\WINNT\liqui.exe
C:\WINNT\iexplorr23.dll 
Folder::
C:\WINNT\system32\acespy
C:\Program Files\p2pnetworks
C:\Program Files\e-zshopper
C:\Program Files\amsys
C:\Program Files\akl
C:\Program Files\Accoona
C:\Program Files\3721
C:\Documents and Settings\Administrator\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\WINNT\isamunin.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"PSA5h7qnli"=- 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#8
urifan

urifan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
will do, asap. Your help is soooooo greatly appreciated!
  • 0

#9
urifan

urifan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Things are looking better, I have my task manager back and so far no popups and my desktop background is normal.

Here i the ComboFix.txt...
ComboFix 08-03-01.3 - Administrator 2008-03-02 16:31:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1313 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINNT\764.exe
C:\WINNT\7search.dll
C:\WINNT\adbar.dll
C:\WINNT\flt.dll
C:\WINNT\iexplorr23.dll
C:\WINNT\kkcomp$.exe
C:\WINNT\kkcomp.dll
C:\WINNT\kkcomp.exe
C:\WINNT\kvnab$.exe
C:\WINNT\kvnab.dll
C:\WINNT\kvnab.exe
C:\WINNT\liqad$.exe
C:\WINNT\liqad.dll
C:\WINNT\liqad.exe
C:\WINNT\liqui-Uninstaller.exe
C:\WINNT\liqui.dll
C:\WINNT\liqui.exe
C:\WINNT\pbar.dll
C:\WINNT\pbsysie.dll
C:\WINNT\spredirect.dll
C:\WINNT\system32\ESHOPEE.exe
C:\WINNT\system32\mgmrwmrv.exe
C:\WINNT\system32\vxddsk.exe
C:\WINNT\system32\wml.exe
C:\WINNT\wbeCheck.exe
C:\WINNT\wbeInst$.exe
C:\WINNT\wjexytut.exe
C:\WINNT\wml.exe
C:\WINNT\xadbrk.dll
C:\WINNT\xadbrk.exe
C:\WINNT\xadbrk_.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\Viewpoint
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1241215004.mtx
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1642695750.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1706016551.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1749842783.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\459933187.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1199500114.swf
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1233786184.mtx
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1355542221.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-249359102.mtj&p2=1&p3=14635357186875911248091801592553&p4=50335505
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1796757414.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1976788532.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\2129817688.mzv
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\595938558.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\744233815.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1227099268.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1828491391.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-201530012.swf
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-2084221798.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1004529744.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1128609519.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\407034558.ini
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\827019022.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1980707745.mtz
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-307950113.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-36974754.swf
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-996711419.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1563015497.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\273152825.mtz
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\810865438.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\858880999.mts
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
C:\Documents and Settings\Administrator\Application Data\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\HostRegistry.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1216280834.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-2001348034.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1505443532.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1518231624.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1539226850.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1970346925.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\253621806.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\627924407.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1675640269.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-2015049029.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-871890285.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\2068614991.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\625127249.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\706973891.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\759269103.mts
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1196043862.mtz
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-656855281.mtz
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1723699495.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1938724535.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\407034558.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\53704245.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1993255091.swf
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\337756466.mtj&p2=0&p3=15528724385714176073564220779069&p4=0
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\457316155.mtj&p2=0&p3=15528724385714176073564220779069&p4=0
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\777095010.mtx
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINNT\764.exe
C:\WINNT\7search.dll
C:\WINNT\absolute key logger.lnk
C:\WINNT\aconti.exe
C:\WINNT\aconti.ini
C:\WINNT\aconti.log
C:\WINNT\aconti.sdb
C:\WINNT\acontidialer.txt
C:\WINNT\adbar.dll
C:\WINNT\cbinst$.exe
C:\WINNT\daxtime.dll
C:\WINNT\default.htm
C:\WINNT\dp0.dll
C:\WINNT\eventlowg.dll
C:\WINNT\fhfmm-Uninstaller.exe
C:\WINNT\fhfmm.exe
C:\WINNT\flt.dll
C:\WINNT\hcwprn.exe
C:\WINNT\hotporn.exe
C:\WINNT\ie_32.exe
C:\WINNT\iexplorr23.dll
C:\WINNT\isamunin.exe\
C:\WINNT\jd2002.dll
C:\WINNT\kkcomp$.exe
C:\WINNT\kkcomp.dll
C:\WINNT\kkcomp.exe
C:\WINNT\kvnab$.exe
C:\WINNT\kvnab.dll
C:\WINNT\kvnab.exe
C:\WINNT\liqad$.exe
C:\WINNT\liqad.dll
C:\WINNT\liqad.exe
C:\WINNT\liqui-Uninstaller.exe
C:\WINNT\liqui.dll
C:\WINNT\liqui.exe
C:\WINNT\ngd.dll
C:\WINNT\pbar.dll
C:\WINNT\pbsysie.dll
C:\WINNT\settn.dll
C:\WINNT\spredirect.dll
C:\WINNT\system32\ace16win.dll
C:\WINNT\system32\acespy
C:\WINNT\system32\acespy\__acelog.ndx
C:\WINNT\system32\acespy\systune.exe
C:\WINNT\system32\ESHOPEE.exe
C:\WINNT\system32\mgmrwmrv.exe
C:\WINNT\system32\msole32.exe
C:\WINNT\system32\vxddsk.exe
C:\WINNT\system32\wml.exe
C:\WINNT\vxddsk.exe
C:\WINNT\wbeCheck.exe
C:\WINNT\wbeInst$.exe
C:\WINNT\wml.exe
C:\WINNT\xadbrk.dll
C:\WINNT\xadbrk.exe
C:\WINNT\xadbrk_.exe
C:\WINNT\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.

2008-03-02 10:50 . 2008-03-02 10:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-02 09:27 . 2008-03-02 09:27 <DIR> d--h----- C:\WINNT\system32\GroupPolicy
2008-03-02 09:13 . 2008-03-02 09:14 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-02 09:13 . 2008-03-02 10:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-02 00:56 . 2008-03-02 00:56 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-02 00:56 . 2008-03-02 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-01 23:43 . 2008-03-01 23:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-01 23:43 . 2008-03-01 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-01 23:43 . 2008-03-01 23:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-03-01 22:31 . 2008-03-01 22:31 <DIR> d-------- C:\Program Files\XoftSpySE
2008-03-01 22:30 . 2008-03-02 13:47 <DIR> d-------- C:\Anti Spyware
2008-03-01 21:39 . 2008-03-01 21:39 <DIR> d--h----- C:\WINNT\PIF
2008-02-29 22:30 . 2008-02-29 22:30 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-02-29 22:30 . 2008-02-29 22:30 1,409 --a------ C:\WINNT\QTFont.for
2008-02-28 18:42 . 2008-02-19 17:31 3,430,896 --a------ C:\WINNT\system32\AS_Storage_w32.dll
2008-02-28 18:41 . 2008-02-28 18:41 <DIR> d-------- C:\Program Files\Common Files\My Help
2008-02-28 18:41 . 2008-01-22 15:21 358,780 --a------ C:\WINNT\system32\launchmyhelp.exe
2008-02-26 17:06 . 2008-02-26 17:07 <DIR> d-------- C:\Java15_sun
2008-02-26 14:29 . 2008-02-26 14:29 <DIR> d-------- C:\Java16_Sun
2008-02-22 19:48 . 2008-02-22 20:15 <DIR> d-------- C:\Java16
2008-02-20 23:57 . 2008-02-21 00:10 <DIR> d-------- C:\BMS_12_Dev
2008-02-20 13:16 . 2008-02-20 13:16 64,730 --a------ C:\feptest.zip
2008-02-19 09:40 . 2008-02-19 09:40 184,710 --a------ C:\ADM_Tech_Preview.zip
2008-02-18 22:06 . 2008-02-20 13:27 <DIR> d-------- C:\version_rdz75_workspaces
2008-02-18 09:11 . 2008-02-18 09:55 <DIR> d-------- C:\wid61_workspaces
2008-02-16 00:52 . 2008-02-16 01:03 <DIR> d-------- C:\Documents and Settings\Administrator\waslogs
2008-02-15 23:44 . 2008-02-15 23:44 <DIR> d-------- C:\Documents and Settings\Administrator\Libraries
2008-02-15 09:36 . 2008-02-15 11:13 <DIR> d-------- C:\Component Arch
2008-02-13 15:05 . 2008-02-13 15:06 <DIR> d-------- C:\version_750_workspaces
2008-02-13 08:12 . 2007-12-18 04:51 179,584 -----c--- C:\WINNT\system32\dllcache\mrxdav.sys
2008-02-10 15:25 . 2008-02-14 15:13 <DIR> d-------- C:\BMSParser
2008-02-10 15:24 . 2008-02-10 15:48 <DIR> d-------- C:\BMS build test
2008-02-10 10:31 . 2008-02-10 14:47 <DIR> d-------- C:\Eclipse_3.4_M5-workspace
2008-02-10 10:20 . 2008-02-10 10:20 <DIR> d-------- C:\Eclipse_3.4_M5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 18:01 --------- d-----w C:\Program Files\C4ebreg
2008-03-02 18:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-03-02 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-03-02 05:28 --------- d-----w C:\Program Files\Viewpoint
2008-03-02 04:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-29 18:44 --------- d-----w C:\Program Files\WST
2008-02-29 13:13 --------- d-----w C:\Program Files\AT&T Network Client
2008-02-28 23:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 15:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\webex
2008-02-26 02:43 --------- d-----w C:\Program Files\IBM
2008-02-19 22:31 2,336,424 ----a-w C:\WINNT\system32\AS_Storage.dll
2008-02-15 20:12 202,827 ----a-w C:\WINNT\system32\atasnt40.dll
2008-02-11 21:26 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VMware
2008-02-11 18:32 --------- d-----w C:\Program Files\VMware
2008-02-10 12:23 --------- d-----w C:\Program Files\DAP
2008-02-06 15:59 57,344 ----a-w C:\WINNT\isamunin.exe
2008-02-06 15:55 7,012 ------w C:\WINNT\system32\drivers\PMEMNT.SYS
2008-01-11 15:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Juniper Networks
2008-01-04 19:19 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-14 16:32 12,632 ----a-w C:\WINNT\system32\lsdelete.exe
2007-12-07 01:07 659,456 ----a-w C:\WINNT\system32\wininet.dll
2007-12-04 18:38 550,912 ------w C:\WINNT\system32\oleaut32.dll
2007-11-26 14:20 54,056 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2006-09-25 18:19 389,120 ----a-w C:\Documents and Settings\Administrator\stas75_20060810.0001.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 3,350 2008-02-21 20:28:55 C:\Program Files\IBM\tivoli\dcd\client\ISSI\bak\cds\ISXuninst1.bat.bak

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Sametime Connect 7.5"="C:\Program Files\IBM\Sametime Connect\sametime.exe" [2007-04-16 15:59 565248]
"NetSP - restore settings on power failure"="C:\Program Files\AT&T Network Client\NetSP.exe" [2007-01-13 08:00 24576]
"SODCPreLoad"="C:\lotus\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\preload.exe" [2007-11-21 16:12 40960]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKBDLED"="C:\WINNT\System32\TpScrLk.exe" [2002-10-08 21:28 40960]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-05-10 15:03 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 00:11 65536 C:\WINNT\system32\TP4EX.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 13:17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 13:16 512000]
"AMSG"="C:\PROGRA~1\THINKV~1\AMSG\amsg.exe" [2005-11-14 14:23 487424]
"TpShocks"="TpShocks.exe" [2005-11-07 10:14 106496 C:\WINNT\system32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 01:22 237568]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-07 00:12 151552]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-12-07 00:12 208896]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-01-25 00:03 106496]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 18:04 864256]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-12-15 13:19 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 13:06 716800]
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [2008-02-25 05:54 211456]
"C4EBReg"="C:\Program Files\C4ebreg\c4ebreg.exe" [2008-02-06 10:58 372736]
"ISAMTray"="C:\Program Files\C4ebreg\isamtray.exe" [2008-02-06 10:58 249856]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 13:09 409600]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 12:59 98304]
"dla"="C:\WINNT\system32\dla\tfswctrl.exe" [2003-10-22 00:04 114741]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 10:58 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-03 14:04 155648]
"HostManager"="C:\Program Files\Common Files\AOL\1155175130\ee\AOLSoftware.exe" [2006-05-09 19:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 11:59 124520]
"NuTCSetupEnviron"="C:\PROGRA~1\RATIONAL\RATION~1\NUTCROOT\bin\ncoeenv.exe" [2001-01-02 16:25 16384]
"IMJPMIG8.1"="C:\WINNT\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32 208952]
"MSPY2002"="C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 21:31 59392]
"PHIME2002ASync"="C:\WINNT\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
"PHIME2002A"="C:\WINNT\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 21:32 455168]
"stgclean"="c:\sdwork\w32main2.exe" [2008-02-25 05:51 271360]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 20:33 125168]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"defergui"="c:/sdwork/defergui.exe" [2008-02-25 05:53 138752 c:\sdwork\defergui.exe]
"MyHelpService"="C:\Program Files\IBM\My Help\workspace\service\delayStart.exe" [2008-02-19 17:31 94208]
"pmonmh"="C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe" [2008-02-19 17:31 184371]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2006-04-24 22:02:56 622653]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-05 08:50:42 24576]
Lotus Quickr Monitor.lnk - C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe [2007-10-18 20:01:56 379016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok]
atmgrtok.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
pcsinst.dll 2003-08-11 02:04 49152 C:\WINNT\system32\pcsinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 C:\WINNT\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 19:16 24576 C:\WINNT\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\1155175130\\ee\\aim6.exe"=
"C:\\Program Files\\IBM\\My Help\\jre\\bin\\javaw.exe"=
"C:\\Program Files\\AT&T Network Client\\NetClient.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1155175130\\ee\\aolsoftware.exe"=

R0 Shockprf;Shockprf;C:\WINNT\system32\drivers\Shockprf.sys [2005-11-30 14:58]
R1 ANC;ANC;C:\WINNT\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINNT\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33]
R1 ShockMgr;ShockMgr;C:\WINNT\system32\drivers\ShockMgr.sys [2005-06-20 11:18]
R1 TPPWRIF;TPPWRIF;C:\WINNT\system32\drivers\Tppwrif.sys [2005-12-07 00:12]
R2 AppnApi;AppnApi;C:\WINNT\system32\drivers\appnapi.sys [2003-08-11 04:07]
R2 IBM Rational Agent Controller;IBM Rational Agent Controller;C:\Program Files\IBM\AgentController\bin\RAService.exe [2005-06-23 21:18]
R2 ISAMSvc;IBM Standard Asset Manager Service;"C:\Program Files\C4ebreg\c4ebreg.exe" [2008-02-06 10:58]
R2 jacservice;SCM Client;C:\Program Files\IBM\SCM\client\jacservice.exe [2004-05-18 14:51]
R2 NsTrcNT;NsTrcNT;C:\WINNT\system32\drivers\nstrcnt.sys [2003-08-11 04:07]
R2 NuTCRACKERService;NuTCRACKER Service;C:\WINNT\system32\nutsrv4.exe [2001-01-02 13:55]
R2 pdlnctdl;Twinax CUT Adapter;C:\WINNT\system32\drivers\pdlnctdl.sys [2003-08-11 04:07]
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);C:\WINNT\system32\drivers\pdlndldl.sys [2003-08-11 04:07]
R3 agnfilt;AGN Filter Interface;C:\WINNT\system32\DRIVERS\agnfilt.sys [2006-05-19 09:46]
R3 Anydlc;Anydlc;C:\WINNT\system32\drivers\anydlc.sys [2003-08-11 04:07]
R3 Appn;Appn;C:\WINNT\system32\drivers\appn.sys [2003-08-11 04:07]
R3 AppnBase;AppnBase;C:\WINNT\system32\drivers\AppnBase.sys [2003-08-11 04:07]
R3 KLOGNT;KLOGNT;C:\WINNT\system32\drivers\klognt.sys [2003-08-11 04:07]
R3 pdlnacom;PDLC Adapter -- COM;C:\WINNT\system32\drivers\pdlnacom.sys [2003-08-11 04:07]
R3 pdlnafac;PDLC Adapter Factory;C:\WINNT\system32\drivers\pdlnafac.sys [2003-08-11 04:07]
R3 pdlnatcm;Twinax Adapter Common;C:\WINNT\system32\drivers\pdlnatcm.sys [2003-08-11 04:07]
R3 pdlnatdl;Twinax Adapter;C:\WINNT\system32\drivers\pdlnatdl.sys [2003-08-11 04:07]
R3 pdlncbas;PDLC CxM Classes;C:\WINNT\system32\drivers\pdlncbas.sys [2003-08-11 04:07]
R3 pdlncfwk;PDLC Connection Manager;C:\WINNT\system32\drivers\pdlncfwk.sys [2003-08-11 04:07]
R3 pdlndint;PDLC DLC Classes;C:\WINNT\system32\drivers\pdlndint.sys [2003-08-11 04:07]
R3 pdlndlpb;PDLC LAPB;C:\WINNT\system32\drivers\pdlndlpb.sys [2003-08-11 04:07]
R3 pdlndoem;PDLC OEM Interface;C:\WINNT\system32\drivers\pdlndoem.sys [2003-08-11 04:07]
R3 pdlndqll;PDLC QLLC;C:\WINNT\system32\drivers\pdlndqll.sys [2003-08-11 04:07]
R3 pdlndsdl;PDLC SDLC;C:\WINNT\system32\drivers\pdlndsdl.sys [2003-08-11 04:07]
R3 pdlndtdl;Twinax DLC;C:\WINNT\system32\drivers\pdlndtdl.sys [2003-08-11 04:07]
R3 pdlnebas;PDLC Environment;C:\WINNT\system32\drivers\pdlnebas.sys [2003-08-11 04:07]
R3 pdlnecfg;PDLC Configuration;C:\WINNT\system32\drivers\pdlnecfg.sys [2003-08-11 04:07]
R3 pdlnemap;PDLC Mapper;C:\WINNT\system32\drivers\pdlnemap.sys [2003-08-11 04:07]
R3 pdlnemsg;PDLC Message Driver;C:\WINNT\system32\drivers\pdlnemsg.sys [2003-08-11 04:07]
R3 pdlnepkt;PDLC Buffer Manager;C:\WINNT\system32\drivers\pdlnepkt.sys [2003-08-11 04:07]
R3 pdlnshay;PDLC Hayes At signalling;C:\WINNT\system32\drivers\pdlnshay.sys [2003-08-11 04:07]
R3 pdlnslea;PDLC SDLC Leased;C:\WINNT\system32\drivers\pdlnslea.sys [2003-08-11 04:07]
R3 pdlnsv25;PDLC V25bis signalling;C:\WINNT\system32\drivers\pdlnsv25.sys [2003-08-11 04:07]
R3 pdlnsx25;PDLC X.25;C:\WINNT\system32\drivers\pdlnsx25.sys [2003-08-11 04:07]
S2 DCDClient-ISSI;IBM DCD Standard Client (DCDClient-ISSI);C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe [2007-07-06 15:34]
S2 MyHelp;My Help;C:\Program Files\IBM\My Help\ workspace\service\MyHelpService.exe []
S2 smihlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys []
S3 ABVPN2K;Net Firewall Miniport Interface;C:\WINNT\system32\DRIVERS\abvpn2k.sys [2004-06-03 16:47]
S3 avpnnic;AGN Virtual Network Adapter;C:\WINNT\system32\DRIVERS\avpnnic.sys [2003-04-04 12:48]
S3 gwiopm;gwiopm;C:\Program Files\wst\gwiopm.sys []
S3 swmx01;Sierra Wireless USB MUX Driver (#01);C:\WINNT\system32\DRIVERS\swmx01.sys [2005-08-05 13:31]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);C:\WINNT\system32\DRIVERS\SWNC5E01.sys [2005-08-05 13:42]
S3 TcUsb;TC USB Kernel Driver;C:\WINNT\system32\Drivers\tcusb.sys [2006-02-14 11:12]
S4 agnwifi;AT&T Wi-Fi Support Driver;C:\WINNT\system32\DRIVERS\agnwifi.sys [2004-04-29 17:19]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-02 20:48:33 C:\WINNT\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2008-03-02 22:00:00 C:\WINNT\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-03-02 03:34:46 C:\WINNT\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 16:36:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINNT\system32\winlogon.exe
-> C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
-> C:\WINNT\system32\tphklock.dll
.
Completion time: 2008-03-02 17:18:12
ComboFix-quarantined-files.txt 2008-03-02 22:18:08
ComboFix2.txt 2008-03-02 17:44:36
.
2008-02-13 13:14:05 --- E O F ---



And here is the HijackThis log.....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:25:21 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Drivers\trcboot.exe
C:\WINNT\System32\IPSSVC.EXE
C:\Program Files\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\AgentController\bin\RAService.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\IBM\SCM\client\jacservice.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
C:\PROGRA~1\IBM\SCM\_jvm\bin\java.exe
C:\WINNT\system32\nutsrv4.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\System32\TPHDEXLG.EXE
C:\WINNT\system32\TpKmpSVC.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINNT\system32\Drivers\ldlcserv.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\WINNT\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\TpScrLk.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\WINNT\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINNT\system32\rundll32.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1155175130\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\IBM\My Help\workspace\service\delayStart.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.3.14\pmonmh.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IBM\Sametime Connect\sametime.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\lotus\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\soffice.exe
C:\PROGRA~1\IBM\SAMETI~1\jre\bin\sametime75.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\control.exe
C:\WINNT\system32\control.exe
C:\WINNT\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/jc...pt/wps/myportal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/jc...pt/wps/myportal
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TPKBDLED] C:\WINNT\System32\TpScrLk.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155175130\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\RATIONAL\RATION~1\NUTCROOT\bin\ncoeenv.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [defergui] c:/sdwork/defergui.exe
O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\workspace\service\delayStart.exe"
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [Sametime Connect 7.5] "C:\Program Files\IBM\Sametime Connect\sametime.exe" -noSplash
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [SODCPreLoad] C:\lotus\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.0.0.20070725-1652\preload.exe C:\lotus\notes\data\workspace\.sodc\
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lotus Quickr Monitor.lnk = C:\Program Files\IBM\Lotus Quickr connectors\DIMon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://sdslab.raleigh.ibm.com
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://quickr04.edc.ibm.com/qp2.cab
O16 - DPF: {8BF7B588-F4AC-4A6E-AF63-F664449EED2E} (IBM Browser plug-in for documents) - https://quickr.tap.i...in/DMPlugin.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bl...lnwebassist.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://amex50.webex...bex/ieatgpc.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = rtp.raleigh.ibm.com,raleigh.ibm.com,ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = rtp.raleigh.ibm.com,raleigh.ibm.com,ibm.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINNT\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINNT\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rational Agent Controller - Eclipse.org - C:\Program Files\IBM\AgentController\bin\RAService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINNT\System32\IPSSVC.EXE
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: SCM Client (jacservice) - Unknown owner - C:\Program Files\IBM\SCM\client\jacservice.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\ workspace\service\MyHelpService.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINNT\system32\nutsrv4.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINNT\system32\Drivers\trcboot.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WI
  • 0

#10
urifan

urifan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
MBAM scan returned no infected files :)
  • 0

Advertisements


#11
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#12
urifan

urifan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I am not sure I will be able to provide this information. This machine has hundreds of thousands of files on it and after 1+ hour of running the scan is only 3% complete.
  • 0

#13
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I believe you to be clean.
I only like to run the online scan to see if anything is left over.

But again I think you are clean so don't worry about it.

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    [list]
  • Posted Image

The above procedure will delete and do the following:

  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:\Deckard folder, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete\uninstall anything that we used that is left over.
==============================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#14
urifan

urifan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
kahdah,
thank you so much for you promptness and your assistance.

Just curious is there any way to determine how I obtained this virus?
Also is there any way to determine if/what information from my machine may have been compromized/obtained?
  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

Also is there any way to determine if/what information from my machine may have been compromized/obtained?

It would probably be safe to say that nothing was comprimised.
But if you are unsure then from a different computer change all of your bank passwords and such that you would normally do online.

Looks like I overlooked something.

Download FindAWF.exe from here or here, and save it to your desktop.
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • You will be presented with a Menu.

    1. Press 1 then Enter to scan for bak folders
    2. Press 2 then Enter to restore files from bak folders
    3. Press 3 then Enter to remove bak folders
    4. Press 4 then Enter to reset domain zones
    5. Press E then Enter to EXIT

  • Press 1, then press Enter
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP