[shy_oren]

Hi! I have a trojan associated with PSW.Online Games that is infecting my computer. Here is my log and I really hope you can help,Thank you so much in advance!

HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:15, on 27/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/ig?hl=iw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {54B02808-B60E-44CD-A72D-9865117E4E62} - (no file)
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files\agat\AGForm\AGFormsHelper.dll
O2 - BHO: עוזר הכניסה של Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - https://bill.icellco...ent/CfxIEAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193166528781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206556855703
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe

--
End of file - 14310 bytes


ComboFix 08-04-26.5 - User 04/27/2008 19:51:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1255.1.1033.18.778 [GMT 3:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\2A3JWWZT\iforex.com
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\2A3JWWZT\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_AgatUserImage.ico
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_Animated.htm
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_attachEmpty.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_attachFull.bmp
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_blue_bot_lft.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_bot_lft.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_bot_lft_dis.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_bot_rt.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_bot_rt_dis.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_bullet.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_bullet_blue.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_bullet_blue_eng.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_but_asher.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_but_close.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_but_remove.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_but_sgor.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_corner_topLft.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_del_small.GIF
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_deleteSign.ico
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_displayAttach.ico
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_displaySignedForm.ico
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_displaySignerDetails.ico
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_displaySignerStatus.ico
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_dot.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_dotted_line.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_drop2.GIF
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_englishBackgroundPopup.jpg
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_englishContent.ico
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_exit.ico
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_form_bg_bottom_stretch.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_form_bg_corner_left.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_form_bg_corner_right.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_form_bg_left_stretch.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_form_bg_right_stretch.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_form1_main_licensing.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_hebrewBackgroundPopup.jpg
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_hebrewContent.ico
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_id_card.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_ikon_files.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_ikon_help.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_ikon_tohen.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_layout_an_send_end.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_left_grey.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_left2.GIF
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_leftTop.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_line.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_line_gray.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_logo_israel.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_lookUpWindow.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_lookUpWindowReadonly.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_main.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_main_left.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_main_semel.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_main_seperator.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_mashov.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_print.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_print11.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_printnush.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_right_grey.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_right2.GIF
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_rightTop.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_sand_clock3.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_saveAllAttachments.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_saveAllAttachmentsENG.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_saveAttach.ico
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_SaveToFile.ico
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_saveToFileEach.ico
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_shadow_bottom.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_shadow_bottom_dis.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_shadow_Rt.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_shadow_Rt_dis.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_sign.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_sign_unverified.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_signGrey.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_SignInQuestion.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_signYellow.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_status_Animated.htm
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_statusBar.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_subtitle_corner_left.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_subtitle_with_line.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_title_corner_left.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_title_corner_lft.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_title_with_line.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_titleBG.bmp
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_top_lft.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_top_lft_dis.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_top_rt.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_top_rt_dis.gif
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_trash.ico
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsImg_verifySignature.ico
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\tfsStatusBar.gif
C:\WINDOWS\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 16:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-27 16:48 --------- d-----w C:\Documents and Settings\User\Application Data\AVGTOOLBAR
2008-04-27 16:37 --------- d-----w C:\Program Files\Steam
2008-04-27 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-27 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-04-27 13:16 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-04-26 18:36 --------- d-----w C:\Program Files\AVG
2008-04-25 13:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\PCDr
2008-04-19 19:10 --------- d-----w C:\Documents and Settings\User\Application Data\U3
2008-04-12 17:32 --------- d-----w C:\Documents and Settings\User\Application Data\Skype
2008-04-08 13:07 --------- d-----w C:\Program Files\Google
2008-03-26 19:13 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-10 16:28 --------- d-----w C:\Documents and Settings\User\Application Data\Hamachi
2008-03-05 11:07 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-05 11:07 --------- d-----w C:\Program Files\Windows Live
2008-03-05 11:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 21:54 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-02-28 21:54 --------- d-----w C:\Program Files\Hamachi
2007-11-10 21:49 8 ------w C:\Documents and Settings\User\Application Data\usb.dat.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
04/27/2008 04:16 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [04/27/2008 04:16 PM 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [04/27/2008 04:16 PM 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 PM 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="C:\Program Files\Lenovo\TrackPoint\tp4serv.exe" [11/08/2007 11:56 AM 92960]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [10/29/2005 05:04 AM 864256]
"TpShocks"="TpShocks.exe" [11/07/2005 09:14 PM 106496 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [10/17/2005 11:11 AM 65536 C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [11/17/2005 12:22 PM 237568]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [12/16/2005 12:00 AM 94208]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/16/2005 12:19 AM 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/07/2005 12:06 AM 716800]
"suScheduler"="C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe" [08/02/2005 03:32 AM 40960]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [11/24/2005 11:02 AM 106496]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/02/2005 07:21 PM 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [08/19/2005 03:22 AM 85696]
"cssauth"="C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [12/22/2005 04:08 AM 1996336]
"PDService.exe"="C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [11/15/2005 11:13 PM 49152]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [11/29/2005 08:55 PM 196696]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [12/07/2005 11:12 AM 151552]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [12/07/2005 11:12 AM 208896]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [07/08/2006 02:14 AM 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [07/08/2006 02:15 AM 600896]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 11:22 AM 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [03/17/2005 03:25 PM 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [03/17/2005 03:45 PM 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [03/28/2006 04:48 PM 622592]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [01/26/2005 07:02 PM 49152]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [04/10/2006 03:58 PM 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM 39792]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [08/09/2007 05:32 PM 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [08/09/2007 05:32 PM 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [08/09/2007 05:32 PM 131072]
"PCDrProfiler"="" []
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/27/2008 04:16 PM 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 03:00 PM 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [08/04/2004 03:00 PM 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-10-14 16:41:05 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 12/22/2005 04:42 AM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 12/09/2005 12:59 AM 39936 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 07/06/2005 09:45 AM 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 12/01/2005 06:16 AM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\steamapps\\shy_oren\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [12/01/2005 01:58 AM]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [11/08/2005 07:27 PM]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [04/27/2008 04:16 PM]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [12/08/2005 07:14 AM]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [06/20/2005 10:18 PM]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [12/07/2005 11:12 AM]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [04/27/2008 04:16 PM]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [12/22/2005 03:14 AM]
R2 PrivateDisk;PrivateDisk;C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [11/15/2005 11:11 PM]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [12/22/2005 02:45 AM]
R2 smihlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [12/09/2005 12:44 AM]
R2 tp4serv;tp4serv;C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE [11/08/2007 11:56 AM]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [10/15/2004 01:50 PM]
R3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [01/22/2008 12:00 PM]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [12/09/2005 12:54 AM]
R3 Tp4Track;PS/2 TrackPoint Driver;C:\WINDOWS\system32\DRIVERS\tp4track.sys [11/08/2007 11:56 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{497898e0-9371-11dc-ac16-00197e35cb3d}]
\Shell\AutoRun\command - D:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{497898e1-9371-11dc-ac16-00197e35cb3d}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
\Shell\Open\command - E:\Boot.exe e

.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 16:57:35 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2007-10-14 14:05:42 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 19:56:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 33

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
.
**************************************************************************
.
Completion time: 04/27/2008 20:00:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-27 17:00:20

Pre-Run: 8,779,366,400 bytes free
Post-Run: 9,056,542,720 bytes free

306


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 27, 2008 9:32:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/04/2008
Kaspersky Anti-Virus database records: 727600
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 62944
Number of viruses found: 5
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 01:06:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwdsvc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0000\4E3F9515.VBN Infected: Virus.Win32.VB.cd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E2C0001\4E3F96FB.VBN Infected: Trojan-PSW.Win32.OnLineGames.oby skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E3C0000\4F3C464E.VBN Infected: Virus.Win32.VB.cd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00000\4FF8277E.VBN Infected: Worm.Win32.Perlovga.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Client Firewall\System.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\MSHist012008042720080428\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT\0580NAV~.TMP Object is locked skipped
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT\0902NAV~.TMP Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP123\A0017288.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP124\A0017338.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP124\A0017369.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP125\A0017375.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP125\A0017436.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP125\A0017452.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP126\A0017483.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP126\A0018519.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP126\A0018538.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP126\A0018559.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP126\A0018582.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP127\A0018588.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP129\A0018732.inf Infected: Trojan-PSW.Win32.OnLineGames.vum skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP132\change.log Object is locked skipped
C:\temp\daemon4121-lite.exe/stream/data0050 Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
C:\temp\daemon4121-lite.exe/stream Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
C:\temp\daemon4121-lite.exe NSIS: infected - 2 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked ski