Logfile of random's system information tool 1.04 (written by random/random)
Run by 025823 at 2008-11-18 15:55:03
Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (32%) free of 38 GB
Total RAM: 511 MB (29% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:05 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\icollect\icserv.exe
c:\icollect\wake_up.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PatchLink\Update Agent\GravitixService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\PatchLink\Update Agent\pddm.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\025823\Desktop\haxfix.exe
C:\WINDOWS\system32\cmd.exe
C:\HaxFix\catchme.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\025823\Desktop\RSIT.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\Trend Micro\HijackThis\025823.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://access.bah.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O1 - Hosts: 156.80.12.193 savprod
O1 - Hosts: 156.80.12.193 savprod.bah.com
O1 - Hosts: 156.80.12.194 savbkup
O1 - Hosts: 156.80.12.194 savbkup.bah.com
O1 - Hosts: 156.80.215.55 savprod-dr
O1 - Hosts: 156.80.215.55 savprod-dr.bah.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.bah.com
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www2.snapfish...fishActivia.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterf...ds/Uploader.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = resource.ds.bah.com
O17 - HKLM\Software\..\Telephony: DomainName = resource.ds.bah.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = resource.ds.bah.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = resource.ds.bah.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: kryostm - kryostm.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - c:\icollect\icserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PatchLink Update - PatchLink Corporation - C:\Program Files\PatchLink\Update Agent\GravitixService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
--
End of file - 11254 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\BMMTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-24 53408]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-05-26 124656]
"iPrint Tray"=C:\WINDOWS\system32\iprntctl.exe [2007-09-06 40960]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2006-02-14 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-02-14 512000]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-05-25 344064]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-07-25 94208]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2006-03-15 106496]
"BMMGAG"=RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll []
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2005-04-19 20480]
"BMMMONWND"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2005-04-19 396288]
"BLOG"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL [2005-04-19 208896]
"TPKBDLED"=C:\WINDOWS\system32\TpScrLk.exe [2002-10-08 40960]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2006-10-05 409600]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2006-10-05 110592]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"NWTRAY"=C:\WINDOWS\system32\NWTRAY.EXE [2002-03-12 28672]
"PDDM"=C:\Program Files\PatchLink\Update Agent\pddm.exe [2007-01-25 421888]
"iPrint Event Monitor"=C:\WINDOWS\system32\iprntlgn.exe [2007-09-06 45056]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"brastk"=C:\WINDOWS\system32\brastk.exe [2008-11-15 9728]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"COMMUNICATOR"=C:\Program Files\Microsoft Office Communicator\Communicator.exe [2005-11-30 3897040]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2006-10-05 32768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-05-25 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify]
C:\WINDOWS\system32\ckpNotify.dll [2005-03-01 24672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kryostm]
kryostm.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-05-26 43760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=0
"CompatibleRUPSecurity"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSharedDocuments"=1
"NoDriveAutoRun"=67108863
"NoSMConfigurePrograms"=1
"NoSimpleStartMenu"=1
"LockTaskbar"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"LockTaskbar"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"
"C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"
"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec45cbf2-5dcc-11dd-8ac9-000e35760107}]
shell\AutoRun\command - E:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2008-11-18 15:52:40 ----D---- C:\rsit
2008-11-18 15:51:36 ----D---- C:\HaxFix
2008-11-18 15:51:36 ----A---- C:\HaxFix.exe
2008-11-15 09:20:28 ----A---- C:\WINDOWS\system32\wini10253.exe
2008-11-15 08:15:00 ----A---- C:\WINDOWS\system32\delself.bat
2008-11-15 08:14:59 ----A---- C:\WINDOWS\system32\brastk.exe
2008-11-15 08:14:56 ----A---- C:\WINDOWS\system32\a.exe
2008-11-14 18:13:49 ----A---- C:\WINDOWS\system32\FC5J6mgN.exe.a_a
2008-11-14 17:34:28 ----A---- C:\WINDOWS\system32\~.exe
2008-11-14 17:16:14 ----D---- C:\Documents and Settings\025823\Application Data\Malwarebytes
2008-11-14 17:16:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-14 17:16:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-14 16:53:33 ----D---- C:\Program Files\Trend Micro
2008-11-04 20:12:10 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-04 20:12:10 ----D---- C:\Documents and Settings\025823\Application Data\Yahoo!
2008-11-04 20:05:31 ----HD---- C:\WINDOWS\msdownld.tmp
2008-11-04 20:04:56 ----D---- C:\WINDOWS\WBEM
2008-11-04 20:04:55 ----D---- C:\WINDOWS\system32\en-US
2008-11-04 20:02:35 ----HDC---- C:\WINDOWS\ie7
2008-11-04 20:02:16 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-04 20:01:54 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-04 20:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-04 20:01:01 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-04 18:57:43 ----D---- C:\Program Files\Lavasoft
2008-11-04 18:57:43 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-04 17:04:30 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2008-11-04 17:04:30 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2008-11-04 17:04:30 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2008-11-04 17:04:30 ----A---- C:\WINDOWS\system32\unrar3.dll
2008-11-04 17:04:30 ----A---- C:\WINDOWS\system32\unacev2.dll
2008-11-04 17:04:23 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-11-04 17:04:23 ----D---- C:\Documents and Settings\025823\Application Data\Simply Super Software
2008-11-04 17:00:28 ----D---- C:\Program Files\Trojan Killer
2008-11-01 18:54:17 ----A---- C:\WINDOWS\system32\K53s3l52.exe
======List of files/folders modified in the last 1 months======
2008-11-18 15:52:09 ----D---- C:\WINDOWS\system32\spool
2008-11-18 15:52:09 ----D---- C:\WINDOWS\system32
2008-11-18 15:52:09 ----D---- C:\WINDOWS
2008-11-18 15:40:46 ----D---- C:\WINDOWS\Temp
2008-11-18 15:40:23 ----SD---- C:\WINDOWS\Tasks
2008-11-18 15:39:06 ----D---- C:\icollect
2008-11-18 15:34:28 ----D---- C:\Program Files\Symantec AntiVirus
2008-11-18 15:34:18 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-18 15:34:18 ----D---- C:\WINDOWS\Registration
2008-11-18 15:34:17 ----A---- C:\WINDOWS\ModemLog_ThinkPad Integrated 56K Modem.txt
2008-11-18 15:34:13 ----D---- C:\WINDOWS\system32\NtmsData
2008-11-17 22:41:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-17 19:22:58 ----D---- C:\Program Files\Mozilla Firefox
2008-11-17 19:21:26 ----D---- C:\WINDOWS\Prefetch
2008-11-17 16:52:46 ----SHD---- C:\WINDOWS\CSC
2008-11-15 08:14:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-14 17:38:05 ----D---- C:\WINDOWS\system32\drivers
2008-11-14 17:35:49 ----AD---- C:\Program Files
2008-11-04 20:07:55 ----HD---- C:\WINDOWS\inf
2008-11-04 20:07:55 ----D---- C:\WINDOWS\Help
2008-11-04 20:07:55 ----D---- C:\Program Files\Internet Explorer
2008-11-04 20:05:36 ----D---- C:\Program Files\Yahoo!
2008-11-04 20:05:04 ----D---- C:\WINDOWS\system32\config
2008-11-04 20:04:46 ----D---- C:\WINDOWS\Media
2008-11-04 20:02:21 ----A---- C:\WINDOWS\imsins.BAK
2008-11-04 20:01:10 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-04 20:00:03 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-04 19:55:07 ----SHD---- C:\WINDOWS\Installer
2008-11-04 19:55:07 ----D---- C:\Program Files\Common Files
2008-11-04 15:24:09 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-11-03 20:25:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-02 21:12:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-24 17:58:06 ----D---- C:\WINDOWS\security
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 nipplpt2;Novell iCapture Lpt Redirector 2; C:\WINDOWS\system32\drivers\nipplpt.sys [2007-09-06 34671]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 ShockMgr;ShockMgr; C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 4736]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-08-02 14848]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-01-24 195776]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-08-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-05 17699]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2005-04-19 16384]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2006-07-20 7168]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-03-10 21419]
R2 iPassP;iPass Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\iPassP.sys [2008-03-10 21419]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 NetwareWorkstation;Novell Client for Windows; C:\WINDOWS\system32\NetWare\nwfs.sys [2005-10-27 497743]
R2 NWDHCP;Novell DHCP Inform Client; C:\WINDOWS\system32\NetWare\nwdhcp.sys [2005-11-09 18353]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 NWSIPX32;Novell NetWare IPX/SPX Transport Interface; C:\WINDOWS\system32\NetWare\nwsipx32.sys [2005-10-27 39731]
R2 PMEM;PMEM; \??\C:\WINDOWS\SYSTEM32\DRIVERS\PMEMNT.SYS []
R2 RESMGR;Novell NetWare Resource Manager; C:\WINDOWS\system32\NetWare\resmgr.sys [2004-06-01 27249]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-08-02 12544]
R2 Scap;SecureClient Application Policy Module; C:\WINDOWS\System32\DRIVERS\Scap.sys [2005-03-01 17456]
R2 SRVLOC;Novell Service Location; C:\WINDOWS\system32\NetWare\srvloc.sys [2005-10-27 155761]
R2 VPN-1;VPN-1 Module; C:\WINDOWS\System32\drivers\vpn.sys [2005-03-01 670128]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2005-03-04 127872]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-05-25 1133056]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-10-26 125952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FW1;SecuRemote Miniport; C:\WINDOWS\system32\DRIVERS\fw.sys [2005-03-01 2041904]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-10-18 242304]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2005-11-10 10112]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081118.002\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081118.002\navex15.sys []
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-03 28672]
R3 NWDNS;Novell DNS Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwdns.sys [2005-09-29 35568]
R3 NWHOST;Novell Host File Name Space Service Provider; C:\WINDOWS\system32\NetWare\NWHOST.sys [2005-10-12 9297]
R3 NWSAP;Novell SAP Name Space Provider; C:\WINDOWS\system32\NetWare\NWSAP.sys [2003-02-26 23232]
R3 NWSLP;Novell SLP Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwslp.sys [2005-01-03 20332]
R3 NWSNS;Novell Simple Naming Services; C:\WINDOWS\system32\NetWare\NWSNS.sys [2005-10-12 6128]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-28 220992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-02-14 177664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-06-29 2206720]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S3 catchme;catchme; \??\C:\DOCUME~1\025823\LOCALS~1\Temp\catchme.sys []
S3 G200;G200; C:\WINDOWS\system32\DRIVERS\G200m.sys [2001-08-17 320384]
S3 OMVA;VPN-1 SecureClient Adapter; C:\WINDOWS\system32\DRIVERS\OMVA.sys [2005-03-01 14924]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2006-10-05 53248]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2006-10-05 167936]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-05-25 364544]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-05-26 31472]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-01 434176]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2005-11-10 73782]
R2 iCollectService;MC/Empower i.collect Service; c:\icollect\icserv.exe [2003-11-17 57344]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PatchLink Update;PatchLink Update; C:\Program Files\PatchLink\Update Agent\GravitixService.exe [2007-01-25 81920]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-01 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-08-01 937984]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 SR_Service;Check Point SecuRemote Service; C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe [2005-03-01 110689]
R2 SR_WatchDog;Check Point SecuRemote WatchDog; C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe [2005-03-01 36962]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-05-26 1805040]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.EXE [2005-06-20 77824]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 cusrvc;Client Update Service for Novell; C:\WINDOWS\system32\cusrvc.exe [2005-01-18 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-11-23 89792]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-05-26 115952]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-01-24 214720]
S4 iPassConnectEngine;iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [2006-11-30 1310720]
S4 iPassPeriodicUpdateApp;iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe [2006-11-29 126976]
S4 iPassPeriodicUpdateService;iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe [2006-11-29 86016]
S4 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
Next Log
Logfile of random's system information tool 1.04 (written by random/random)
Run by 025823 at 2008-11-18 15:52:40
Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (32%) free of 38 GB
Total RAM: 511 MB (21% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:16 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\icollect\icserv.exe
c:\icollect\wake_up.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PatchLink\Update Agent\GravitixService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\PatchLink\Update Agent\pddm.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office Communicator\Communicator.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\025823\Desktop\haxfix.exe
C:\WINDOWS\system32\cmd.exe
C:\HaxFix\catchme.exe
C:\Documents and Settings\025823\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\025823.exe
C:\WINDOWS\system32\ping.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://access.bah.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O1 - Hosts: 156.80.12.193 savprod
O1 - Hosts: 156.80.12.193 savprod.bah.com
O1 - Hosts: 156.80.12.194 savbkup
O1 - Hosts: 156.80.12.194 savbkup.bah.com
O1 - Hosts: 156.80.215.55 savprod-dr
O1 - Hosts: 156.80.215.55 savprod-dr.bah.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [PDDM] C:\Program Files\PatchLink\Update Agent\pddm.exe
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.bah.com
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www2.snapfish...fishActivia.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterf...ds/Uploader.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = resource.ds.bah.com
O17 - HKLM\Software\..\Telephony: DomainName = resource.ds.bah.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = resource.ds.bah.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = resource.ds.bah.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: kryostm - kryostm.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - c:\icollect\icserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PatchLink Update - PatchLink Corporation - C:\Program Files\PatchLink\Update Agent\GravitixService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
--
End of file - 11188 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\BMMTask.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-24 53408]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-05-26 124656]
"iPrint Tray"=C:\WINDOWS\system32\iprntctl.exe [2007-09-06 40960]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2006-02-14 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-02-14 512000]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-05-25 344064]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-09-23 860160]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-07-25 94208]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2006-03-15 106496]
"BMMGAG"=RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll []
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2005-04-19 20480]
"BMMMONWND"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2005-04-19 396288]
"BLOG"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL [2005-04-19 208896]
"TPKBDLED"=C:\WINDOWS\system32\TpScrLk.exe [2002-10-08 40960]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2006-10-05 409600]
"ACWLIcon&quo