Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

"you have a security problem!" Antivirus XP 2009 [RESOLV

Started by thegino , Aug 25 2008 09:53 AM

  • This topic is locked This topic is locked

#1
thegino
Posted 25 August 2008 - 09:53 AM

thegino

    New Member

  • Member
  • Pip
  • 4 posts
Hello

I have the same issue....

THere is a red shiled in the tray. It keeps popping up and once in a while opens a browser and begins a "scan".

Here is the log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:06 AM, on 8/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\setup1021.exe
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\h.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe,"C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe"
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SoftGridTray] C:\Program Files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe /autostart
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\setup1021.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.babson.edu
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1215105907878
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = babson.edu
O17 - HKLM\Software\..\Telephony: DomainName = babson.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = babson.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = babson.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoftGrid Client (sftlist) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe
O23 - Service: SoftGrid Virtual Service Agent (sftvsa) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe

--
End of file - 11851 bytes
  • 0

Advertisements

#2
IndiGenus
Posted 27 August 2008 - 07:08 PM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Hi and welcome to the forums here at G2G! :)

Please download SDFix and save it to your Desktop.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • Open the SDFix folder and double click on RunThis.bat to start the script.
  • Type Y and press Enter to begin the script.
  • It will start cleaning your PC and then prompt you to press any key to Reboot.
  • Press any key to restart the PC.
  • Your system will take longer than normal to restart as the fixtool will be removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished.
  • Press any key to end the script and to load your desktop icons.
  • A text file should automatically open, so please copy the contents and post them here. We also need you to post a new HijackThis log

  • 0

#3
thegino
Posted 27 August 2008 - 09:59 PM

thegino

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you so much for helping

Here is report.txt


SDFix: Version 1.219
Run by edoktorov1 on Wed 08/27/2008 at 11:47 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\0.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\1.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\2.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\3.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\4.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\a.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\b.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\c.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\d.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\e.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\f.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\g.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\h.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\i.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\j.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\k.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\l.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\m.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\n.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\o.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\p.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\q.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\r.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\s.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\t.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\u.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\v.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\w.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\x.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\y.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\z.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\0.exe - Deleted
C:\DOCUME~1\EDOKTO~1\LOCALS~1\Temp\1.exe - Deleted
C:\WINDOWS\system32\msxml71.dll - Deleted



Folder C:\Documents and Settings\edoktorov1\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 23:53:26
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 14 Apr 2008 588,800 A..H. --- "C:\WINDOWS\I386\AUTOCHK.EXE"
Mon 14 Apr 2008 580,608 A..H. --- "C:\WINDOWS\I386\AUTOFMT.EXE"
Mon 14 Apr 2008 60,416 A..H. --- "C:\WINDOWS\I386\CABINET.DLL"
Mon 14 Apr 2008 847,872 A..H. --- "C:\WINDOWS\I386\DBGENG.DLL"
Mon 14 Apr 2008 640,000 A..H. --- "C:\WINDOWS\I386\DBGHELP.DLL"
Mon 14 Apr 2008 15,872 A..H. --- "C:\WINDOWS\I386\EXPAND.EXE"
Mon 14 Apr 2008 125,952 A..H. --- "C:\WINDOWS\I386\EXTS.DLL"
Mon 14 Apr 2008 20,992 A..H. --- "C:\WINDOWS\I386\FAXPATCH.EXE"
Mon 14 Apr 2008 69,632 A..H. --- "C:\WINDOWS\I386\HWDB.DLL"
Mon 14 Apr 2008 144,384 A..H. --- "C:\WINDOWS\I386\IMAGEHLP.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDA1.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDA2.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDA3.DLL"
Mon 14 Apr 2008 6,656 A..H. --- "C:\WINDOWS\I386\KBDAL.DLL"
Mon 14 Apr 2008 5,120 A..H. --- "C:\WINDOWS\I386\KBDARME.DLL"
Mon 14 Apr 2008 5,120 A..H. --- "C:\WINDOWS\I386\KBDARMW.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDAZE.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDAZEL.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDBE.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDBLR.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDBR.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDBU.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDCA.DLL"
Mon 14 Apr 2008 6,656 A..H. --- "C:\WINDOWS\I386\KBDCR.DLL"
Mon 14 Apr 2008 7,168 A..H. --- "C:\WINDOWS\I386\KBDCZ.DLL"
Mon 14 Apr 2008 6,656 A..H. --- "C:\WINDOWS\I386\KBDCZ1.DLL"
Mon 14 Apr 2008 6,656 A..H. --- "C:\WINDOWS\I386\KBDCZ2.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDDA.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDDIV1.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDDIV2.DLL"
Mon 14 Apr 2008 5,120 A..H. --- "C:\WINDOWS\I386\KBDDV.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDES.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDEST.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDFA.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDFC.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDFI.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDFR.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDGAE.DLL"
Mon 14 Apr 2008 5,120 A..H. --- "C:\WINDOWS\I386\KBDGEO.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDGKL.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDGR.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDGR1.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDHE.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDHE220.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDHE319.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDHEB.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDHELA2.DLL"
Mon 14 Apr 2008 6,656 A..H. --- "C:\WINDOWS\I386\KBDHELA3.DLL"
Mon 14 Apr 2008 8,192 A..H. --- "C:\WINDOWS\I386\KBDHEPT.DLL"
Mon 14 Apr 2008 6,656 A..H. --- "C:\WINDOWS\I386\KBDHU.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDHU1.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDIC.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDINDEV.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDINGUJ.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDINHIN.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDINKAN.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDINMAR.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDINPUN.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDINTAM.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDINTEL.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDIR.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDIT.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDIT142.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDKAZ.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDKYR.DLL"
Mon 14 Apr 2008 6,656 A..H. --- "C:\WINDOWS\I386\KBDLA.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDLT.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDLT1.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDLV.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDLV1.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDMON.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDNE.DLL"
Mon 14 Apr 2008 7,168 A..H. --- "C:\WINDOWS\I386\KBDNEC.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDNO.DLL"
Mon 14 Apr 2008 6,656 A..H. --- "C:\WINDOWS\I386\KBDPL.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDPL1.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDPO.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDRO.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDRU.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDRU1.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDSF.DLL"
Mon 14 Apr 2008 6,656 A..H. --- "C:\WINDOWS\I386\KBDSG.DLL"
Mon 14 Apr 2008 6,656 A..H. --- "C:\WINDOWS\I386\KBDSL.DLL"
Mon 14 Apr 2008 6,656 A..H. --- "C:\WINDOWS\I386\KBDSL1.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDSP.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDSW.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDSYR1.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDSYR2.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDTAT.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDTH0.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDTH1.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDTH2.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDTH3.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDTUF.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDTUQ.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDUK.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDUR.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDURDU.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDUS.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDUSL.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDUSR.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\KBDUSX.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDUZB.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDVNTC.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\KBDYCC.DLL"
Mon 14 Apr 2008 6,656 A..H. --- "C:\WINDOWS\I386\KBDYCL.DLL"
Mon 14 Apr 2008 92,288 A..H. --- "C:\WINDOWS\I386\KSECDD.SYS"
Mon 14 Apr 2008 329,728 A..H. --- "C:\WINDOWS\I386\NETSETUP.EXE"
Mon 14 Apr 2008 706,048 A..H. --- "C:\WINDOWS\I386\NTDLL.DLL"
Mon 14 Apr 2008 574,976 A..H. --- "C:\WINDOWS\I386\NTFS.SYS"
Mon 14 Apr 2008 31,744 A..H. --- "C:\WINDOWS\I386\NTSD.EXE"
Mon 14 Apr 2008 36,864 A..H. --- "C:\WINDOWS\I386\NTSDEXTS.DLL"
Mon 14 Apr 2008 24,064 A..H. --- "C:\WINDOWS\I386\PIDGEN.DLL"
Mon 14 Apr 2008 146,432 A..H. --- "C:\WINDOWS\I386\REGEDIT.EXE"
Mon 14 Apr 2008 232,960 A..H. --- "C:\WINDOWS\I386\SPCMDCON.SYS"
Mon 14 Apr 2008 11,264 A..H. --- "C:\WINDOWS\I386\SPNPINST.EXE"
Mon 14 Apr 2008 244,736 A..H. --- "C:\WINDOWS\I386\SYSPARSE.EXE"
Mon 14 Apr 2008 75,776 A..H. --- "C:\WINDOWS\I386\TELNET.EXE"
Mon 14 Apr 2008 25,600 A..H. --- "C:\WINDOWS\I386\TSCUPDC.DLL"
Mon 14 Apr 2008 469,504 A..H. --- "C:\WINDOWS\I386\USETUP.EXE"
Mon 14 Apr 2008 84,939 A..H. --- "C:\WINDOWS\I386\WINNT.EXE"
Mon 14 Apr 2008 48,128 A..H. --- "C:\WINDOWS\I386\WINNT32.EXE"
Mon 14 Apr 2008 1,171,456 A..H. --- "C:\WINDOWS\I386\WINNT32A.DLL"
Mon 14 Apr 2008 1,298,432 A..H. --- "C:\WINDOWS\I386\WINNT32U.DLL"
Mon 14 Apr 2008 754,176 A..H. --- "C:\WINDOWS\I386\WINNTBBA.DLL"
Mon 14 Apr 2008 756,224 A..H. --- "C:\WINDOWS\I386\WINNTBBU.DLL"
Mon 14 Apr 2008 53,248 A..H. --- "C:\WINDOWS\I386\WSDU.DLL"
Mon 14 Apr 2008 77,824 A..H. --- "C:\WINDOWS\I386\WSDUENG.DLL"
Mon 14 Apr 2008 162,128 A..H. --- "C:\WINDOWS\I386\DRW\DWWIN.EXE"
Mon 14 Apr 2008 28,672 A..H. --- "C:\WINDOWS\I386\DRW\FAULTH.DLL"
Mon 14 Apr 2008 706,048 A..H. --- "C:\WINDOWS\I386\SYSTEM32\NTDLL.DLL"
Mon 14 Apr 2008 470,016 A..H. --- "C:\WINDOWS\I386\SYSTEM32\SMSS.EXE"
Mon 14 Apr 2008 55,056 A..H. --- "C:\WINDOWS\I386\WIN9XUPG\CABINET.DLL"
Mon 14 Apr 2008 25,600 A..H. --- "C:\WINDOWS\I386\WIN9XUPG\CFGMGR32.DLL"
Mon 14 Apr 2008 99,376 A..H. --- "C:\WINDOWS\I386\WIN9XUPG\IMAGEHLP.DLL"
Mon 14 Apr 2008 106,496 A..H. --- "C:\WINDOWS\I386\WIN9XUPG\ISMIG.DLL"
Mon 14 Apr 2008 267,536 A..H. --- "C:\WINDOWS\I386\WIN9XUPG\MSVCRT.DLL"
Mon 14 Apr 2008 888,832 A..H. --- "C:\WINDOWS\I386\WIN9XUPG\SETUPAPI.DLL"
Mon 14 Apr 2008 3,584 A..H. --- "C:\WINDOWS\I386\WIN9XUPG\TWID.EXE"
Mon 14 Apr 2008 872,448 A..H. --- "C:\WINDOWS\I386\WIN9XUPG\W95UPG.DLL"
Mon 14 Apr 2008 12,288 A..H. --- "C:\WINDOWS\I386\WINNTUPG\APMUPGRD.DLL"
Mon 14 Apr 2008 6,656 A..H. --- "C:\WINDOWS\I386\WINNTUPG\BOSCOMP.DLL"
Mon 14 Apr 2008 58,128 A..H. --- "C:\WINDOWS\I386\WINNTUPG\CFGMGR32.DLL"
Mon 14 Apr 2008 40,960 A..H. --- "C:\WINDOWS\I386\WINNTUPG\CLUSCOMP.DLL"
Mon 14 Apr 2008 5,120 A..H. --- "C:\WINDOWS\I386\WINNTUPG\FSFILTER.DLL"
Mon 14 Apr 2008 6,656 A..H. --- "C:\WINDOWS\I386\WINNTUPG\FTCOMP.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\WINNTUPG\INPUPGRD.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\WINNTUPG\MSMQCOMP.DLL"
Mon 14 Apr 2008 121,344 A..H. --- "C:\WINDOWS\I386\WINNTUPG\NETUPGRD.DLL"
Mon 14 Apr 2008 11,264 A..H. --- "C:\WINDOWS\I386\WINNTUPG\NTDSUPG.DLL"
Mon 14 Apr 2008 6,144 A..H. --- "C:\WINDOWS\I386\WINNTUPG\NV4PREP.DLL"
Mon 14 Apr 2008 323,344 A..H. --- "C:\WINDOWS\I386\WINNTUPG\SETUPAPI.DLL"
Mon 14 Apr 2008 4,608 A..H. --- "C:\WINDOWS\I386\WINNTUPG\TSCOMP.DLL"
Mon 14 Apr 2008 11,776 A..H. --- "C:\WINDOWS\I386\WINNTUPG\VIDUPGRD.DLL"
Thu 3 Jul 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 14 Apr 2008 55,632 A..H. --- "C:\WINDOWS\I386\DRW\1033\DWINTL.DLL"
Mon 14 Apr 2008 65,536 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\ACROBAT\MIGRATE.DLL"
Mon 14 Apr 2008 30,208 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\CMMGR\MIGRATE.DLL"
Mon 14 Apr 2008 53,248 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\DEVUPGRD\MIGRATE.DLL"
Mon 14 Apr 2008 3,952 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\DMICALL\DMICALL.SYS"
Mon 14 Apr 2008 32,768 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\DMICALL\MIGRATE.DLL"
Mon 14 Apr 2008 13,824 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\DVD\MIGRATE.DLL"
Mon 14 Apr 2008 69,632 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\EASTMAN\MIGRATE.DLL"
Mon 14 Apr 2008 73,728 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\FAX\AWDVSTUB.EXE"
Mon 14 Apr 2008 25,600 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\FAX\MIGRATE.DLL"
Mon 14 Apr 2008 83,456 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\HPTOOLS\MIGRATE.DLL"
Mon 14 Apr 2008 40,960 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\IBMAV\MIGRATE.DLL"
Mon 14 Apr 2008 8,704 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\ICM\MIGRATE.DLL"
Mon 14 Apr 2008 10,240 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\IEMIG\MIGRATE.DLL"
Mon 14 Apr 2008 39,424 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\MODEMS\MIGRATE.DLL"
Mon 14 Apr 2008 11,776 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\MSGQUEUE\MIGRATE.DLL"
Mon 14 Apr 2008 7,680 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\MSI\MIGRATE.DLL"
Mon 14 Apr 2008 33,792 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\MSI\MSI9XMIG.DLL"
Mon 14 Apr 2008 31,744 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\MSI\MSINTMIG.DLL"
Mon 14 Apr 2008 46,864 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\MSP\MIGRATE.DLL"
Mon 14 Apr 2008 36,352 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\NECKBD\MIGRATE.DLL"
Mon 14 Apr 2008 176,128 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\NECPA\MIGRATE.DLL"
Mon 14 Apr 2008 147,456 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\NECWPS\MIGRATE.DLL"
Mon 14 Apr 2008 86,016 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\OCTOPUS\MIGRATE.DLL"
Mon 14 Apr 2008 37,888 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\OEWAB\MIGRATE.DLL"
Mon 14 Apr 2008 30,208 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\PRINT\MIGRATE.DLL"
Mon 14 Apr 2008 35,328 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\PWS\MIGRATE.DLL"
Mon 14 Apr 2008 184,320 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\RUMBA\MIGRATE.DLL"
Mon 14 Apr 2008 69,632 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\SETUP\MIGRATE.DLL"
Mon 14 Apr 2008 76,288 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\TRANSACT\MIGRATE.DLL"
Mon 14 Apr 2008 14,848 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\WIA\MIGRATE.DLL"
Mon 14 Apr 2008 40,960 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\WMP\MIGRATE.DLL"
Mon 14 Apr 2008 108,544 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\MAPI\DLL\MIGRATE.DLL"
Mon 14 Apr 2008 36,864 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\MAPI\DLL\MKNTFRMCACHE.EXE"
Mon 14 Apr 2008 25,629 A..H. --- "C:\WINDOWS\I386\WIN9XMIG\MAPI\DLL\MSPATCHA.DLL"
Mon 14 Apr 2008 5,632 A..H. --- "C:\WINDOWS\I386\WINNTUPG\MS\MODEMSHR\MDMSHRUP.DLL"
Mon 14 Apr 2008 30,748 A..H. --- "C:\WINDOWS\I386\WINNTUPG\MS\SNA\IBMMGUG.DLL"
Mon 14 Apr 2008 38,941 A..H. --- "C:\WINDOWS\I386\WINNTUPG\MS\SNA\NTSNAUPG.DLL"
Mon 14 Apr 2008 28,701 A..H. --- "C:\WINDOWS\I386\WINNTUPG\MS\SNA\SNADLCUG.DLL"
Mon 14 Apr 2008 114,717 A..H. --- "C:\WINDOWS\I386\WINNTUPG\OEM\EQN\EQNUPGRD.DLL"
Mon 14 Apr 2008 33,792 A..H. --- "C:\WINDOWS\I386\WINNTUPG\OEM\TIGERJET\TJUPG.DLL"
Mon 14 Apr 2008 74,802 A..H. --- "C:\WINDOWS\I386\ASMS\6000\MSFT\VCRTL\ATL.DLL"
Mon 14 Apr 2008 995,383 A..H. --- "C:\WINDOWS\I386\ASMS\6000\MSFT\VCRTL\MFC42.DLL"
Mon 14 Apr 2008 995,384 A..H. --- "C:\WINDOWS\I386\ASMS\6000\MSFT\VCRTL\MFC42U.DLL"
Mon 14 Apr 2008 401,462 A..H. --- "C:\WINDOWS\I386\ASMS\6000\MSFT\VCRTL\MSVCP60.DLL"
Mon 14 Apr 2008 9,756 A..H. --- "C:\WINDOWS\I386\WINNTUPG\OEM\DIGI\ASYNC\DGUPGRD.DLL"
Mon 14 Apr 2008 11,292 A..H. --- "C:\WINDOWS\I386\WINNTUPG\OEM\DIGI\REALPORT\DGRPUPG.DLL"
Mon 14 Apr 2008 31,744 A..H. --- "C:\WINDOWS\I386\WINNTUPG\OEM\SPX\MPS\SPXUPGRD.DLL"
Mon 14 Apr 2008 1,724,416 A..H. --- "C:\WINDOWS\I386\ASMS\1000\MSFT\WINDOWS\GDIPLUS\GDIPLUS.DLL"
Mon 14 Apr 2008 50,688 A..H. --- "C:\WINDOWS\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCIRT.DLL"
Mon 14 Apr 2008 322,560 A..H. --- "C:\WINDOWS\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL"
Mon 14 Apr 2008 72,732 A..H. --- "C:\WINDOWS\I386\WINNTUPG\OEM\DIGI\ISDN\BRI\DIGIUPG.DLL"
Mon 14 Apr 2008 28,701 A..H. --- "C:\WINDOWS\I386\WINNTUPG\OEM\DIGI\ISDN\PRI\DIGPRIUP.DLL"
Mon 14 Apr 2008 921,088 A..H. --- "C:\WINDOWS\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL"

Finished!


The second hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:15 PM, on 8/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe,"C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe"
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SoftGridTray] C:\Program Files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe /autostart
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.babson.edu
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1215105907878
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = babson.edu
O17 - HKLM\Software\..\Telephony: DomainName = babson.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = babson.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = babson.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoftGrid Client (sftlist) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe
O23 - Service: SoftGrid Virtual Service Agent (sftvsa) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe

--
End of file - 11803 bytes

Once again Thanks a million!
  • 0

#4
IndiGenus
Posted 28 August 2008 - 06:47 AM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Hi,

Looking better, how's it running? Let's update Java and do some more scans.

Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 7.
  • Go to the Sun Java Website
  • Click on the download button next to Java Runtime Environment (JRE) 6 Update 7
  • Check the circle next to I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click on the link Windows Offline Installation, Multi-language and save the downloaded file to your hard disk.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer

~~~~~~~~~~~~~~~~~~

First, use Use ATF Cleaner to remove temp files,
cookies, cache, ect...
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a Hijackthis log.
~~~~~~~~~~~~~~~~~~~~~~~~~

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Post a new HJT log and let me know how it's running.
  • 0

#5
thegino
Posted 28 August 2008 - 05:26 PM

thegino

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Malwarebytes' Anti-Malware 1.25
Database version: 1093
Windows 5.1.2600 Service Pack 3

7:24:31 PM 8/28/2008
mbam-log-08-28-2008 (19-24-31).txt

Scan type: Quick Scan
Objects scanned: 47112
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:05 PM, on 8/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\userinit.exe,"C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe",
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SoftGridTray] C:\Program Files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe /autostart
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.babson.edu
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1215105907878
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = babson.edu
O17 - HKLM\Software\..\Telephony: DomainName = babson.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = babson.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = babson.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoftGrid Client (sftlist) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe
O23 - Service: SoftGrid Virtual Service Agent (sftvsa) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe

--
End of file - 11742 bytes


Running much better, and the popups are done.

Thanks a lot!
  • 0

#6
IndiGenus
Posted 28 August 2008 - 08:21 PM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
OK glad it's running better. Post the Kaspersky log once it's finished.
  • 0

#7
thegino
Posted 29 August 2008 - 11:12 AM

thegino

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Friday, August 29, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 29, 2008 17:15:08
Records in database: 1163294
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Q:\
Scan statistics
Files scanned 48959
Threat name 1
Infected objects 2
Suspicious objects 0
Duration of the scan 00:37:10

File name Threat name Threats count
C:\MSOCache\All Users\{90120000-0017-0000-0000-0000000FF1CE}-C\SPDWW.cab Infected: not-a-virus:FraudTool.Win32.SpyAway.ag 1
C:\MSOCache\All Users\{90120000-0030-0000-0000-0000000FF1CE}-C\EnterWW.cab Infected: not-a-virus:FraudTool.Win32.SpyAway.ag 1
The selected area was scanned.
  • 0

#8
IndiGenus
Posted 29 August 2008 - 11:55 AM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
I believe those are false positives that Kaspersky found. If all is running well then I think you should be all set here.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which may be infected anyway).

Click Start>Help and Support>Undo changes to your computer with System Restore
Select Create A Restore Point then click Next. Give it a name it and then click Create

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.

In addition to updating and using what you currently have you may want to consider the following:

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Install SpywareGuard - SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
A tutorial on installing & using this product can be found here:
Using SpywareGuard to protect your computer from Spyware and Malware

Use Zoned Out -
Zoned Out will block access to malicious websites so you cannot be redirected to them from an infected site or email. Instructions for set up and use can be found at the website.

Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.

I'll keep the thread open for a couple more days in case you have any questions or issues.

Regards,
Dave
  • 0

#9
IndiGenus
Posted 02 September 2008 - 06:14 AM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP