Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Downloaders [RESOLVED]

Started by poptail , Apr 05 2008 03:43 AM

  • This topic is locked This topic is locked

#1
poptail
Posted 05 April 2008 - 03:43 AM

poptail

    New Member

  • Member
  • Pip
  • 9 posts
Hi guys.

I must say that you do an amazing job here and i wondered if you could be so kind to check my log to see if i got rid of it all.
Did the step by step guide as described before entering a post and this is my HijackThis log and Panda activescan. I have used
Smitfraudfix and combofix half a year ago (i deleted the files after the panda scan), but the computer is still a bit slow at times.
Previous i had a load of popups, and the trojan horse Downloader.Zlob.PGV, VB.CEC.Zlob.PGV and trojan horse Downloader.Zlob.PLS.


Panda Activescan:
;*******************************************************************************
***
ANALYSIS: 2008-04-04 17:27:17
PROTECTIONS: 1
MALWARE: 5
SUSPECTS: 0
;*******************************************************************************
***
PROTECTIONS
Description Version Active Updated
;=================================================================
AVG 7.5.519 7.5.519 Yes Yes
;=================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;=================================================================
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\sbl2medic\My Documents\AntiVirus files\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\sbl2medic\Cookies\[email protected][1].txt
00517584 Application/SuperFast HackTools No 0 Yes No C:\Documents and Settings\sbl2medic\My Documents\AntiVirus files\SmitfraudFix\restart.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Documents and Settings\sbl2medic\My Documents\AntiVirus files\SmitfraudFix\Reboot.exe
;=================================================================
SUSPECTS
Sent Location
;=================================================================
VULNERABILITIES
Id Severity Description
;=================================================================



HiJack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:35:08, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\ZSSnp211.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\SBL2ME~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\SBL2ME~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Documents and Settings\sbl2medic\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.uk.my.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://telenor.no
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1147776716390
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sbl-02.mgc.no
O17 - HKLM\Software\..\Telephony: DomainName = sbl-02.mgc.no
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sbl-02.mgc.no
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

--
End of file - 11637 bytes


Thanks! That's all
  • 0

Advertisements

#2
Rorschach112
Posted 09 April 2008 - 08:34 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
poptail
Posted 10 April 2008 - 04:14 AM

poptail

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Sorry for the delay and thanks for the reply! The dss scan did not open any Extra.txt. But here are the other two logs.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, April 10, 2008 11:03:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/04/2008
Kaspersky Anti-Virus database records: 692913
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
F:\

Scan Statistics:
Total number of scanned objects: 66691
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:51:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\l_100034.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\sbl2medic\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-4-10-2008( 6-32-59 ).LOG Object is locked skipped
C:\Documents and Settings\sbl2medic\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\sbl2medic\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\sbl2medic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\sbl2medic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\sbl2medic\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sbl2medic\Local Settings\History\History.IE5\MSHist012008041020080411\index.dat Object is locked skipped
C:\Documents and Settings\sbl2medic\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\sbl2medic\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sbl2medic\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\sbl2medic\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP158\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


---------------------------------------------------------------------------------------------------------

main.txt:

Deckard's System Scanner v20071014.68
Run by sbl2medic on 2008-04-10 11:08:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as sbl2medic.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:47, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\ZSSnp211.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Domino.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\sbl2medic\Desktop\dss.exe
C:\DOCUME~1\SBL2ME~1\Desktop\sbl2medic.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.uk.my.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://multiwave.no.nordkapp.net/content/login/phone.php?key=telenor&p=0
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1147776716390
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sbl-02.mgc.no
O17 - HKLM\Software\..\Telephony: DomainName = sbl-02.mgc.no
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sbl-02.mgc.no
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

--
End of file - 11523 bytes

-- Files created between 2008-03-10 and 2008-04-10 -----------------------------

2008-04-09 20:53:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-09 20:53:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 06:58:05 0 d-------- C:\Documents and Settings\All Users\Application Data\PC-Doctor
2008-04-08 06:55:10 0 d-------- C:\Program Files\PCDR5
2008-04-08 01:00:05 0 d-------- C:\Documents and Settings\sbl2medic\(null)
2008-04-04 09:36:01 0 d-------- C:\Documents and Settings\sbl2medic\Application Data\ATI
2008-04-04 01:52:18 0 d-------- C:\Program Files\Panda Security
2008-04-04 01:25:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-03 19:07:14 0 d-------- C:\WINDOWS\system32\(null)
2008-04-03 19:07:03 0 d-------- C:\Program Files\Common Files\Lenovo
2008-04-03 18:35:18 0 d-------- C:\swshare
2008-04-03 18:07:06 0 dr-h----- C:\Documents and Settings\sbl2medic\Recent
2008-04-03 17:53:39 0 d-------- C:\Documents and Settings\sbl2medic\Application Data\TuneUp Software
2008-04-03 17:51:24 0 d-------- C:\WINDOWS\868D789699D44513BC622B3AD3E24926.TMP
2008-03-30 14:16:08 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-30 14:11:35 0 d-------- C:\DivX
2008-03-29 21:06:10 56 -r-hs---- C:\WINDOWS\system32\29F9D68C07.sys
2008-03-14 08:02:32 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-03-10 10:20:12 129536 --a------ C:\WINDOWS\system32\IJL15.dll <Not Verified; Intel Corporation; Intel® JPEG Library>


-- Find3M Report ---------------------------------------------------------------

2008-04-07 06:40:19 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-04 09:33:52 0 d-------- C:\Program Files\TuneUp Utilities 2006
2008-04-04 01:26:15 0 d-------- C:\Program Files\Lavasoft
2008-04-04 01:22:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 01:10:05 0 d-------- C:\Program Files\ATI Technologies
2008-04-04 01:02:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-04 00:24:31 0 d-------- C:\Program Files\Java
2008-04-04 00:17:18 2086 --a------ C:\WINDOWS\system32\SMBIOS.bin
2008-04-03 19:25:56 0 d-------- C:\Program Files\VideoLAN
2008-04-03 19:18:06 0 d-------- C:\Program Files\Apple Software Update
2008-04-03 19:07:38 0 d-------- C:\Program Files\Lenovo
2008-04-03 19:07:03 0 d-------- C:\Program Files\Common Files
2008-04-03 18:46:13 0 d-------- C:\Program Files\Canon
2008-04-03 18:40:25 0 d-------- C:\Program Files\InterVideo
2008-04-03 18:28:33 0 d-------- C:\Program Files\DivX
2008-04-03 18:03:02 0 d-------- C:\Program Files\Skype
2008-04-03 17:51:15 0 d-------- C:\Program Files\Starpath
2008-04-03 17:50:54 0 d-------- C:\Program Files\StarCraft
2008-03-31 06:56:51 0 d-------- C:\Documents and Settings\sbl2medic\Application Data\AVG7
2008-03-27 13:34:09 0 d-------- C:\Documents and Settings\sbl2medic\Application Data\Apple Computer
2008-03-14 19:46:06 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-09 21:27:42 9728 --a------ C:\WINDOWS\system32\UnInstall 3D Beauty Vol 1.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [08/11/2004 19:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/11/2004 19:17]
"TpShocks"="TpShocks.exe" [22/11/2007 15:09 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [12/11/2004 09:07 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [23/03/2005 10:11]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [14/04/2005 09:01]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 13:52]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [28/02/2005 10:53]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [19/08/2006 04:37]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [13/01/2008 09:48]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [04/03/2008 10:34]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [14/10/2004 17:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [06/08/2004 15:27]
"Domino"="C:\WINDOWS\Domino.exe" [18/08/2006 09:58]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [10/03/2008 12:00]

C:\Documents and Settings\sbl2medic\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [29/09/2006 09:57:36]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [22/01/2007 13:51:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 03:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Program Files\IBM fingerprint software\psfus.dll 13/04/2005 00:39 110179 C:\Program Files\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 18/03/2005 11:07 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 13/08/2004 04:11 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli pwdmon

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\0\0]
"Script"=\\mgc.no\sysvol\mgc.no\scripts\mgcbgologin.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\1\0]
"Script"=\\Mgc04\NETLOGON\office2003.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\2\0]
"Script"=\\Mgc04\NETLOGON\MGC-Projects.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\3\0]
"Script"=\\Mgc02\netlogon\MGC_Marketing-video.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\4\0]
"Script"=\\Mgc04\NETLOGON\MGC-VismaUsers.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\5\0]
"Script"=\\Mgc04\NETLOGON\MGC-Engineering.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\6\0]
"Script"=\\Mgc02\NETLOGON\MGC_Technical.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\7\0]
"Script"=\\Mgc02\NETLOGON\VpnUser_logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\8\0]
"Script"=\\Mgc02\NETLOGON\amos_logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\9\0]
"Script"=\\Mgc04\NETLOGON\logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-500\Scripts\Logon\0\0]
"Script"=\\mgc.no\sysvol\mgc.no\scripts\mgcbgologin.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
"QCTRAY"=C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
"ControlCenter"="C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{684a908b-da16-11dc-b478-0014a4d8170e}]
Auto\command- autoregistry.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autoregistry.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a62a761c-973b-11dc-b459-0014a4d8170e}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a62a761d-973b-11dc-b459-0014a4d8170e}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f660e01c-fa32-11dc-b484-0014a4d8170e}]
AutoRun\command- CGS13\Setup.exe




-- End of Deckard's System Scanner: finished at 2008-04-10 11:09:03 ------------
  • 0

#4
Rorschach112
Posted 10 April 2008 - 09:52 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{684a908b-da16-11dc-b478-0014a4d8170e}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a62a761c-973b-11dc-b459-0014a4d8170e}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a62a761d-973b-11dc-b459-0014a4d8170e}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f660e01c-fa32-11dc-b484-0014a4d8170e}
purity 
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot and do this

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt
  • 0

#5
poptail
Posted 10 April 2008 - 12:38 PM

poptail

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Explorer killed successfully
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{684a908b-da16-11dc-b478-0014a4d8170e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{684a908b-da16-11dc-b478-0014a4d8170e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a62a761c-973b-11dc-b459-0014a4d8170e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a62a761c-973b-11dc-b459-0014a4d8170e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a62a761d-973b-11dc-b459-0014a4d8170e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a62a761d-973b-11dc-b459-0014a4d8170e}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f660e01c-fa32-11dc-b484-0014a4d8170e} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f660e01c-fa32-11dc-b484-0014a4d8170e}\\ deleted successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04102008_192408





main.txt
----------------------------------------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by sbl2medic on 2008-04-10 19:33:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-04-10 18:34:00 UTC - RP159 - Deckard's System Scanner Restore Point
7: 2008-04-10 02:01:30 UTC - RP158 - Software Distribution Service 3.0
6: 2008-04-09 07:02:51 UTC - RP157 - System Checkpoint
5: 2008-04-08 05:52:47 UTC - RP156 - Installed Windows XP KB910728.
4: 2008-04-07 11:49:01 UTC - RP155 - System Checkpoint


-- First Restore Point --
1: 2008-04-04 08:40:15 UTC - RP152 - Frank's restore point


Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as sbl2medic.exe) -------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-10 19:34:50
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\ZSSnp211.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\Domino.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\WINDOWS\system32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sbl2medic\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.uk.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: CCC.lnk = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options Group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1147776716390
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} () - http://a532.g.akamai...l/installer.exe
O17 - HKLM\Software\..\Telephony: DomainName = sbl-02.mgc.no
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = sbl-02.mgc.no
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = sbl-02.mgc.no
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\MSERO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\system32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\system32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSvc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe


--
End of file - 12839 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TPDiskPM - c:\windows\system32\drivers\tpdiskpm.sys <Not Verified; Lenovo, Ltd. and IBM Corporation; ThinkPad SATA Power Management Driver>
R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 EGATHDRV (IBM Access Support) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys <Not Verified; IBM; FFE and RRU>
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 SmiHlp (SMI helper driver) - c:\program files\ibm fingerprint software\smihlp.sys <Not Verified; UPEK Inc.; IBM fingerprint software>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 TPInput - c:\windows\system32\drivers\tpinput.sys <Not Verified; Lenovo, Ltd. and IBM Corporation.; ThinkPad SATA Power Management Driver>

S3 catchme - c:\docume~1\sbl2me~1\locals~1\temp\catchme.sys (file missing)
S3 QCNDISIF - c:\windows\system32\drivers\qcndisif.sys <Not Verified; IBM Corporation.; IBM ThinkPad Utility>
S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys (file missing)
S3 ZSMC211 (USB PC Camera (ZS0211)) - c:\windows\system32\drivers\zs211.sys <Not Verified; ZSMC Corporation; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 IBM Rapid Restore Ultra Service - "c:\program files\ibm\ibm rapid restore ultra\rrpcsb.exe" <Not Verified; ; rrpcsb Module>
R2 QCONSVC - system32\qconsvc.exe <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 SUService (System Update) - c:\program files\lenovo\system update\suservice.exe <Not Verified; Lenovo Group Limited; ThinkVantage System Update Service>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
R2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>
R2 vtserver (Protector Suite Virtual Token) - "c:\program files\common files\virtual token\vtserver.exe" <Not Verified; UPEK Inc.; IBM fingerprint software>

S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Root Hub
Device ID: USB\ROOT_HUB\4&1B50C3BE&0
Manufacturer: (Standard USB Host Controller)
Name: USB Root Hub
PNP Device ID: USB\ROOT_HUB\4&1B50C3BE&0
Service: usbhub

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 2915ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4224&SUBSYS_10118086&REV_05\4&AD1B67F&0&10F0
Manufacturer: Intel® Corporation
Name: Intel® PRO/Wireless 2915ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4224&SUBSYS_10118086&REV_05\4&AD1B67F&0&10F0
Service: w29n51


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\winlogon.exe (pid 816)
2007-04-19 03:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>
2005-04-13 00:39:58 110179 --a------ C:\Program Files\IBM fingerprint software\psfus.dll <Not Verified; UPEK Inc.; IBM fingerprint software>
2005-04-13 00:32:00 165475 --a------ C:\Program Files\Common Files\Virtual Token\psutil.dll <Not Verified; UPEK Inc.; IBM fingerprint software>
2004-08-13 04:11:26 24576 --a------ C:\WINDOWS\system32\tphklock.dll

C:\WINDOWS\explorer.exe (pid 1292)
2005-05-25 06:21:20 65536 --a------ C:\WINDOWS\system32\BTNCopy.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.600>
2005-04-14 09:01:00 139264 --a------ C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL <Not Verified; IBM Corp.; IBM ThinkPad Utility>
2005-04-14 09:01:00 32768 --a------ C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2005-04-14 09:01:00 73728 --a------ C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
2007-03-02 11:44:34 73728 --a------ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll <Not Verified; ; ACE Context Menu>

C:\WINDOWS\system32\rundll32.exe (pid 1932)
2005-04-14 09:01:00 139264 --a------ C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL <Not Verified; IBM Corp.; IBM ThinkPad Utility>
2005-04-14 09:01:00 32768 --a------ C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
2005-04-14 09:01:00 73728 --a------ C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL


-- Scheduled Tasks -------------------------------------------------------------

2008-04-10 19:28:15 316 --a------ C:\WINDOWS\Tasks\PMTask.job
2008-04-04 17:15:00 400 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-03-10 and 2008-04-10 -----------------------------

2008-04-09 20:53:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-09 20:53:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-08 06:58:05 0 d-------- C:\Documents and Settings\All Users\Application Data\PC-Doctor
2008-04-08 06:55:10 0 d-------- C:\Program Files\PCDR5
2008-04-08 01:00:05 0 d-------- C:\Documents and Settings\sbl2medic\(null)
2008-04-04 09:36:01 0 d-------- C:\Documents and Settings\sbl2medic\Application Data\ATI
2008-04-04 01:52:18 0 d-------- C:\Program Files\Panda Security
2008-04-04 01:25:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-03 19:07:14 0 d-------- C:\WINDOWS\system32\(null)
2008-04-03 19:07:03 0 d-------- C:\Program Files\Common Files\Lenovo
2008-04-03 18:35:18 0 d-------- C:\swshare
2008-04-03 18:07:06 0 dr-h----- C:\Documents and Settings\sbl2medic\Recent
2008-04-03 17:53:39 0 d-------- C:\Documents and Settings\sbl2medic\Application Data\TuneUp Software
2008-04-03 17:51:24 0 d-------- C:\WINDOWS\868D789699D44513BC622B3AD3E24926.TMP
2008-03-30 14:16:08 3766 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-30 14:11:35 0 d-------- C:\DivX
2008-03-29 21:06:10 56 -r-hs---- C:\WINDOWS\system32\29F9D68C07.sys
2008-03-14 08:02:32 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-03-10 10:20:12 129536 --a------ C:\WINDOWS\system32\IJL15.dll <Not Verified; Intel Corporation; Intel® JPEG Library>


-- Find3M Report ---------------------------------------------------------------

2008-04-07 06:40:19 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-04 09:33:52 0 d-------- C:\Program Files\TuneUp Utilities 2006
2008-04-04 01:26:15 0 d-------- C:\Program Files\Lavasoft
2008-04-04 01:22:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 01:10:05 0 d-------- C:\Program Files\ATI Technologies
2008-04-04 01:02:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-04 00:24:31 0 d-------- C:\Program Files\Java
2008-04-04 00:17:18 2086 --a------ C:\WINDOWS\system32\SMBIOS.bin
2008-04-03 19:25:56 0 d-------- C:\Program Files\VideoLAN
2008-04-03 19:18:06 0 d-------- C:\Program Files\Apple Software Update
2008-04-03 19:07:38 0 d-------- C:\Program Files\Lenovo
2008-04-03 19:07:03 0 d-------- C:\Program Files\Common Files
2008-04-03 18:46:13 0 d-------- C:\Program Files\Canon
2008-04-03 18:40:25 0 d-------- C:\Program Files\InterVideo
2008-04-03 18:28:33 0 d-------- C:\Program Files\DivX
2008-04-03 18:03:02 0 d-------- C:\Program Files\Skype
2008-04-03 17:51:15 0 d-------- C:\Program Files\Starpath
2008-04-03 17:50:54 0 d-------- C:\Program Files\StarCraft
2008-03-31 06:56:51 0 d-------- C:\Documents and Settings\sbl2medic\Application Data\AVG7
2008-03-27 13:34:09 0 d-------- C:\Documents and Settings\sbl2medic\Application Data\Apple Computer
2008-03-14 19:46:06 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-09 21:27:42 9728 --a------ C:\WINDOWS\system32\UnInstall 3D Beauty Vol 1.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [08/11/2004 19:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/11/2004 19:17]
"TpShocks"="TpShocks.exe" [22/11/2007 15:09 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [12/11/2004 09:07 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [23/03/2005 10:11]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [14/04/2005 09:01]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/01/2006 13:52]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [28/02/2005 10:53]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [19/08/2006 04:37]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [13/01/2008 09:48]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [04/03/2008 10:34]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [14/10/2004 17:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [06/08/2004 15:27]
"Domino"="C:\WINDOWS\Domino.exe" [18/08/2006 09:58]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [10/03/2008 12:00]

C:\Documents and Settings\sbl2medic\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [29/09/2006 09:57:36]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [22/01/2007 13:51:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 03:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Program Files\IBM fingerprint software\psfus.dll 13/04/2005 00:39 110179 C:\Program Files\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 18/03/2005 11:07 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 13/08/2004 04:11 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli pwdmon

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\0\0]
"Script"=\\mgc.no\sysvol\mgc.no\scripts\mgcbgologin.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\1\0]
"Script"=\\Mgc04\NETLOGON\office2003.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\2\0]
"Script"=\\Mgc04\NETLOGON\MGC-Projects.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\3\0]
"Script"=\\Mgc02\netlogon\MGC_Marketing-video.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\4\0]
"Script"=\\Mgc04\NETLOGON\MGC-VismaUsers.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\5\0]
"Script"=\\Mgc04\NETLOGON\MGC-Engineering.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\6\0]
"Script"=\\Mgc02\NETLOGON\MGC_Technical.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\7\0]
"Script"=\\Mgc02\NETLOGON\VpnUser_logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\8\0]
"Script"=\\Mgc02\NETLOGON\amos_logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-1672\Scripts\Logon\9\0]
"Script"=\\Mgc04\NETLOGON\logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1229298562-2152346940-3945550932-500\Scripts\Logon\0\0]
"Script"=\\mgc.no\sysvol\mgc.no\scripts\mgcbgologin.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
"QCTRAY"=C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
"ControlCenter"="C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2008-04-10 19:36:01 ------------






Extra.txt
------------------------------------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 2.00GHz
Percentage of Memory in Use: 73%
Physical Memory (total/avail): 510.42 MiB / 134.75 MiB
Pagefile Memory (total/avail): 1244.72 MiB / 704.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1899.25 MiB

C: is Fixed (NTFS) - 70.58 GiB total, 49.54 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HTS541080G9AT00 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 70.58 GiB - C:
\PARTITION1 - Unknown - 3.95 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\sbl2medic\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MGC-220
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\sbl2medic
IBMSHARE=C:\IBMSHARE
LOGONSERVER=\\MGC-220
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\ThinkPad\Utilities;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\ATI Technologies\ATI Control Panel;C:\WINDOWS\Downloaded Program Files;C:\IBMTOOLS\Python22;C:\Program Files\Common Files\Lenovo;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONCASEOK=1
PYTHONPATH=C:\IBMTOOLS\utils\support;C:\IBMTOOLS\utils\logger
RRU=C:\Program Files\IBM\IBM Rapid Restore Ultra\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TCL_LIBRARY=C:\IBMTOOLS\Python22\tcl\tcl8.4
TEMP=C:\DOCUME~1\SBL2ME~1\LOCALS~1\Temp
TK_LIBRARY=C:\IBMTOOLS\Python22\tcl\tk8.4
TMP=C:\DOCUME~1\SBL2ME~1\LOCALS~1\Temp
TVT=C:\Program Files\Lenovo
USERDOMAIN=MGC-220
USERNAME=sbl2medic
USERPROFILE=C:\Documents and Settings\sbl2medic
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

rduus (admin)
administrator.MGC (new local, admin, net ready)
om (new local, admin, net ready)
hseadvisor (admin)
administrator.SBL-02 (admin)
Admin (admin)
sbl2medic (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Access IBM --> MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Access IBM Message Center --> MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 7.0.9 Standard --> msiexec /I {AC76BA86-1033-0000-BA7E-000000000002}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x7541
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
ccc-Branding --> MsiExec.exe /I{7379FDD1-D0ED-4FF2-B168-E246772E731E}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cisco Systems VPN Client 4.7.00.0533 --> MsiExec.exe /X{00CD55D6-EE5A-4570-9875-8A306628C032}
HijackThis 2.0.2 --> "C:\Documents and Settings\sbl2medic\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IBM 32-bit Runtime Environment for Java 2, v1.4.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1033
IBM Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x9 anything
IBM DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
IBM Integrated 56K Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -IIBM0559K.INF -ISFG
IBM RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
IBM Rescue and Recovery with Rapid Restore --> MsiExec.exe /X{11783F13-C3A9-44A8-929B-21A476F65272}
IBM Themes --> MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Configuration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x9 -AddRemove
IBM ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
IBM ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
IBM ThinkPad Power Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
IBM ThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
IBM ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
IBM ThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" UNINSTALL
IBM ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
IBM TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Lotus Notes 6.5.4 --> MsiExec.exe /I{1AAE3976-3167-4BDF-B785-00E19C6671A3}
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Reference Library 2005 --> MsiExec.exe /I{05410141-64A6-4248-A026-9745C1E9E159}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.13) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5.0.14 (en-US)"
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe
PDFCreator --> MsiExec.exe /I{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Integrated Bluetooth IV Software --> MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad SATA Power Management Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}\setup.exe" -l0x9 anything
ThinkVantage Active Protection System --> MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Wallpapers --> MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}


-- Application Event Log -------------------------------------------------------

Event Record #/Type23632 / Error
Event Submitted/Written: 04/10/2008 07:29:05 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type23628 / Warning
Event Submitted/Written: 04/10/2008 07:28:21 PM
Event ID/Source: 4354 / EventSystem
Event Description:
The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {A82F0E80-1305-400C-BA56-375AE04264A1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.

Event Record #/Type23623 / Error
Event Submitted/Written: 04/10/2008 07:28:05 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Event Record #/Type23621 / Error
Event Submitted/Written: 04/10/2008 03:33:36 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type23617 / Error
Event Submitted/Written: 04/10/2008 06:33:41 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type47148 / Warning
Event Submitted/Written: 04/10/2008 07:29:00 PM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server DNS/ns1.bkkb.no. No authentication protocol was available.

Event Record #/Type47147 / Warning
Event Submitted/Written: 04/10/2008 07:29:00 PM
Event ID/Source: 8192 / LSASRV
Event Description:
The Security System detected an attempted downgrade attack for
server DNS/ns1.bkkb.no. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon request.
(0xc000005e)".

Event Record #/Type47137 / Error
Event Submitted/Written: 04/10/2008 07:28:26 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type47136 / Warning
Event Submitted/Written: 04/10/2008 07:28:26 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 15 minutes.

Event Record #/Type47135 / Error
Event Submitted/Written: 04/10/2008 07:28:25 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.



-- End of Deckard's System Scanner: finished at 2008-04-10 19:36:01 ------------
  • 0

#6
Rorschach112
Posted 10 April 2008 - 12:44 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
How is your PC running ? Any problems
  • 0

#7
poptail
Posted 10 April 2008 - 04:15 PM

poptail

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
It seems to be running fine (as good as my old machine can run!) No obvious problems. How does the logs look like?
  • 0

#8
Rorschach112
Posted 10 April 2008 - 05:17 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#9
poptail
Posted 11 April 2008 - 05:26 AM

poptail

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi,

Thanks for the good tips, fast replies, easy tutorials and great help! Finally the computer is free from virus and malware. I followed the last step and installed and updated everything. I only have one last question before you can mark the post as [resolved]. I downloaded and installed SywareGuard 2.2, but when i try to update the definitions it says that the lastes one is dated 1/22/04. When i try to run Live Update one more time it says: No updates availiable.

Is this the latest definition or is the program outdated and not supported anymore? Older than 4 years seems to be a bit too much in the spyware timeline.

Thanks again!
  • 0

#10
Rorschach112
Posted 11 April 2008 - 06:54 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I get asked that a lot

SpywareGuard uses heuristics so it doesn't need updates to keep you protected. Heuristics is the best form of protection as it will protect you against new threats that other programs won't be able to as they depend on the updates to stop new things.

It is nothing to worry about :)

Anything else ?
  • 0

#11
poptail
Posted 11 April 2008 - 12:54 PM

poptail

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ok, just had to ask. :) Seemed a bit odd with that old definitions.

Then i would just like to thank you for all the help you have given me and now i will google: "Heuristics"

Cya!
  • 0

#12
Rorschach112
Posted 11 April 2008 - 12:57 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP