# Solved: MSN malware



## jefflimpc (Nov 13, 2007)

Hi CheeseBall81,

you helped me with a problem the other time and I am coming straight back to you...

My machine seem to be infected with some MSN malware/virus. It keeps logging me out from MSN now and then and some of my contacts reported receiving some msg asking them to go to a link with my id in it...

Below is my HJ log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:31 PM, on 07-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.6\OLAP\bin\msmdsrv.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.7\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdemain.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Segmain.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Cfgmain.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\cnscim.exe
C:\Program Files\NCR\TDAT\LRSG\BIN\rsgmain.exe
C:\Program Files\NCR\TDAT\LTGTW\BIN\gtwgateway.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssmain.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssrss.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\disstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sestsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\rtsmain.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\temp2\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://stelect
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=D5BwpJFu1OkY5EtUGfMrBTzNmAU
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.stee.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.stengglink.com;*.int.stee.com.sg;*.iss.stee.sg;10.62.*.*;10.69.*.*;10.61.*.*;10.200.*.*;10.201.*.*;<local>
O1 - Hosts: 203.96.63.155 mail.compudigm.co.nz
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: LLIEHlprObj Class - {F757FBBF-10E5-4DDA-BBEA-2357E54BEA2B} - C:\Program Files\Open Text\Livelink Explorer\LLBHO3.DLL
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193958800437
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://10.69.40.85/Livelinksupport/otemailexp/outlook/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91072BC5-BC50-450C-A56D-5738523C9412}: Domain = stee.sg
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 18893 bytes


----------



## Cheeseball81 (Mar 3, 2004)

Please download *MsnCleaner.zip* and Save it to your Desktop.
Unzip it to the Desktop.
Now reboot your computer into *Safe Mode*. You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. Use your up arrow key to highlight SafeMode then hit Enter.
Double-click *MsnCleaner.exe* to run it.
Click the *Analyze* button.
A report will be created once after you finish scan.
If it finds an infection, click the *Deleted* button.
Now, please reboot back to normal mode.
Please post the contents of C:\*MsnCleaner.txt* in a reply to this post along with a new HJT log.


----------



## jefflimpc (Nov 13, 2007)

Thanks CheeseBall81! Below are the logs you asked for...

MSNCleaner log:

- Logfile MSNCleaner 1.6.2 by www.forospyware.com
- Created Logfile: 08-04-2008 on 10:11:28 AM
- Operative System: Windows XP
- Boot mode: Safe mode
_________________________________________

Detected files: 1
Deleted file: 1
Undeleted Files: 0

C:\WINDOWS\system32\tmp.txt <--- Deleted

Host file Restored

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:43 AM, on 08-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.6\OLAP\bin\msmdsrv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.7\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdemain.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Segmain.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Cfgmain.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\cnscim.exe
C:\Program Files\NCR\TDAT\LRSG\BIN\rsgmain.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\NCR\TDAT\LTGTW\BIN\gtwgateway.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssrss.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\disstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sestsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\rtsmain.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\temp2\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://stelect
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=D5BwpJFu1OkY5EtUGfMrBTzNmAU
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.stee.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.stengglink.com;*.int.stee.com.sg;*.iss.stee.sg;10.62.*.*;10.69.*.*;10.61.*.*;10.200.*.*;10.201.*.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: LLIEHlprObj Class - {F757FBBF-10E5-4DDA-BBEA-2357E54BEA2B} - C:\Program Files\Open Text\Livelink Explorer\LLBHO3.DLL
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193958800437
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://10.69.40.85/Livelinksupport/otemailexp/outlook/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91072BC5-BC50-450C-A56D-5738523C9412}: Domain = stee.sg
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 18640 bytes


----------



## Cheeseball81 (Mar 3, 2004)

Download ComboFix from *Here* or *Here* to your Desktop.

***Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop***
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results"_.
_Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask._
...
--------------------------------------------------------------------

Double click on *combofix.exe* & follow the prompts.

When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review.

***Note: Do not mouseclick combofix's window while it's running. That may cause it to stall***


----------



## jefflimpc (Nov 13, 2007)

Hi, I seem to be having a problem running ComboFix. I downloaded a new version, disabled my Symantec antivirus and tried running ComboFix a few times. It hanged at various stages and I had to reboot after 2hr. On my last try, it hanged at 'Preparing Log Report. Do not run any programs until ComboFix has finished' and it stayed this way for 3hr before I eventually did a reboot. I am sure I didnt accidentally mouseclick the window to cause it to hang like that.


----------



## Cheeseball81 (Mar 3, 2004)

See if it will run in Safe Mode.


----------



## jefflimpc (Nov 13, 2007)

Ok, managed to run it in Safe Mode...

ComboFix log:

ComboFix 08-04-08.7 - IBM 2008-04-10 8:54:21.8 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1725 [GMT 8:00]
Running from: C:\Documents and Settings\IBM\Desktop\ComboFix.exe

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-07 14:22 . 2008-04-08 10:11 d--------	C:\MSNCleaner
2008-04-03 11:19 . 2008-04-03 11:19 d--------	C:\Documents and Settings\IBM\Application Data\SpaceMonger
2008-04-03 11:04 . 2008-04-03 11:04	4	--a------	C:\WINDOWS\system32\wnsm2i.rdb
2008-03-19 10:26 . 2008-03-19 10:26	136,496	--a------	C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-19 10:26 . 2008-01-31 15:56	87,424	--a------	C:\WINDOWS\system32\drivers\SysPlant.sys
2008-03-19 10:26 . 2008-03-19 10:26	60,808	--a------	C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-19 10:26 . 2008-03-19 10:26	10,652	--a------	C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-19 10:26 . 2008-03-19 10:26	806	--a------	C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-19 09:05 . 2008-03-19 09:40 d--------	C:\Documents and Settings\IBM\Application Data\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 10:15	---------	d-----w	C:\Documents and Settings\IBM\Application Data\Skype
2008-04-09 06:42	---------	d-----w	C:\Documents and Settings\IBM\Application Data\skypePM
2008-04-07 08:10	---------	d-----w	C:\Program Files\SpyNoMore
2008-04-06 01:22	5,427	----a-w	C:\WINDOWS\system32\EGATHDRV.SYS
2008-03-25 08:15	50,536	----a-w	C:\WINDOWS\system32\drivers\WpsHelper.sys
2008-03-19 09:40	1,845,888	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-19 09:40	1,845,888	------w	C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 02:28	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-03-19 02:27	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-19 02:26	---------	d-----w	C:\Program Files\Symantec
2008-03-11 09:06	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-01 12:38	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-01 12:37	---------	d-----w	C:\Program Files\Microsoft SQL Server
2008-03-01 10:36	3,591,680	------w	C:\WINDOWS\system32\dllcache\mshtml.dll
2008-03-01 07:48	---------	d-----w	C:\Program Files\Microsoft Works
2008-03-01 07:41	---------	d-----w	C:\Program Files\Microsoft Visual Studio 8
2008-02-29 08:55	70,656	------w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55	625,664	------w	C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-26 01:07	---------	d-----w	C:\Program Files\MSN Messenger
2008-02-26 01:06	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 01:06	---------	d-----w	C:\Program Files\Windows Live
2008-02-26 01:05	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-22 10:00	13,824	------w	C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:52	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:52	282,624	------w	C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32	45,568	------w	C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32	148,992 ------w	C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 03:11	---------	d-----w	C:\Documents and Settings\IBM\Application Data\Apple Computer
2008-02-15 05:44	161,792	------w	C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-12 09:02	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-01-31 09:42	91,632	----a-w	C:\WINDOWS\system32\nts.dll
2008-01-31 09:42	83,440	----a-w	C:\WINDOWS\system32\pds.dll
2008-01-31 09:42	83,384	----a-w	C:\WINDOWS\system32\loc32vc0.dll
2008-01-31 09:42	46,584	----a-w	C:\WINDOWS\system32\msgsys.dll
2008-01-31 09:42	34,288	----a-w	C:\WINDOWS\system32\cba.dll
2008-01-31 07:53	48,000	----a-w	C:\WINDOWS\system32\FwsVpn.dll
2008-01-31 07:53	107,904	----a-w	C:\WINDOWS\system32\SymVPN.dll
2008-01-10 18:44	369,664	------w	C:\WINDOWS\system32\dllcache\asp51.dll
2008-01-10 05:20	257,024	------w	C:\WINDOWS\system32\dllcache\infocomm.dll
2007-12-03 08:56	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-20 10:53	1,250	----a-w	C:\Program Files\nsfnqels.txt
2007-07-18 02:18	19	------w	C:\Program Files\Answer.txt
.

((((((((((((((((((((((((((((( snapshot_2008-04-09_11.04.15.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-09 02:52:53	237,289	----a-w	C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-04-10 00:49:17	237,291	----a-w	C:\WINDOWS\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-20 01:14 159744]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-20 01:14 208896]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 13:17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 13:16 512000]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-29 02:30 243248]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 14:00 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 11:04 106496 C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 09:19 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 17:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-07 07:06 716800]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-11 03:12 90112]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-02-02 02:01 120368]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 21:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 08:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 08:50 81920]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 19:36 536576]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 08:24 196696]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-12-25 10:34 409600]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-12-25 10:29 110592]
"PDService.exe"="C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 08:38 41472]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 16:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"openvpn-gui"="C:\Program Files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 16:55 99328]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-10-13 17:04 707376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 03:08 115560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [ ]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
UltimateZip Quick Start.lnk - C:\Program Files\UltimateZip 2.7\uzqkst.exe [2002-03-17 13:13:28 266240]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free Lite\DVDShell.dll [2004-10-09 10:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 2006-08-17 01:07 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2006-12-08 19:44 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 19:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-532968704-4079188212-395606680-10116\Scripts\Logon\0\0]
"Script"=AMBU User Logon Script.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\seePower_prd\\training46\\Bin\\SeeStoreServer4.exe"=
"C:\\Personal\\documents\\Work\\Spotlight29\\bin\\SeeStoreServer4.exe"=
"C:\\seePower\\training46\\Bin\\SeeStoreServer4.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2006-03-16 09:08]
S0 cygarfad;cygarfad;C:\WINDOWS\system32\drivers\kihtfygk.sys []
S1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
S1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33]
S1 NcrBYNET;NcrBYNET;C:\WINDOWS\system32\drivers\NcrBYNET.sys [2000-11-01 09:31]
S1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-21 04:18]
S1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-12-20 01:14]
S2 BYNET;BYNET;C:\Program Files\NCR\BYNET Software\blmsvc.exe [2000-11-01 09:35]
S2 GtwRsrvTdmst;Teradata GTW Reserve Port;"C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe" [2002-11-22 10:17]
S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]
S2 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2007-03-03 23:12]
S2 ONC RPC Portmapper;ONC RPC Portmapper;"C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe" [2003-01-20 10:09]
S2 PdeinetdService;Teradata inetd Service;"C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe" [2003-01-20 10:09]
S2 PIPC Daemon;PIPC Daemon;"C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe" [2003-01-20 10:13]
S2 PrivateDisk;PrivateDisk;C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-14 08:05]
S2 recond;Teradata Database Initiator (recond);"C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe" "-s" []
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"C:\Program Files\Microsoft SQL Server\MSSQL.7\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2007-03-03 23:09]
S2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-07-15 07:55]
S2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2006-12-08 19:37]
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 20:00]
S2 U3SHLPDR200;U3SHLPDR200;C:\WINDOWS\System32\Drivers\U3SHLPDR200.SYS [2007-06-06 17:22]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
S3 Pdesys;PDE Sys Driver;C:\WINDOWS\system32\drivers\pdesys.sys [2003-03-27 09:20]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 17:53]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 20:37]
S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-12-08 19:16]
S3 TdqmServerService;TDQM Server;"C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe" [2002-11-26 08:55]
S3 tpflhlp;tpflhlp;C:\Program Files\Lenovo\System Update\session\79uj18us\tpflhlp.sys [2007-01-26 09:12]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

*Newly Created Service* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
"2008-04-10 00:44:11 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 08:57:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-04-10 8:58:51
ComboFix-quarantined-files.txt 2008-04-10 00:58:43
Pre-Run: 18,527,191,040 bytes free
Post-Run: 18,508,783,616 bytes free
.
2008-04-09 01:42:22	--- E O F ---


----------



## jefflimpc (Nov 13, 2007)

New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:44 AM, on 10-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.6\OLAP\bin\msmdsrv.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdemain.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Microsoft SQL Server\MSSQL.7\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Segmain.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Cfgmain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\cnscim.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\NCR\TDAT\LRSG\BIN\rsgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NCR\TDAT\LTGTW\BIN\gtwgateway.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssmain.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssrss.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\disstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sestsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\rtsmain.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\temp2\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=D5BwpJFu1OkY5EtUGfMrBTzNmAU
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.stee.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.stengglink.com;*.int.stee.com.sg;*.iss.stee.sg;10.62.*.*;10.69.*.*;10.61.*.*;10.200.*.*;10.201.*.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: LLIEHlprObj Class - {F757FBBF-10E5-4DDA-BBEA-2357E54BEA2B} - C:\Program Files\Open Text\Livelink Explorer\LLBHO3.DLL
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193958800437
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://10.69.40.85/Livelinksupport/otemailexp/outlook/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91072BC5-BC50-450C-A56D-5738523C9412}: Domain = stee.sg
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 18861 bytes


----------



## Cheeseball81 (Mar 3, 2004)

The log seems to check out okay....are you still having problems?


----------



## jefflimpc (Nov 13, 2007)

Have not encountered the problem since...

Thanks a lot!


----------



## Cheeseball81 (Mar 3, 2004)

You're welcome

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer.

Turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

You can mark your thread "Solved" from the *Thread Tools* drop down menu.


----------



## jefflimpc (Nov 13, 2007)

Will do. Thanks again...really appreciate your help!


----------



## Cheeseball81 (Mar 3, 2004)

:up:


----------



## jefflimpc (Nov 13, 2007)

Hi, I seem to have been infected again! Some of my MSN contacts reported msgs sent to them supposedly by me.

I generated the various logs as per what you adviced me previously...

Below is the HJT log before cleaning:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:50 PM, on 23-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.6\OLAP\bin\msmdsrv.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.7\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdemain.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Segmain.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Cfgmain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\cnscim.exe
C:\Program Files\NCR\TDAT\LRSG\BIN\rsgmain.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\NCR\TDAT\LTGTW\BIN\gtwgateway.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssmain.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssrss.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\disstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sestsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\rtsmain.exe
C:\WINDOWS\system32\msiexec.exe
C:\temp2\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=D5BwpJFu1OkY5EtUGfMrBTzNmAU
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.stee.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.stengglink.com;*.int.stee.com.sg;*.iss.stee.sg;10.62.*.*;10.69.*.*;10.61.*.*;10.200.*.*;10.201.*.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: LLIEHlprObj Class - {F757FBBF-10E5-4DDA-BBEA-2357E54BEA2B} - C:\Program Files\Open Text\Livelink Explorer\LLBHO3.DLL
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193958800437
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://10.69.40.85/Livelinksupport/otemailexp/outlook/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91072BC5-BC50-450C-A56D-5738523C9412}: Domain = stee.sg
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 18680 bytes


----------



## jefflimpc (Nov 13, 2007)

This is my MSNCleaner.log:

- Logfile MSNCleaner 1.6.2 by www.forospyware.com
- Created Logfile: 23-04-2008 on 3:45:32 PM
- Operative System: Windows XP
- Boot mode: Safe mode
_________________________________________

Detected files: 0
Deleted file: 0
Undeleted Files: 0

<<<<<<< No file found >>>>>>>


----------



## jefflimpc (Nov 13, 2007)

This is my ComboFix log:

ComboFix 08-04-22.1 - IBM 2008-04-23 15:47:14.9 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1734 [GMT 8:00]
Running from: C:\temp2\ComboFix.exe

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-17 08:57 . 2008-04-17 08:57 d--------	C:\WINDOWS\V7IT3DOY9KV5GR1C
2008-04-12 20:54 . 2008-04-19 22:50	162	--a------	C:\WINDOWS\igsmj2002.no
2008-04-12 20:53 . 2008-04-12 20:53	28,672	--a------	C:\WINDOWS\YingUnInsApp.exe
2008-04-07 14:22 . 2008-04-23 15:45 d--------	C:\MSNCleaner
2008-04-03 11:19 . 2008-04-03 11:19 d--------	C:\Documents and Settings\IBM\Application Data\SpaceMonger
2008-04-03 11:04 . 2008-04-03 11:04	4	--a------	C:\WINDOWS\system32\wnsm2i.rdb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 07:25	---------	d-----w	C:\Program Files\Java
2008-04-23 06:36	---------	d-----w	C:\Documents and Settings\IBM\Application Data\Skype
2008-04-23 06:33	---------	d-----w	C:\Documents and Settings\IBM\Application Data\skypePM
2008-04-20 01:51	5,427	----a-w	C:\WINDOWS\system32\EGATHDRV.SYS
2008-04-07 08:10	---------	d-----w	C:\Program Files\SpyNoMore
2008-03-25 08:15	50,536	----a-w	C:\WINDOWS\system32\drivers\WpsHelper.sys
2008-03-19 09:40	1,845,888	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-19 09:40	1,845,888	------w	C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 02:28	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-03-19 02:27	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-19 02:26	806	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-19 02:26	60,808	----a-w	C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-19 02:26	136,496	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-19 02:26	10,652	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-19 02:26	---------	d-----w	C:\Program Files\Symantec
2008-03-19 01:40	---------	d-----w	C:\Documents and Settings\IBM\Application Data\Download Manager
2008-03-11 09:06	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-01 12:38	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-01 12:37	---------	d-----w	C:\Program Files\Microsoft SQL Server
2008-03-01 10:36	3,591,680	------w	C:\WINDOWS\system32\dllcache\mshtml.dll
2008-03-01 07:48	---------	d-----w	C:\Program Files\Microsoft Works
2008-03-01 07:41	---------	d-----w	C:\Program Files\Microsoft Visual Studio 8
2008-02-29 08:55	70,656	------w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55	625,664	------w	C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-26 01:07	---------	d-----w	C:\Program Files\MSN Messenger
2008-02-26 01:06	---------	dcsh--w	C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-26 01:06	---------	d-----w	C:\Program Files\Windows Live
2008-02-26 01:05	---------	d-----w	C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-22 10:00	13,824	------w	C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:52	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:52	282,624	------w	C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32	45,568	------w	C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32	148,992	------w	C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44	161,792	------w	C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-31 09:42	91,632	----a-w	C:\WINDOWS\system32\nts.dll
2008-01-31 09:42	83,440	----a-w	C:\WINDOWS\system32\pds.dll
2008-01-31 09:42	83,384	----a-w	C:\WINDOWS\system32\loc32vc0.dll
2008-01-31 09:42	46,584	----a-w	C:\WINDOWS\system32\msgsys.dll
2008-01-31 09:42	34,288	----a-w	C:\WINDOWS\system32\cba.dll
2008-01-31 07:53	48,000	----a-w	C:\WINDOWS\system32\FwsVpn.dll
2008-01-31 07:53	107,904	----a-w	C:\WINDOWS\system32\SymVPN.dll
2007-12-03 08:56	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-20 10:53	1,250	----a-w	C:\Program Files\nsfnqels.txt
2007-07-18 02:18	19	------w	C:\Program Files\Answer.txt
.

((((((((((((((((((((((((((((( snapshot_2008-04-09_11.04.15.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-23 07:43:53	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2006-05-12 01:40:40	2,299	------w	C:\WINDOWS\Downloaded Program Files\LinkedInContactFinderControl.dat
+ 2007-10-11 01:55:14	2,560	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2006-04-30 07:24:36	3,024	------w	C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2004-08-04 12:00:00	2,000	------w	C:\WINDOWS\system\KEYBOARD.DRV
+ 2004-08-04 12:00:00	2,032	------w	C:\WINDOWS\system\MOUSE.DRV
+ 2004-08-04 12:00:00	1,744	------w	C:\WINDOWS\system\SOUND.DRV
+ 2004-08-04 12:00:00	2,176	------w	C:\WINDOWS\system\VGA.DRV
+ 2004-08-04 12:00:00	1,788	----a-w	C:\WINDOWS\system32\Dcache.bin
+ 2006-02-02 13:20:00	2,496	------w	C:\WINDOWS\system32\DLA\DLADResN.SYS
+ 2006-06-06 11:00:00	2,432	------w	C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2006-06-06 11:00:00	2,560	------w	C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2004-08-03 23:07:58	2,944	------w	C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2004-08-04 12:00:00	2,944	------w	C:\WINDOWS\system32\drivers\null.sys
- 2008-04-09 02:52:53	237,289	----a-w	C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-04-23 07:39:49	237,290	----a-w	C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2007-09-24 14:30:28	135,168	----a-w	C:\WINDOWS\system32\java.exe
+ 2008-02-21 17:23:35	135,168	----a-w	C:\WINDOWS\system32\java.exe
- 2007-09-24 14:30:30	135,168	----a-w	C:\WINDOWS\system32\javaw.exe
+ 2008-02-21 17:23:39	135,168	----a-w	C:\WINDOWS\system32\javaw.exe
- 2007-09-24 15:31:42	139,264	----a-w	C:\WINDOWS\system32\javaws.exe
+ 2008-02-21 18:33:32	139,264	----a-w	C:\WINDOWS\system32\javaws.exe
+ 2004-08-04 12:00:00	2,000	----a-w	C:\WINDOWS\system32\keyboard.drv
+ 2004-08-04 12:00:00	2,560	----a-w	C:\WINDOWS\system32\lz32.dll
+ 2004-08-04 12:00:00	2,032	----a-w	C:\WINDOWS\system32\mouse.drv
+ 2004-08-04 12:00:00	2,656	----a-w	C:\WINDOWS\system32\netware.drv
+ 2004-08-04 12:00:00	1,744	----a-w	C:\WINDOWS\system32\sound.drv
+ 2005-04-27 23:15:45	2,560	------w	C:\WINDOWS\system32\usmt\iconlib.dll
+ 2004-08-04 12:00:00	2,176	----a-w	C:\WINDOWS\system32\vga.drv
+ 2004-08-04 12:00:00	2,864	----a-w	C:\WINDOWS\system32\winsock.dll
+ 2004-08-04 12:00:00	2,112	----a-w	C:\WINDOWS\system32\winspool.exe
+ 2004-08-04 12:00:00	2,736	----a-w	C:\WINDOWS\system32\wowdeb.exe
+ 2008-04-23 07:47:43	16,384	----atw	C:\WINDOWS\TEMP\Perflib_Perfdata_4b8.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-20 01:14 159744]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-20 01:14 208896]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 13:17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 13:16 512000]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-29 02:30 243248]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 14:00 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 11:04 106496 C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 09:19 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 17:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-07 07:06 716800]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-11 03:12 90112]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-02-02 02:01 120368]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 21:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 08:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 08:50 81920]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 19:36 536576]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 08:24 196696]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-12-25 10:34 409600]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-12-25 10:29 110592]
"PDService.exe"="C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 08:38 41472]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 16:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"openvpn-gui"="C:\Program Files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 16:55 99328]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-10-13 17:04 707376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 03:08 115560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [ ]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
UltimateZip Quick Start.lnk - C:\Program Files\UltimateZip 2.7\uzqkst.exe [2002-03-17 13:13:28 266240]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free Lite\DVDShell.dll [2004-10-09 10:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 2006-08-17 01:07 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2006-12-08 19:44 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 19:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-532968704-4079188212-395606680-10116\Scripts\Logon\0\0]
"Script"=AMBU User Logon Script.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\seePower_prd\\training46\\Bin\\SeeStoreServer4.exe"=
"C:\\Personal\\documents\\Work\\Spotlight29\\bin\\SeeStoreServer4.exe"=
"C:\\seePower\\training46\\Bin\\SeeStoreServer4.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2006-03-16 09:08]
S0 cygarfad;cygarfad;C:\WINDOWS\system32\drivers\kihtfygk.sys []
S1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
S1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33]
S1 NcrBYNET;NcrBYNET;C:\WINDOWS\system32\drivers\NcrBYNET.sys [2000-11-01 09:31]
S1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-21 04:18]
S1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-12-20 01:14]
S2 BYNET;BYNET;C:\Program Files\NCR\BYNET Software\blmsvc.exe [2000-11-01 09:35]
S2 GtwRsrvTdmst;Teradata GTW Reserve Port;"C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe" [2002-11-22 10:17]
S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]
S2 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2007-03-03 23:12]
S2 ONC RPC Portmapper;ONC RPC Portmapper;"C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe" [2003-01-20 10:09]
S2 PdeinetdService;Teradata inetd Service;"C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe" [2003-01-20 10:09]
S2 PIPC Daemon;PIPC Daemon;"C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe" [2003-01-20 10:13]
S2 PrivateDisk;PrivateDisk;C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-14 08:05]
S2 recond;Teradata Database Initiator (recond);"C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe" "-s" []
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"C:\Program Files\Microsoft SQL Server\MSSQL.7\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2007-03-03 23:09]
S2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-07-15 07:55]
S2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2006-12-08 19:37]
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 20:00]
S2 U3SHLPDR200;U3SHLPDR200;C:\WINDOWS\System32\Drivers\U3SHLPDR200.SYS [2007-06-06 17:22]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
S3 Pdesys;PDE Sys Driver;C:\WINDOWS\system32\drivers\pdesys.sys [2003-03-27 09:20]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 17:53]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 20:37]
S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-12-08 19:16]
S3 TdqmServerService;TDQM Server;"C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe" [2002-11-26 08:55]
S3 tpflhlp;tpflhlp;C:\Program Files\Lenovo\System Update\session\79uj18us\tpflhlp.sys [2007-01-26 09:12]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06042db2-0b09-11dd-8178-0016cff22de1}]
\Shell\AutoRun\command - E:\WD_Windows_Tools\Setup.exe

*Newly Created Service* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
"2008-04-23 07:34:09 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 15:50:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-04-23 15:52:54
ComboFix-quarantined-files.txt 2008-04-23 07:52:42
ComboFix2.txt 2008-04-10 00:58:52

Pre-Run: 17,794,293,760 bytes free
Post-Run: 17,782,165,504 bytes free

247	--- E O F ---	2008-04-09 01:42:22


----------



## jefflimpc (Nov 13, 2007)

This is my HJT log after cleaning..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:06 PM, on 23-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.6\OLAP\bin\msmdsrv.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.7\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdemain.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Segmain.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Cfgmain.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\cnscim.exe
C:\Program Files\NCR\TDAT\LRSG\BIN\rsgmain.exe
C:\Program Files\NCR\TDAT\LTGTW\BIN\gtwgateway.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssmain.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssrss.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\disstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sestsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\rtsmain.exe
C:\temp2\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=D5BwpJFu1OkY5EtUGfMrBTzNmAU
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.stee.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.stengglink.com;*.int.stee.com.sg;*.iss.stee.sg;10.62.*.*;10.69.*.*;10.61.*.*;10.200.*.*;10.201.*.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: LLIEHlprObj Class - {F757FBBF-10E5-4DDA-BBEA-2357E54BEA2B} - C:\Program Files\Open Text\Livelink Explorer\LLBHO3.DLL
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193958800437
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://10.69.40.85/Livelinksupport/otemailexp/outlook/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91072BC5-BC50-450C-A56D-5738523C9412}: Domain = stee.sg
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 18828 bytes


----------



## Cheeseball81 (Mar 3, 2004)

Were you having problems again


----------



## jefflimpc (Nov 13, 2007)

Yeah, occasionally I get a dialog box saying that I have logged in to Messenger from another machine and thus have been logged out from my current laptop. And after I logged into MSN again, some of my contacts reported a msg being send to them to visit some website...


----------



## Cheeseball81 (Mar 3, 2004)

Run *ActiveScan* online virus scan:
http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. 
Post the contents of the ActiveScan report.


----------



## jefflimpc (Nov 13, 2007)

Ok, below is my ActiveScan report:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-28 11:39:19
PROTECTIONS: 1
MALWARE: 41
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec Endpoint Protection 11.0.900.913 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00041904 adware/sidesearch Adware No 0 Yes No hkey_classes_root\sep.av.scandlgs
00041904 adware/sidesearch Adware No 0 Yes No hkey_local_machine\software\classes\sep.av.scandlgs
00139061 Cookie/Doubleclick TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmdoubleclick1.zip[[email protected][1].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmatdmt2.zip[[email protected][2].txt]
00139064 Cookie/Atlas DMT TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmatdmt3.zip[[email protected][3].txt]
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\sdfix\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][2].txt
00145457 Cookie/FastClick TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmfastclick2.zip[[email protected][2].txt]
00145731 Cookie/Tribalfusion TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmtribalfusion2.zip[[email protected][2].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmmediaplex2.zip[[email protected][2].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmmediaplex1.zip[[email protected][1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmmediaplex10.zip[[email protected][1].txt]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmlinksynergy1.zip[[email protected][1].txt]
00145807 Cookie/Linksynergy TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmlinksynergy10.zip[[email protected][1].txt]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][2].txt
00167642 Cookie/Com.com TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmcom1.zip[[email protected][1].txt]
00167642 Cookie/Com.com TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmcom2.zip[[email protected][2].txt]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\byijk260.default\cookies.txt[.statcounter.com/]
00167795 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\byijk260.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\byijk260.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmad2.zip[[email protected][2].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmad1.zip[[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmad0.zip[[email protected][1].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmad.zip[[email protected][2].txt]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\byijk260.default\cookies.txt[ad.yieldmanager.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmburstnet2.zip[[email protected][2].txt]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmserving-sys2.zip[[email protected][2].txt]
00168090 Cookie/Serving-sys TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmserving-sys1.zip[[email protected][1].txt]
00168093 Cookie/Serving-sys TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmbs.zip[[email protected][2].txt]
00168093 Cookie/Serving-sys TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmbs0.zip[[email protected][1].txt]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][2].txt
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][1].txt
00168109 Cookie/Adtech TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmadtech2.zip[[email protected][2].txt]
00168109 Cookie/Adtech TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmadtech1.zip[[email protected][1].txt]
00168109 Cookie/Adtech TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmadtech10.zip[[email protected][1].txt]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmadvertising1.zip[[email protected][1].txt]
00169190 Cookie/Advertising TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmadvertising10.zip[[email protected][1].txt]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmstatse0.zip[[email protected][1].txt]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmstatse.zip[[email protected][2].txt]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmrealmedia2.zip[[email protected][2].txt]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmquestionmarket3.zip[[email protected][3].txt]
00171982 Cookie/QuestionMarket TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmquestionmarket1.zip[[email protected][1].txt]
00172221 Cookie/Zedo TrackingCookie  No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmzedo3.zip[[email protected][3].txt]
00172221 Cookie/Zedo TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmzedo1.zip[[email protected][1].txt]
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][1].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][2].txt
00286739 Cookie/Hitbox TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmehg-dig.zip[[email protected][4].txt]
00286739 Cookie/Hitbox TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmehg-dig2.zip[[email protected][1].txt]
00286739 Cookie/Hitbox TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmehg-dig0.zip[[email protected][2].txt]
00286739 Cookie/Hitbox TrackingCookie No 0 No No C:\Program Files\SpyNoMore\RollBack\ibmehg-dig1.zip[[email protected][1].txt]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\temp2\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP11\A0001536.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP11\A0001528.EXE
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\IBM\Cookies\[email protected][2].txt
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\WINDOWS\system32\drivers\dxwswaqm.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\WINDOWS\system32\drivers\natoyouu.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\WINDOWS\system32\drivers\nwsllbiq.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\WINDOWS\system32\drivers\uvcjdrgk.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\WINDOWS\system32\drivers\bbgdgbqi.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location  
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 
;===================================================================================================================================================================================
;===================================================================================================================================================================================


----------



## Cheeseball81 (Mar 3, 2004)

Please download *Rootkit Revealer* (link is at the very bottom of the page)
Unzip it to your desktop.
Open the rootkitrevealer folder and double-click *rootkitrevealer.exe*
Click the *Scan* button (bottom right)
It may take a while to scan (don't do anything while it's running)
When it's done, go up to *File > Save*. Choose to save it to your desktop.
Open *rootkitrevealer.txt* on your desktop and copy the entire contents and paste them here


----------



## jefflimpc (Nov 13, 2007)

I seem to have a problem running Rootkit Revealer. Whenever I try to save the file, I keep getting the msg 'Rootkit Revealer detection utility has encountered a problem and need to close. We are sorry for the inconvenience'. I even try running it with my anti-virus disabled...same problem. It wouldnt run in Safe mode too...


----------



## Cheeseball81 (Mar 3, 2004)

Hmm thats odd, please rerun Combofix and post the results.


----------



## jefflimpc (Nov 13, 2007)

Here's my ComboFix log:

ComboFix 08-04-29.5 - IBM 2008-05-02 0:41:09.10 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1647 [GMT 8:00]
Running from: C:\temp2\ComboFix.exe

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\chedhkvi.ini
C:\WINDOWS\system32\dqgpanjl.ini
C:\WINDOWS\system32\hcslikoa.ini
C:\WINDOWS\system32\hdkkgyur.ini
C:\WINDOWS\system32\imoooqlm.ini
C:\WINDOWS\system32\itvevkbn.ini
C:\WINDOWS\system32\iwnthitw.ini
C:\WINDOWS\system32\kfxwvdvc.ini
C:\WINDOWS\system32\kuiloakw.ini
C:\WINDOWS\system32\kxttsuse.ini
C:\WINDOWS\system32\ladguris.ini
C:\WINDOWS\system32\lcvcpkmj.ini
C:\WINDOWS\system32\nqatibre.ini
C:\WINDOWS\system32\ogxmbfbd.ini
C:\WINDOWS\system32\onshrkxv.ini
C:\WINDOWS\system32\pkpymxmt.ini
C:\WINDOWS\system32\pslffpej.ini
C:\WINDOWS\system32\pytfylst.ini
C:\WINDOWS\system32\qmmhmttj.ini
C:\WINDOWS\system32\rqngguqt.ini
C:\WINDOWS\system32\tuxiqgbj.ini
C:\WINDOWS\system32\udwsjobd.ini
C:\WINDOWS\system32\wxqkeeit.ini
C:\WINDOWS\system32\xqlpkpmm.ini
C:\WINDOWS\system32\ykntweib.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-01 to 2008-05-01 )))))))))))))))))))))))))))))))
.

2008-04-28 09:28 . 2008-04-28 09:29 d--------	C:\Program Files\Panda Security
2008-04-17 08:57 . 2008-04-17 08:57 d--------	C:\WINDOWS\V7IT3DOY9KV5GR1C
2008-04-12 20:54 . 2008-04-27 11:39	162	--a------	C:\WINDOWS\igsmj2002.no
2008-04-12 20:53 . 2008-04-12 20:53	28,672	--a------	C:\WINDOWS\YingUnInsApp.exe
2008-04-07 14:22 . 2008-04-23 15:45 d--------	C:\MSNCleaner
2008-04-03 11:19 . 2008-04-03 11:19 d--------	C:\Documents and Settings\IBM\Application Data\SpaceMonger
2008-04-03 11:04 . 2008-04-03 11:04	4	--a------	C:\WINDOWS\system32\wnsm2i.rdb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 10:13	---------	d-----w	C:\Documents and Settings\IBM\Application Data\Skype
2008-04-30 08:01	---------	d-----w	C:\Documents and Settings\IBM\Application Data\skypePM
2008-04-27 02:20	5,427	----a-w	C:\WINDOWS\system32\EGATHDRV.SYS
2008-04-23 07:25	---------	d-----w	C:\Program Files\Java
2008-04-07 08:10	---------	d-----w	C:\Program Files\SpyNoMore
2008-03-25 08:15	50,536	----a-w	C:\WINDOWS\system32\drivers\WpsHelper.sys
2008-03-19 09:40	1,845,888	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-19 09:40	1,845,888	------w	C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 02:28	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-03-19 02:27	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-19 02:26	806	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-19 02:26	60,808	----a-w	C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-19 02:26	136,496	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-19 02:26	10,652	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-19 02:26	---------	d-----w	C:\Program Files\Symantec
2008-03-19 01:40	---------	d-----w	C:\Documents and Settings\IBM\Application Data\Download Manager
2008-03-11 09:06	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-01 12:38	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-01 12:37	---------	d-----w	C:\Program Files\Microsoft SQL Server
2008-03-01 10:36	3,591,680	------w	C:\WINDOWS\system32\dllcache\mshtml.dll
2008-03-01 07:48	---------	d-----w	C:\Program Files\Microsoft Works
2008-03-01 07:41	---------	d-----w	C:\Program Files\Microsoft Visual Studio 8
2008-02-29 08:55	70,656	------w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55	625,664	------w	C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00	13,824	------w	C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:52	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:52	282,624	------w	C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32	45,568	------w	C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32	148,992	------w	C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44	161,792	------w	C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-03 08:56	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-20 10:53	1,250	----a-w	C:\Program Files\nsfnqels.txt
2007-07-18 02:18	19	------w	C:\Program Files\Answer.txt
.

((((((((((((((((((((((((((((( snapshot_2008-04-09_11.04.15.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-01 16:36:18	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-03-25 10:13:04	124,208	----a-w	C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 05:49:56	12,592	----a-w	C:\WINDOWS\Downloaded Program Files\libcomm.dll
+ 2006-05-12 01:40:40	2,299	------w	C:\WINDOWS\Downloaded Program Files\LinkedInContactFinderControl.dat
+ 2007-10-11 01:55:14	2,560	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2006-04-30 07:24:36	3,024	------w	C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2004-08-04 12:00:00	2,000	------w	C:\WINDOWS\system\KEYBOARD.DRV
+ 2004-08-04 12:00:00	2,032	------w	C:\WINDOWS\system\MOUSE.DRV
+ 2004-08-04 12:00:00	1,744	------w	C:\WINDOWS\system\SOUND.DRV
+ 2004-08-04 12:00:00	2,176	------w	C:\WINDOWS\system\VGA.DRV
- 2008-03-05 08:19:50	16,384	------w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-30 01:26:51	16,384	------w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-05 08:19:50	32,768	------w	C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-30 01:26:51	32,768	------w	C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-05 08:19:50	32,768	------w	C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-30 01:26:51	32,768	------w	C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-04 12:00:00	1,788	----a-w	C:\WINDOWS\system32\Dcache.bin
+ 2006-02-02 13:20:00	2,496	------w	C:\WINDOWS\system32\DLA\DLADResN.SYS
+ 2006-06-06 11:00:00	2,432	------w	C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2006-06-06 11:00:00	2,560	------w	C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2004-08-03 23:07:58	2,944	------w	C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2004-08-04 12:00:00	2,944	------w	C:\WINDOWS\system32\drivers\null.sys
- 2008-04-09 02:52:53	237,289	----a-w	C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-05-01 16:31:44	237,289	----a-w	C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2007-09-24 14:30:28	135,168	----a-w	C:\WINDOWS\system32\java.exe
+ 2008-02-21 17:23:35	135,168	----a-w	C:\WINDOWS\system32\java.exe
- 2007-09-24 14:30:30	135,168	----a-w	C:\WINDOWS\system32\javaw.exe
+ 2008-02-21 17:23:39	135,168	----a-w	C:\WINDOWS\system32\javaw.exe
- 2007-09-24 15:31:42	139,264	----a-w	C:\WINDOWS\system32\javaws.exe
+ 2008-02-21 18:33:32	139,264	----a-w	C:\WINDOWS\system32\javaws.exe
+ 2004-08-04 12:00:00	2,000	----a-w	C:\WINDOWS\system32\keyboard.drv
+ 2004-08-04 12:00:00	2,560	----a-w	C:\WINDOWS\system32\lz32.dll
+ 2004-08-04 12:00:00	2,032	----a-w	C:\WINDOWS\system32\mouse.drv
+ 2004-08-04 12:00:00	2,656	----a-w	C:\WINDOWS\system32\netware.drv
+ 2004-08-04 12:00:00	1,744	----a-w	C:\WINDOWS\system32\sound.drv
+ 2005-04-27 23:15:45	2,560	------w	C:\WINDOWS\system32\usmt\iconlib.dll
+ 2004-08-04 12:00:00	2,176	----a-w	C:\WINDOWS\system32\vga.drv
+ 2004-08-04 12:00:00	2,864	----a-w	C:\WINDOWS\system32\winsock.dll
+ 2004-08-04 12:00:00	2,112	----a-w	C:\WINDOWS\system32\winspool.exe
+ 2004-08-04 12:00:00	2,736	----a-w	C:\WINDOWS\system32\wowdeb.exe
+ 2008-05-01 16:41:02	16,384	----atw	C:\WINDOWS\TEMP\Perflib_Perfdata_6a8.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-20 01:14 159744]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-20 01:14 208896]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 13:17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 13:16 512000]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-29 02:30 243248]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 14:00 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 11:04 106496 C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 09:19 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 17:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-07 07:06 716800]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-11 03:12 90112]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-02-02 02:01 120368]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 21:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 08:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 08:50 81920]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 19:36 536576]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 08:24 196696]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-12-25 10:34 409600]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-12-25 10:29 110592]
"PDService.exe"="C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 08:38 41472]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 16:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"openvpn-gui"="C:\Program Files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 16:55 99328]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-10-13 17:04 707376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 03:08 115560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [ ]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
UltimateZip Quick Start.lnk - C:\Program Files\UltimateZip 2.7\uzqkst.exe [2002-03-17 13:13:28 266240]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free Lite\DVDShell.dll [2004-10-09 10:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 2006-08-17 01:07 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2006-12-08 19:44 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 19:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-532968704-4079188212-395606680-10116\Scripts\Logon\0\0]
"Script"=AMBU User Logon Script.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\seePower_prd\\training46\\Bin\\SeeStoreServer4.exe"=
"C:\\Personal\\documents\\Work\\Spotlight29\\bin\\SeeStoreServer4.exe"=
"C:\\seePower\\training46\\Bin\\SeeStoreServer4.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2006-03-16 09:08]
S0 cygarfad;cygarfad;C:\WINDOWS\system32\drivers\kihtfygk.sys []
S1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
S1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33]
S1 NcrBYNET;NcrBYNET;C:\WINDOWS\system32\drivers\NcrBYNET.sys [2000-11-01 09:31]
S1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-21 04:18]
S1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-12-20 01:14]
S2 BYNET;BYNET;C:\Program Files\NCR\BYNET Software\blmsvc.exe [2000-11-01 09:35]
S2 GtwRsrvTdmst;Teradata GTW Reserve Port;"C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe" [2002-11-22 10:17]
S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]
S2 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2007-03-03 23:12]
S2 ONC RPC Portmapper;ONC RPC Portmapper;"C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe" [2003-01-20 10:09]
S2 PdeinetdService;Teradata inetd Service;"C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe" [2003-01-20 10:09]
S2 PIPC Daemon;PIPC Daemon;"C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe" [2003-01-20 10:13]
S2 PrivateDisk;PrivateDisk;C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-14 08:05]
S2 recond;Teradata Database Initiator (recond);"C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe" "-s" []
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"C:\Program Files\Microsoft SQL Server\MSSQL.7\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2007-03-03 23:09]
S2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-07-15 07:55]
S2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2006-12-08 19:37]
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 20:00]
S2 U3SHLPDR200;U3SHLPDR200;C:\WINDOWS\System32\Drivers\U3SHLPDR200.SYS [2007-06-06 17:22]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 DSAIOLXZH;DSAIOLXZH;C:\DOCUME~1\IBM\LOCALS~1\Temp\DSAIOLXZH.exe []
S3 ECRKBIV;ECRKBIV;C:\DOCUME~1\IBM\LOCALS~1\Temp\ECRKBIV.exe []
S3 ERLSEELFTWV;ERLSEELFTWV;C:\DOCUME~1\IBM\LOCALS~1\Temp\ERLSEELFTWV.exe []
S3 GUXWM;GUXWM;C:\DOCUME~1\IBM\LOCALS~1\Temp\GUXWM.exe []
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
S3 MZIHB;MZIHB;C:\DOCUME~1\IBM\LOCALS~1\Temp\MZIHB.exe []
S3 Pdesys;PDE Sys Driver;C:\WINDOWS\system32\drivers\pdesys.sys [2003-03-27 09:20]
S3 QMCAD;QMCAD;C:\DOCUME~1\IBM\LOCALS~1\Temp\QMCAD.exe []
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 17:53]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 20:37]
S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-12-08 19:16]
S3 TdqmServerService;TDQM Server;"C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe" [2002-11-26 08:55]
S3 tpflhlp;tpflhlp;C:\Program Files\Lenovo\System Update\session\79uj18us\tpflhlp.sys [2007-01-26 09:12]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06042db2-0b09-11dd-8178-0016cff22de1}]
\Shell\AutoRun\command - E:\WD_Windows_Tools\Setup.exe

*Newly Created Service* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
"2008-05-01 16:00:39 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 00:44:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-05-02 0:46:40
ComboFix-quarantined-files.txt 2008-05-01 16:46:29
ComboFix2.txt 2008-04-23 07:52:54
ComboFix3.txt 2008-04-10 00:58:52

Pre-Run: 17,466,355,712 bytes free
Post-Run: 17,438,474,240 bytes free

280	--- E O F ---	2008-04-09 01:42:22


----------



## jefflimpc (Nov 13, 2007)

New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:12:20 AM, on 02-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.6\OLAP\bin\msmdsrv.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.7\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdemain.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Segmain.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Cfgmain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\cnscim.exe
C:\Program Files\NCR\TDAT\LRSG\BIN\rsgmain.exe
C:\Program Files\NCR\TDAT\LTGTW\BIN\gtwgateway.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssmain.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssrss.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\disstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sestsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\rtsmain.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\temp2\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=D5BwpJFu1OkY5EtUGfMrBTzNmAU
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.stee.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.stengglink.com;*.int.stee.com.sg;*.iss.stee.sg;10.62.*.*;10.69.*.*;10.61.*.*;10.200.*.*;10.201.*.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: LLIEHlprObj Class - {F757FBBF-10E5-4DDA-BBEA-2357E54BEA2B} - C:\Program Files\Open Text\Livelink Explorer\LLBHO3.DLL
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193958800437
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://10.69.40.85/Livelinksupport/otemailexp/outlook/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91072BC5-BC50-450C-A56D-5738523C9412}: Domain = stee.sg
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DSAIOLXZH - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\DSAIOLXZH.exe (file missing)
O23 - Service: ECRKBIV - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\ECRKBIV.exe (file missing)
O23 - Service: ERLSEELFTWV - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\ERLSEELFTWV.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: GUXWM - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\GUXWM.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MZIHB - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\MZIHB.exe (file missing)
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QMCAD - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\QMCAD.exe (file missing)
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 19472 bytes


----------



## Cheeseball81 (Mar 3, 2004)

Open Notepad and copy and paste the text in the quote box below into it:



> File::
> C:\WINDOWS\system32\drivers\dxwswaqm.sys
> C:\WINDOWS\system32\drivers\natoyouu.sys
> C:\WINDOWS\system32\drivers\nwsllbiq.sys
> ...


Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


----------



## jefflimpc (Nov 13, 2007)

ComboFix log below:

ComboFix 08-04-29.5 - IBM 2008-05-05 0:02:47.10 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1675 [GMT 8:00]
Running from: C:\temp2\ComboFix.exe
Command switches used :: C:\Documents and Settings\IBM\Desktop\CFScript.txt

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*

FILE ::
C:\WINDOWS\system32\drivers\bbgdgbqi.sys
C:\WINDOWS\system32\drivers\dxwswaqm.sys
C:\WINDOWS\system32\drivers\natoyouu.sys
C:\WINDOWS\system32\drivers\nwsllbiq.sys
C:\WINDOWS\system32\drivers\uvcjdrgk.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\bbgdgbqi.sys
C:\WINDOWS\system32\drivers\dxwswaqm.sys
C:\WINDOWS\system32\drivers\natoyouu.sys
C:\WINDOWS\system32\drivers\nwsllbiq.sys
C:\WINDOWS\system32\drivers\uvcjdrgk.sys

.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.

2008-04-28 09:28 . 2008-04-28 09:29 d--------	C:\Program Files\Panda Security
2008-04-17 08:57 . 2008-04-17 08:57 d--------	C:\WINDOWS\V7IT3DOY9KV5GR1C
2008-04-12 20:54 . 2008-05-03 22:19	162	--a------	C:\WINDOWS\igsmj2002.no
2008-04-12 20:53 . 2008-04-12 20:53	28,672	--a------	C:\WINDOWS\YingUnInsApp.exe
2008-04-07 14:22 . 2008-04-23 15:45 d--------	C:\MSNCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 15:21	5,427	----a-w	C:\WINDOWS\system32\EGATHDRV.SYS
2008-05-02 10:09	---------	d-----w	C:\Documents and Settings\IBM\Application Data\Skype
2008-05-02 01:21	---------	d-----w	C:\Documents and Settings\IBM\Application Data\skypePM
2008-04-23 07:25	---------	d-----w	C:\Program Files\Java
2008-04-07 08:10	---------	d-----w	C:\Program Files\SpyNoMore
2008-04-03 03:19	---------	d-----w	C:\Documents and Settings\IBM\Application Data\SpaceMonger
2008-03-25 08:15	50,536	----a-w	C:\WINDOWS\system32\drivers\WpsHelper.sys
2008-03-19 09:40	1,845,888	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-19 09:40	1,845,888	------w	C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 02:28	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-03-19 02:27	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-19 02:26	806	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-19 02:26	60,808	----a-w	C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-19 02:26	136,496	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-19 02:26	10,652	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-19 02:26	---------	d-----w	C:\Program Files\Symantec
2008-03-19 01:40	---------	d-----w	C:\Documents and Settings\IBM\Application Data\Download Manager
2008-03-11 09:06	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-01 10:36	3,591,680	------w	C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55	70,656	------w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55	625,664	------w	C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00	13,824	------w	C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:52	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:52	282,624	------w	C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32	45,568	------w	C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32	148,992	------w	C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44	161,792	------w	C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-03 08:56	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-20 10:53	1,250	----a-w	C:\Program Files\nsfnqels.txt
2007-07-18 02:18	19	------w	C:\Program Files\Answer.txt
.

((((((((((((((((((((((((((((( snapshot_2008-04-09_11.04.15.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-04 16:00:45	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-03-25 10:13:04	124,208	----a-w	C:\WINDOWS\Downloaded Program Files\as2stubie.dll
+ 2007-07-18 05:49:56	12,592	----a-w	C:\WINDOWS\Downloaded Program Files\libcomm.dll
+ 2006-05-12 01:40:40	2,299	------w	C:\WINDOWS\Downloaded Program Files\LinkedInContactFinderControl.dat
+ 2007-10-11 01:55:14	2,560	----a-w	C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2006-04-30 07:24:36	3,024	------w	C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2004-08-04 12:00:00	2,000	------w	C:\WINDOWS\system\KEYBOARD.DRV
+ 2004-08-04 12:00:00	2,032	------w	C:\WINDOWS\system\MOUSE.DRV
+ 2004-08-04 12:00:00	1,744	------w	C:\WINDOWS\system\SOUND.DRV
+ 2004-08-04 12:00:00	2,176	------w	C:\WINDOWS\system\VGA.DRV
- 2008-03-05 08:19:50	16,384	------w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-30 01:26:51	16,384	------w	C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-05 08:19:50	32,768	------w	C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-30 01:26:51	32,768	------w	C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-05 08:19:50	32,768	------w	C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-30 01:26:51	32,768	------w	C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-08-04 12:00:00	1,788	----a-w	C:\WINDOWS\system32\Dcache.bin
+ 2006-02-02 13:20:00	2,496	------w	C:\WINDOWS\system32\DLA\DLADResN.SYS
+ 2006-06-06 11:00:00	2,432	------w	C:\WINDOWS\system32\drivers\cdr4_xp.sys
+ 2006-06-06 11:00:00	2,560	------w	C:\WINDOWS\system32\drivers\cdralw2k.sys
+ 2004-08-03 23:07:58	2,944	------w	C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2004-08-04 12:00:00	2,944	------w	C:\WINDOWS\system32\drivers\null.sys
- 2008-04-09 02:52:53	237,289	----a-w	C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-05-04 15:59:35	237,289	----a-w	C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2007-09-24 14:30:28	135,168	----a-w	C:\WINDOWS\system32\java.exe
+ 2008-02-21 17:23:35	135,168	----a-w	C:\WINDOWS\system32\java.exe
- 2007-09-24 14:30:30	135,168	----a-w	C:\WINDOWS\system32\javaw.exe
+ 2008-02-21 17:23:39	135,168	----a-w	C:\WINDOWS\system32\javaw.exe
- 2007-09-24 15:31:42	139,264	----a-w	C:\WINDOWS\system32\javaws.exe
+ 2008-02-21 18:33:32	139,264	----a-w	C:\WINDOWS\system32\javaws.exe
+ 2004-08-04 12:00:00	2,000	----a-w	C:\WINDOWS\system32\keyboard.drv
+ 2004-08-04 12:00:00	2,560	----a-w	C:\WINDOWS\system32\lz32.dll
+ 2004-08-04 12:00:00	2,032	----a-w	C:\WINDOWS\system32\mouse.drv
+ 2004-08-04 12:00:00	2,656	----a-w	C:\WINDOWS\system32\netware.drv
+ 2004-08-04 12:00:00	1,744	----a-w	C:\WINDOWS\system32\sound.drv
+ 2005-04-27 23:15:45	2,560	------w	C:\WINDOWS\system32\usmt\iconlib.dll
+ 2004-08-04 12:00:00	2,176	----a-w	C:\WINDOWS\system32\vga.drv
+ 2004-08-04 12:00:00	2,864	----a-w	C:\WINDOWS\system32\winsock.dll
+ 2004-08-04 12:00:00	2,112	----a-w	C:\WINDOWS\system32\winspool.exe
+ 2004-08-04 12:00:00	2,736	----a-w	C:\WINDOWS\system32\wowdeb.exe
+ 2008-05-04 16:01:53	16,384	----atw	C:\WINDOWS\TEMP\Perflib_Perfdata_300.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-20 01:14 159744]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-20 01:14 208896]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 13:17 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 13:16 512000]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-29 02:30 243248]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 14:00 856064]
"TpShocks"="TpShocks.exe" [2006-03-16 11:04 106496 C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 09:19 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 17:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-07 07:06 716800]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-11 03:12 90112]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2007-02-02 02:01 120368]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 21:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 08:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 08:50 81920]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 19:36 536576]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 08:24 196696]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-12-25 10:34 409600]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-12-25 10:29 110592]
"PDService.exe"="C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 08:38 41472]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 16:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [ ]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"openvpn-gui"="C:\Program Files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 16:55 99328]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-10-13 17:04 707376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 03:08 115560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Program Files\Skype\Phone\IEPlugin\unins000.exe" [ ]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
UltimateZip Quick Start.lnk - C:\Program Files\UltimateZip 2.7\uzqkst.exe [2002-03-17 13:13:28 266240]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free Lite\DVDShell.dll [2004-10-09 10:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 2006-08-17 01:07 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2006-12-08 19:44 89600 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 19:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-532968704-4079188212-395606680-10116\Scripts\Logon\0\0]
"Script"=AMBU User Logon Script.cmd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\seePower_prd\\training46\\Bin\\SeeStoreServer4.exe"=
"C:\\Personal\\documents\\Work\\Spotlight29\\bin\\SeeStoreServer4.exe"=
"C:\\seePower\\training46\\Bin\\SeeStoreServer4.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2006-03-16 09:08]
S0 cygarfad;cygarfad;C:\WINDOWS\system32\drivers\kihtfygk.sys []
S1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
S1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 00:33]
S1 NcrBYNET;NcrBYNET;C:\WINDOWS\system32\drivers\NcrBYNET.sys [2000-11-01 09:31]
S1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-21 04:18]
S1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-12-20 01:14]
S2 BYNET;BYNET;C:\Program Files\NCR\BYNET Software\blmsvc.exe [2000-11-01 09:35]
S2 GtwRsrvTdmst;Teradata GTW Reserve Port;"C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe" [2002-11-22 10:17]
S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]
S2 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2007-03-03 23:12]
S2 ONC RPC Portmapper;ONC RPC Portmapper;"C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe" [2003-01-20 10:09]
S2 PdeinetdService;Teradata inetd Service;"C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe" [2003-01-20 10:09]
S2 PIPC Daemon;PIPC Daemon;"C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe" [2003-01-20 10:13]
S2 PrivateDisk;PrivateDisk;C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-14 08:05]
S2 recond;Teradata Database Initiator (recond);"C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe" "-s" []
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"C:\Program Files\Microsoft SQL Server\MSSQL.7\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2007-03-03 23:09]
S2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-07-15 07:55]
S2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2006-12-08 19:37]
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 20:00]
S2 U3SHLPDR200;U3SHLPDR200;C:\WINDOWS\System32\Drivers\U3SHLPDR200.SYS [2007-06-06 17:22]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 DSAIOLXZH;DSAIOLXZH;C:\DOCUME~1\IBM\LOCALS~1\Temp\DSAIOLXZH.exe []
S3 ECRKBIV;ECRKBIV;C:\DOCUME~1\IBM\LOCALS~1\Temp\ECRKBIV.exe []
S3 ERLSEELFTWV;ERLSEELFTWV;C:\DOCUME~1\IBM\LOCALS~1\Temp\ERLSEELFTWV.exe []
S3 GUXWM;GUXWM;C:\DOCUME~1\IBM\LOCALS~1\Temp\GUXWM.exe []
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
S3 MZIHB;MZIHB;C:\DOCUME~1\IBM\LOCALS~1\Temp\MZIHB.exe []
S3 Pdesys;PDE Sys Driver;C:\WINDOWS\system32\drivers\pdesys.sys [2003-03-27 09:20]
S3 QMCAD;QMCAD;C:\DOCUME~1\IBM\LOCALS~1\Temp\QMCAD.exe []
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 17:53]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 20:37]
S3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-12-08 19:16]
S3 TdqmServerService;TDQM Server;"C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe" [2002-11-26 08:55]
S3 tpflhlp;tpflhlp;C:\Program Files\Lenovo\System Update\session\79uj18us\tpflhlp.sys [2007-01-26 09:12]
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06042db2-0b09-11dd-8178-0016cff22de1}]
\Shell\AutoRun\command - E:\WD_Windows_Tools\Setup.exe

*Newly Created Service* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
"2008-05-04 15:46:41 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 00:06:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe\" -s:MSSQL.2 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Completion time: 2008-05-05 0:08:57
ComboFix-quarantined-files.txt 2008-05-04 16:08:47
ComboFix2.txt 2008-05-01 16:46:40
ComboFix3.txt 2008-04-23 07:52:54
ComboFix4.txt 2008-04-10 00:58:52

Pre-Run: 17,410,371,584 bytes free
Post-Run: 17,408,667,648 bytes free

263	--- E O F ---	2008-04-09 01:42:22


----------



## jefflimpc (Nov 13, 2007)

New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:35 AM, on 05-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.6\OLAP\bin\msmdsrv.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.7\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdemain.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Segmain.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Cfgmain.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\cnscim.exe
C:\Program Files\NCR\TDAT\LRSG\BIN\rsgmain.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\NCR\TDAT\LTGTW\BIN\gtwgateway.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssrss.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\disstart.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sestsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\rtsmain.exe
C:\temp2\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=D5BwpJFu1OkY5EtUGfMrBTzNmAU
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.stee.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.stengglink.com;*.int.stee.com.sg;*.iss.stee.sg;10.62.*.*;10.69.*.*;10.61.*.*;10.200.*.*;10.201.*.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: LLIEHlprObj Class - {F757FBBF-10E5-4DDA-BBEA-2357E54BEA2B} - C:\Program Files\Open Text\Livelink Explorer\LLBHO3.DLL
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193958800437
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://10.69.40.85/Livelinksupport/otemailexp/outlook/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91072BC5-BC50-450C-A56D-5738523C9412}: Domain = stee.sg
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DSAIOLXZH - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\DSAIOLXZH.exe (file missing)
O23 - Service: ECRKBIV - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\ECRKBIV.exe (file missing)
O23 - Service: ERLSEELFTWV - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\ERLSEELFTWV.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: GUXWM - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\GUXWM.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MZIHB - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\MZIHB.exe (file missing)
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QMCAD - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\QMCAD.exe (file missing)
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 19440 bytes


----------



## Cheeseball81 (Mar 3, 2004)

Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

O23 - Service: GUXWM - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\GUXWM.exe (file missing)

O23 - Service: MZIHB - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\MZIHB.exe (file missing)

O23 - Service: QMCAD - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\QMCAD.exe (file missing)

Reboot, post a new log please.


----------



## jefflimpc (Nov 13, 2007)

New HJT log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:37 PM, on 06-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.6\OLAP\bin\msmdsrv.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.7\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdemain.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Segmain.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Cfgmain.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\cnscim.exe
C:\Program Files\NCR\TDAT\LRSG\BIN\rsgmain.exe
C:\Program Files\NCR\TDAT\LTGTW\BIN\gtwgateway.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssrss.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\disstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sestsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\rtsmain.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\temp2\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=D5BwpJFu1OkY5EtUGfMrBTzNmAU
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.stee.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.stengglink.com;*.int.stee.com.sg;*.iss.stee.sg;10.62.*.*;10.69.*.*;10.61.*.*;10.200.*.*;10.201.*.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: LLIEHlprObj Class - {F757FBBF-10E5-4DDA-BBEA-2357E54BEA2B} - C:\Program Files\Open Text\Livelink Explorer\LLBHO3.DLL
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193958800437
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://10.69.40.85/Livelinksupport/otemailexp/outlook/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91072BC5-BC50-450C-A56D-5738523C9412}: Domain = stee.sg
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DSAIOLXZH - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\DSAIOLXZH.exe (file missing)
O23 - Service: ECRKBIV - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\ECRKBIV.exe (file missing)
O23 - Service: ERLSEELFTWV - Unknown owner - C:\DOCUME~1\IBM\LOCALS~1\Temp\ERLSEELFTWV.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 19210 bytes


----------



## Cheeseball81 (Mar 3, 2004)

Looks like they will have to be manually stopped.

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find:

*DSAIOLXZH
ECRKBIV 
ERLSEELFTWV*

Right click and choose "Properties". 
On the "General" tab under "Service Status" click the "Stop" button to stop the service. 
Beside "Startup Type" in the dropdown menu select "Disabled". 
Click Apply then OK. 
Exit the Services utility.

Note: You may get an error here when trying to access the properties of the service. 
If you do get an error, just select the service and look there in the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

In Hijack This, click on the "Open Misc Tools section" button. 
Next click the "Delete an NT service" button. 
Copy and paste the following in that box:

*DSAIOLXZH
ECRKBIV 
ERLSEELFTWV*

Click OK.

Reboot, post new log.


----------



## jefflimpc (Nov 13, 2007)

Have disabled the services (they were set to Manual previously) and removed them. What are those services for?

New HJT log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:08 AM, on 11-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.6\OLAP\bin\msmdsrv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.7\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdemain.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Segmain.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\Cfgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\pdevproc.exe
C:\Program Files\NCR\TDAT\LPDE\BIN\cnscim.exe
C:\Program Files\NCR\TDAT\LRSG\BIN\rsgmain.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\NCR\TDAT\LTGTW\BIN\gtwgateway.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssmain.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sssrss.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\fsustart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\actmain.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\utadvtsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\scpstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\disstart.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\sestsk.exe
C:\Program Files\NCR\TDAT\LTDBMS\BIN\rtsmain.exe
C:\temp2\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=D5BwpJFu1OkY5EtUGfMrBTzNmAU
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.int.stee.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.stengglink.com;*.int.stee.com.sg;*.iss.stee.sg;10.62.*.*;10.69.*.*;10.61.*.*;10.200.*.*;10.201.*.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: LLIEHlprObj Class - {F757FBBF-10E5-4DDA-BBEA-2357E54BEA2B} - C:\Program Files\Open Text\Livelink Explorer\LLBHO3.DLL
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\PROGRA~1\SPYNOM~1\SNMIEG~1.DLL
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1193958800437
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://10.69.40.85/Livelinksupport/otemailexp/outlook/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91072BC5-BC50-450C-A56D-5738523C9412}: Domain = stee.sg
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - C:\Program Files\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - C:\Program Files\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 18654 bytes


----------



## Cheeseball81 (Mar 3, 2004)

They were malware. How are things now?


----------



## jefflimpc (Nov 13, 2007)

I have not logged on to MSN since. I'll try for a few days and see if any of my contacts get the msg again.

Thanks, you've been a great help!


----------



## Cheeseball81 (Mar 3, 2004)

No problem


----------



## jefflimpc (Nov 13, 2007)

I think it might be my home PC that is infected...one of my contact received this link when I was offline.

jefflimpc.c-oo-l-st-uff.info


----------



## jefflimpc (Nov 13, 2007)

So I ran the original set of instructions you gave me...

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:53 AM, on 15-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
D:\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
D:\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: 203.96.63.155 mail.compudigm.co.nz
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {E59BB631-5F73-4002-825F-146921A178AA} (WebConf Control) - http://www.aculearn.com/aculearn-idm/dlls/webconf.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83CC77C4-A0F2-42A5-B33C-097131CAC7C0}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Amdkmod - Advanced Micro Devices - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - D:\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MicroStrategy Logging Client - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCLogSvc.exe
O23 - Service: MicroStrategy System Monitor - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCMemUsg.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 16153 bytes


----------



## jefflimpc (Nov 13, 2007)

MSN Cleaner log:

- Logfile MSNCleaner 1.6.3 by www.forospyware.com
- Created Logfile: 15-05-2008 on 12:22:16 AM
- Operative System: Windows XP
- Boot mode: Safe mode
_________________________________________

Detected files: 0
Deleted file: 0
Undeleted Files: 0

<<<<<<< No file found >>>>>>>

HJT log after running MSN Cleaner:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:09 AM, on 15-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
D:\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: 203.96.63.155 mail.compudigm.co.nz
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {E59BB631-5F73-4002-825F-146921A178AA} (WebConf Control) - http://www.aculearn.com/aculearn-idm/dlls/webconf.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83CC77C4-A0F2-42A5-B33C-097131CAC7C0}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Amdkmod - Advanced Micro Devices - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - D:\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MicroStrategy Logging Client - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCLogSvc.exe
O23 - Service: MicroStrategy System Monitor - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCMemUsg.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 16190 bytes


----------



## jefflimpc (Nov 13, 2007)

ComboFix log:

ComboFix 08-05-12.1 - jefflimpc 2008-05-15 0:37:04.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2995 [GMT 8:00]
Running from: C:\temp2\MSN\ComboFix.exe

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\instant access
C:\Program Files\instant access\Center\Crazy Girls.lnk
C:\Program Files\instant access\DesktopIcons\Crazy Girls.lnk
C:\Program Files\instant access\Multi\20070602210634\Common\module.php
C:\Program Files\instant access\Multi\20070602210634\dialerexe.ini
C:\Program Files\instant access\Multi\20070602210634\js\js_api_dialer.php
C:\Program Files\instant access\Multi\20070602210634\medias\4250_dialer.ico
C:\Program Files\instant access\Multi\20070602210634\medias\button1.gif
C:\Program Files\instant access\Multi\20070602210634\medias\button2.gif
C:\Program Files\instant access\Multi\20070602210634\medias\button3.gif
C:\Program Files\instant access\Multi\20070602210634\medias\button4.gif
C:\WINDOWS\dialerexe.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\wl.exe

.
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-15 00:15 . 2008-05-15 00:15 d--------	C:\Program Files\Trend Micro
2008-05-14 00:51 . 2008-05-14 00:51 d--------	C:\WINDOWS\Downloaded Installations
2008-05-14 00:51 . 2008-05-14 00:53 d--------	C:\Program Files\Electronic Arts
2008-05-14 00:50 . 2004-12-10 10:06	327,680	--a------	C:\WINDOWS\system32\vp6dec.ax
2008-05-14 00:50 . 2003-09-05 12:07	168,960	--a------	C:\WINDOWS\system32\XCDZIP35.OCX
2008-05-14 00:50 . 2006-03-28 13:00	118,832	--a------	C:\WINDOWS\system32\SHW32.DLL
2008-05-14 00:45 . 2005-05-26 15:34	2,297,552	--a------	C:\WINDOWS\system32\d3dx9_26.dll
2008-05-09 22:05 . 2008-05-09 22:05 d--------	C:\~QTWTMP.TMP
2008-05-09 21:51 . 1995-01-30 00:00	188,960	--a------	C:\WINDOWS\system32\WINGDE.DLL
2008-05-09 21:51 . 1995-01-30 00:00	92,208	--a------	C:\WINDOWS\system32\WING.DLL
2008-05-09 21:51 . 1993-06-25 14:47	20,272	--a------	C:\WINDOWS\system32\CTL3D.DLL
2008-05-09 21:51 . 1994-12-06 00:00	12,800	--a------	C:\WINDOWS\system\WING32.DLL
2008-05-09 21:51 . 1995-01-30 00:00	6,736	--a------	C:\WINDOWS\system32\WINGDIB.DRV
2008-05-09 21:51 . 1994-09-02 00:00	5,195	--a------	C:\WINDOWS\system32\DVA.386
2008-05-09 21:51 . 1995-01-30 00:00	5,024	--a------	C:\WINDOWS\system32\WINGPAL.WND
2008-05-09 21:50 . 2008-05-09 22:05	828	--a------	C:\WINDOWS\QT$INST$.~PC
2008-05-09 21:50 . 2008-05-09 22:05	37	--a------	C:\WINDOWS\RESULT.QTW
2008-05-09 21:50 . 2008-05-09 22:06	15	--a------	C:\WINDOWS\qtw.ini
2008-05-05 01:08 . 2008-05-05 01:08 d--------	C:\Program Files\DNA
2008-05-05 01:08 . 2008-05-05 01:08 d--------	C:\Program Files\BitTorrent
2008-05-05 01:08 . 2008-05-15 00:19 d--------	C:\Documents and Settings\jefflimpc\Application Data\DNA
2008-05-05 01:08 . 2008-05-07 23:21 d--------	C:\Documents and Settings\jefflimpc\Application Data\BitTorrent
2008-04-24 01:56 . 2008-04-24 02:00 d--------	C:\temp\WLIIA
2008-04-24 01:56 . 2008-04-24 01:56 d--------	C:\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 16:50	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-05-06 13:10	---------	d-----w	C:\Documents and Settings\jefflimpc\Application Data\Skype
2008-05-06 13:06	---------	d-----w	C:\Documents and Settings\jefflimpc\Application Data\skypePM
2008-04-22 17:08	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-04-18 18:32	---------	d-----w	C:\Documents and Settings\jefflimpc\Application Data\Canon
2008-04-05 19:05	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Creative
2008-04-05 18:56	413,696	----a-w	C:\WINDOWS\system32\wrap_oal.dll
2008-04-05 18:56	110,592	----a-w	C:\WINDOWS\system32\OpenAL32.dll
2008-04-05 18:50	---------	d-----w	C:\Program Files\Creative
2008-03-30 02:29	---------	d-----w	C:\Program Files\Java
2008-03-25 08:15	50,536	----a-w	C:\WINDOWS\system32\drivers\WpsHelper.sys
2008-03-24 09:30	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-19 15:16	28,672	----a-w	C:\WINDOWS\YingUnInsApp.exe
2008-03-19 13:20	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-03-19 13:20	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-19 13:19	806	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-03-19 13:19	60,808	----a-w	C:\WINDOWS\system32\S32EVNT1.DLL
2008-03-19 13:19	136,496	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-03-19 13:19	10,652	----a-w	C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-03-19 13:19	---------	d-----w	C:\Program Files\Symantec
2008-02-25 01:41	72,728	----a-w	C:\WINDOWS\system32\CTHWIUT.DLL
2008-02-25 01:41	566,296	----a-w	C:\WINDOWS\system32\CTSBLFX.DLL
2008-02-25 01:41	329,240	----a-w	C:\WINDOWS\system32\CTEDSPSY.DLL
2008-02-25 01:41	286,232	----a-w	C:\WINDOWS\system32\CTEDSPFX.DLL
2008-02-25 01:41	174,104	----a-w	C:\WINDOWS\system32\CTEAPSFX.DLL
2008-02-25 01:41	170,520	----a-w	C:\WINDOWS\system32\CT20XUT.DLL
2008-02-25 01:41	134,680	----a-w	C:\WINDOWS\system32\CTEDSPIO.DLL
2008-02-25 01:41	100,888	----a-w	C:\WINDOWS\system32\CTERFXFX.DLL
2008-02-25 01:41	1,323,544	----a-w	C:\WINDOWS\system32\CTEXFIFX.DLL
2008-02-25 01:40	98,328	----a-w	C:\WINDOWS\system32\COMMONFX.DLL
2008-02-25 01:40	551,960	----a-w	C:\WINDOWS\system32\CTAUDFX.DLL
2008-02-20 13:00	43,520	----a-w	C:\WINDOWS\system32\CTBurst.dll
2008-02-20 12:59	86,016	----a-w	C:\WINDOWS\system32\ctcoinst.dll
2008-02-20 12:59	34,816	----a-w	C:\WINDOWS\system32\a3d.dll
2008-02-20 12:59	27,648	----a-w	C:\WINDOWS\system32\ac3api.dll
2008-02-20 12:59	163,840	----a-w	C:\WINDOWS\system32\ctdvinst.dll
2008-02-20 12:59	11,776	----a-w	C:\WINDOWS\INRES.DLL
2008-02-20 12:55	969,216	----a-w	C:\WINDOWS\system32\CTxfispi.exe
2008-02-20 12:55	43,520	----a-w	C:\WINDOWS\system32\Ctxfireg.exe
2008-02-20 12:55	10,752	----a-w	C:\WINDOWS\system32\Ct20xspi.dll
2008-02-20 12:49	110,080	----a-w	C:\WINDOWS\system32\ctemupia.dll
2008-02-20 12:47	49,152	----a-w	C:\WINDOWS\system32\ctdproxy.dll
2008-02-20 12:47	46,592	----a-w	C:\WINDOWS\system32\ctasio.dll
2008-02-20 12:47	174,592	----a-w	C:\WINDOWS\system32\ct_oal.dll
2008-02-20 12:47	17,920	----a-w	C:\WINDOWS\system32\ctedasio.dll
2008-02-20 12:46	69,120	----a-w	C:\WINDOWS\system32\ctosuser.dll
2008-02-20 12:46	64,512	----a-w	C:\WINDOWS\system32\piaproxy.dll
2008-02-20 12:46	6,144	----a-w	C:\WINDOWS\system32\sfman32.dll
2008-02-20 12:46	13,312	----a-w	C:\WINDOWS\system32\regplib.exe
2008-02-20 12:46	104,448	----a-w	C:\WINDOWS\system32\sfms32.dll
2008-02-20 12:44	5,120	----a-w	C:\WINDOWS\system32\enlocstr.exe
2008-02-20 12:44	10,240	----a-w	C:\WINDOWS\system32\killapps.exe
2008-02-20 12:43	32,768	----a-w	C:\WINDOWS\system32\devreg.dll
2008-02-20 12:43	28,672	----a-w	C:\WINDOWS\system32\mididef.exe
2007-12-08 16:08	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-17 05:40	12,769	----a-w	C:\Program Files\README.TXT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Creative Detector U"="C:\Program Files\Creative\MediaSource5\CTDetctu.exe" [2006-10-02 17:03 188416]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-11-23 17:12 851968]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 21:57 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-07-07 08:16 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928]
"Logitech Utility"="Logi_MwX.Exe" [2004-03-03 17:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 14:11 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
"V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-20 01:00 36961]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 13:03 53248]
"SideWinderTrayV4"="C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe" [2000-06-28 15:41 24649]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 13:20 190008]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26 489472]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-27 02:30 97357]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 03:08 115560]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\jefflimpc\Start Menu\Programs\Startup\
CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe [2007-04-08 02:28:34 931840]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-04-08 23:35:18 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 NcrBYNET;NcrBYNET;C:\WINDOWS\system32\drivers\NcrBYNET.sys [2000-11-01 14:31]
S2 BYNET;BYNET;C:\Program Files\NCR\BYNET Software\blmsvc.exe [2000-11-01 14:35]
S2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
S2 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2005-10-14 03:45]
S2 ONC RPC Portmapper;ONC RPC Portmapper;"C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe" [2003-01-20 15:09]
S2 PIPC Daemon;PIPC Daemon;"C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe" [2003-01-20 15:13]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"D:\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2005-10-14 03:44]
S2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-05-27 09:03]
S2 Seagate Sync Service;Seagate Sync Service;"C:\Program Files\Seagate\Sync\SeaSyncServices.exe" [2007-01-18 13:20]
S2 U3SHLPDR200;U3SHLPDR200;C:\WINDOWS\System32\Drivers\U3SHLPDR200.SYS [2007-05-31 23:12]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 GtwRsrvTdmst;Teradata GTW Reserve Port;"D:\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe" [2002-11-22 15:17]
S3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
S3 HwIOctl;HwIOctl;C:\Program Files\Setup Files\MS-7260 v1.60\HwIOctl.sys []
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
S3 Memctl;Memctl;C:\Program Files\Setup Files\MS-7260 v1.60\Memctl.sys []
S3 MicroStrategy Logging Client;MicroStrategy Logging Client;"D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCLogSvc.exe" -N -b -c C:20020 -a S:20009 -P "D:\MicroStrategy801\Narrowcast Server\Delivery Engine\CSGW_Connection_Config.txt" -C "D:\MicroStrategy801\Narrowcast Server\Delivery Engine\CSGW_Consumer_Config.txt" -Q 64 []
S3 MicroStrategy System Monitor;MicroStrategy System Monitor;"D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCMemUsg.EXE" [2005-07-19 12:42]
S3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2006-07-13 18:04]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-10-25 14:40]
S3 PdeinetdService;Teradata inetd Service;"D:\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe" [2003-01-20 15:09]
S3 Pdesys;PDE Sys Driver;C:\WINDOWS\system32\drivers\pdesys.sys [2003-03-27 14:20]
S3 recond;Teradata Database Initiator (recond);"D:\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe" "-s" []
S3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2006-07-13 11:48]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 14:02]
S3 TdqmServerService;TDQM Server;"C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe" [2002-11-26 13:55]
S3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-24 01:00]
S3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-07-25 01:00]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34be2470-0d64-11dd-996c-001617d766e4}]
\Shell\AutoRun\command - E:\WD_Windows_Tools\Setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 15:22:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 00:38:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MicroStrategy Logging Client]
"ImagePath"="\"D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCLogSvc.exe\" -N -b -c C:20020 -a S:20009 -P \"D:\MicroStrategy801\Narrowcast Server\Delivery Engine\CSGW_Connection_Config.txt\" -C \"D:\MicroStrategy801\Narrowcast Server\Delivery Engine\CSGW_Consumer_Config.txt\" -Q 64"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
Completion time: 2008-05-15 0:38:57
ComboFix-quarantined-files.txt 2008-05-14 16:38:53

Pre-Run: 48,508,039,168 bytes free
Post-Run: 48,494,764,032 bytes free

259	--- E O F ---	2007-11-22 19:00:30


----------



## jefflimpc (Nov 13, 2007)

HJT log after running ComboFix:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:35 AM, on 15-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
D:\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: 203.96.63.155 mail.compudigm.co.nz
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {E59BB631-5F73-4002-825F-146921A178AA} (WebConf Control) - http://www.aculearn.com/aculearn-idm/dlls/webconf.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83CC77C4-A0F2-42A5-B33C-097131CAC7C0}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Amdkmod - Advanced Micro Devices - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - D:\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MicroStrategy Logging Client - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCLogSvc.exe
O23 - Service: MicroStrategy System Monitor - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCMemUsg.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 16231 bytes


----------



## Cheeseball81 (Mar 3, 2004)

Download and unzip *BFUzip* from http://www.merijn.org/files/bfu.zip

Run the program and click the Web button as shown here:










Use this URL to copy into the address bar of the Download script window:

*http://metallica.geekstogo.com/alcanshorty.bfu*

Execute the script by clicking the Execute button.

_If you have any questions about the use of BFU please read here:

http://metallica.geekstogo.com/BFUinstructions.html _

Then reboot and post back with a* HijackThis log*.


----------



## jefflimpc (Nov 13, 2007)

Ran BFU as instructed.

New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:29 AM, on 17-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
D:\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: 203.96.63.155 mail.compudigm.co.nz
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {E59BB631-5F73-4002-825F-146921A178AA} (WebConf Control) - http://www.aculearn.com/aculearn-idm/dlls/webconf.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83CC77C4-A0F2-42A5-B33C-097131CAC7C0}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Amdkmod - Advanced Micro Devices - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - D:\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MicroStrategy Logging Client - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCLogSvc.exe
O23 - Service: MicroStrategy System Monitor - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCMemUsg.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 16424 bytes


----------



## Cheeseball81 (Mar 3, 2004)

Download the Trial version of *Superantispyware Pro (SAS)*: 
http://www.superantispyware.com/superantispyware.html?rid=3132

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new Hijack This log.


----------



## jefflimpc (Nov 13, 2007)

For some reason, the SuperSpyware scan gave me the blue screen of death a few mins into the scan. It went through successfully after a reboot...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/20/2008 at 09:54 PM

Application Version : 4.1.1046

Core Rules Database Version : 3464
Trace Rules Database Version: 1455

Scan type : Complete Scan
Total Scan Time : 00:39:23

Memory items scanned : 854
Memory threats detected : 0
Registry items scanned : 11886
Registry threats detected : 3
File items scanned : 90021
File threats detected : 101

Adware.Tracking Cookie
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][3].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][1].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][2].txt
C:\Documents and Settings\jefflimpc\Cookies\[email protected][3].txt

CommonName Toolbar/Browser Helper Object
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32
HKCR\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32#ThreadingModel


----------



## jefflimpc (Nov 13, 2007)

New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:56 PM, on 20-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
D:\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: 203.96.63.155 mail.compudigm.co.nz
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {E59BB631-5F73-4002-825F-146921A178AA} (WebConf Control) - http://www.aculearn.com/aculearn-idm/dlls/webconf.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83CC77C4-A0F2-42A5-B33C-097131CAC7C0}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Amdkmod - Advanced Micro Devices - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - D:\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MicroStrategy Logging Client - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCLogSvc.exe
O23 - Service: MicroStrategy System Monitor - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCMemUsg.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 16631 bytes


----------



## Cookiegal (Aug 27, 2003)

Cheeseball81 asked me to lend a hand here.

Please download *Navilog1* by IL-MAFIOSO:
http://pagesperso-orange.fr/il.mafioso/Navifix/Navilog1.exe
(*Alternate download location *Here*)

* Save it to your Desktop.
* Double-click on *Navilog1.exe* to install the program.
* When the installation is complete, the tool will start automatically.
* If it doesn't start automatically, please double-click on the *Navilog1* shortcut on your Desktop to run it.
* Press *E* for *English* from the language Menu.
* Type *1* in the next Menu to select *Search* and press *Enter*.
* Wait for the Scan to finish (It may take a reasonable amount of time).
* Press any key as requested .
* A new document will be produced: *fixnavi.txt.*
* Please copy/paste the contents of this report in your next reply.

The report is also saved in the root of the directory, "%*SystemDrive*%\*fixnavi.txt*". (usually C:\fixnavi.txt)


----------



## jefflimpc (Nov 13, 2007)

Thanks Cookiegal. It hanged for more than 2hr and I had to kill it. Finally ran through in Safe mode...

Search Navipromo version 3.5.7 began on 23-05-2008 at 23:05:23.90

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Actual User Account : "jefflimpc"

Updated on 11.05.2008 at 18h00 by IL-MAFIOSO

Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 6.0.2900.2180
Filesystem type : NTFS

Search done in safe mode

*** Search folders in "C:\WINDOWS" ***

*** Search folders in "C:\Program Files" ***

*** Search folders in "c:\docume~1\alluse~1\applic~1" ***

*** Search folders in "c:\docume~1\alluse~1\startm~1\programs" ***

*** Search folders in "C:\Documents and Settings\jefflimpc\applic~1" ***

*** Search folders in "C:\Documents and Settings\jefflimpc\locals~1\applic~1" ***

*** Search folders in "C:\Documents and Settings\jefflimpc\startm~1\programs" ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found

*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\jefflimpc\locals~1\applic~1" *

*** Search files ***

*** Search specific Registry keys ***

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :

2)Heuristic Search :

* In "C:\WINDOWS\system32" :

* In "C:\Documents and Settings\jefflimpc\locals~1\applic~1" :

3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :

*** Search completed on 23-05-2008 at 23:08:20.39 ***


----------



## Cookiegal (Aug 27, 2003)

I'm going to ask you to uninstall ComboFix and reinstall it. Please follow these instructions to remove ComboFix properly.


 Click *START* then *RUN*
 Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there.









Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.


----------



## jefflimpc (Nov 13, 2007)

Have told Cheeseball81 previously that my ComboFix only works in Safe Mode. I've downloaded a new copy and below is the log..

ComboFix 08-05-21.3 - jefflimpc 2008-05-24 2:13:37.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2980 [GMT 8:00]
Running from: C:\Documents and Settings\jefflimpc\Desktop\ComboFix.exe

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.

2008-05-23 21:01 . 2008-05-23 23:08 d--------	C:\Program Files\Navilog1
2008-05-20 12:33 . 2008-05-20 12:33 d--------	C:\Program Files\SUPERAntiSpyware
2008-05-20 12:33 . 2008-05-20 12:33 d--------	C:\Documents and Settings\jefflimpc\Application Data\SUPERAntiSpyware.com
2008-05-20 12:33 . 2008-05-20 12:33 d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-19 02:38 . 2008-05-20 23:56	107,888	--a------	C:\WINDOWS\system32\CmdLineExt.dll
2008-05-19 01:52 . 2006-09-28 16:05	2,414,360	--a------	C:\WINDOWS\system32\d3dx9_31.dll
2008-05-19 01:52 . 2007-04-04 18:53	81,768	--a------	C:\WINDOWS\system32\xinput1_3.dll
2008-05-19 01:51 . 2008-05-19 01:51 d--------	C:\WINDOWS\system32\AGEIA
2008-05-19 01:51 . 2008-05-19 01:51 d--------	C:\Program Files\AGEIA Technologies
2008-05-17 03:08 . 2008-05-17 03:11 d--------	C:\bintheredunthat
2008-05-15 00:15 . 2008-05-15 00:15 d--------	C:\Program Files\Trend Micro
2008-05-14 00:51 . 2008-05-14 00:51 d--------	C:\WINDOWS\Downloaded Installations
2008-05-14 00:51 . 2008-05-14 00:53 d--------	C:\Program Files\Electronic Arts
2008-05-14 00:50 . 2004-12-10 10:06	327,680	--a------	C:\WINDOWS\system32\vp6dec.ax
2008-05-14 00:50 . 2003-09-05 12:07	168,960	--a------	C:\WINDOWS\system32\XCDZIP35.OCX
2008-05-14 00:50 . 2006-03-28 13:00	118,832	--a------	C:\WINDOWS\system32\SHW32.DLL
2008-05-14 00:45 . 2005-05-26 15:34	2,297,552	--a------	C:\WINDOWS\system32\d3dx9_26.dll
2008-05-09 22:05 . 2008-05-09 22:05 d--------	C:\~QTWTMP.TMP
2008-05-09 21:51 . 1995-01-30 00:00	188,960	--a------	C:\WINDOWS\system32\WINGDE.DLL
2008-05-09 21:51 . 1995-01-30 00:00	92,208	--a------	C:\WINDOWS\system32\WING.DLL
2008-05-09 21:51 . 1993-06-25 14:47	20,272	--a------	C:\WINDOWS\system32\CTL3D.DLL
2008-05-09 21:51 . 1994-12-06 00:00	12,800	--a------	C:\WINDOWS\system\WING32.DLL
2008-05-09 21:51 . 1995-01-30 00:00	6,736	--a------	C:\WINDOWS\system32\WINGDIB.DRV
2008-05-09 21:51 . 1994-09-02 00:00	5,195	--a------	C:\WINDOWS\system32\DVA.386
2008-05-09 21:51 . 1995-01-30 00:00	5,024	--a------	C:\WINDOWS\system32\WINGPAL.WND
2008-05-09 21:50 . 2008-05-09 22:05	828	--a------	C:\WINDOWS\QT$INST$.~PC
2008-05-09 21:50 . 2008-05-09 22:05	37	--a------	C:\WINDOWS\RESULT.QTW
2008-05-09 21:50 . 2008-05-09 22:06	15	--a------	C:\WINDOWS\qtw.ini
2008-05-05 01:08 . 2008-05-05 01:08 d--------	C:\Program Files\DNA
2008-05-05 01:08 . 2008-05-05 01:08 d--------	C:\Program Files\BitTorrent
2008-05-05 01:08 . 2008-05-24 02:09 d--------	C:\Documents and Settings\jefflimpc\Application Data\DNA
2008-05-05 01:08 . 2008-05-07 23:21 d--------	C:\Documents and Settings\jefflimpc\Application Data\BitTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 16:50	---------	d-----w	C:\Documents and Settings\jefflimpc\Application Data\skypePM
2008-05-23 16:50	---------	d-----w	C:\Documents and Settings\jefflimpc\Application Data\Skype
2008-05-20 04:32	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-05-17 18:43	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-05-16 19:11	---------	d-----w	C:\Program Files\Common Files\DVDVideoSoft
2008-04-22 17:08	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-04-18 18:32	---------	d-----w	C:\Documents and Settings\jefflimpc\Application Data\Canon
2008-04-05 19:05	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Creative
2008-04-05 18:56	413,696	----a-w	C:\WINDOWS\system32\wrap_oal.dll
2008-04-05 18:56	110,592	----a-w	C:\WINDOWS\system32\OpenAL32.dll
2008-04-05 18:50	---------	d-----w	C:\Program Files\Creative
2008-03-30 02:29	---------	d-----w	C:\Program Files\Java
2008-03-25 08:15	50,536	----a-w	C:\WINDOWS\system32\drivers\WpsHelper.sys
2008-03-24 09:30	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-19 15:16	28,672	----a-w	C:\WINDOWS\YingUnInsApp.exe
2008-03-19 13:19	60,808	----a-w	C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-25 01:41	72,728	----a-w	C:\WINDOWS\system32\CTHWIUT.DLL
2008-02-25 01:41	566,296	----a-w	C:\WINDOWS\system32\CTSBLFX.DLL
2008-02-25 01:41	329,240	----a-w	C:\WINDOWS\system32\CTEDSPSY.DLL
2008-02-25 01:41	286,232	----a-w	C:\WINDOWS\system32\CTEDSPFX.DLL
2008-02-25 01:41	174,104	----a-w	C:\WINDOWS\system32\CTEAPSFX.DLL
2008-02-25 01:41	170,520	----a-w	C:\WINDOWS\system32\CT20XUT.DLL
2008-02-25 01:41	134,680	----a-w	C:\WINDOWS\system32\CTEDSPIO.DLL
2008-02-25 01:41	100,888	----a-w	C:\WINDOWS\system32\CTERFXFX.DLL
2008-02-25 01:41	1,323,544	----a-w	C:\WINDOWS\system32\CTEXFIFX.DLL
2008-02-25 01:40	98,328	----a-w	C:\WINDOWS\system32\COMMONFX.DLL
2008-02-25 01:40	551,960	----a-w	C:\WINDOWS\system32\CTAUDFX.DLL
2007-12-08 16:08	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-10-17 05:40	12,769	----a-w	C:\Program Files\README.TXT
.

((((((((((((((((((((((((((((( [email protected]_ 0.38.49.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-08 14:27:08	68,608	----a-w	C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-05-20 16:34:44	68,608	----a-w	C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-10-08 14:27:12	72,192	----a-w	C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-05-20 16:34:50	72,192	----a-w	C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-10-08 14:27:12	4,308,992	----a-w	C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-05-20 16:34:50	4,308,992	----a-w	C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-10-08 14:27:13	482,304	----a-w	C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-05-20 16:34:51	482,304	----a-w	C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-10-08 14:27:10	2,902,016	----a-w	C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-05-20 16:34:48	2,902,016	----a-w	C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-10-08 14:27:06	258,048	----a-w	C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-05-20 16:34:41	258,048	----a-w	C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-10-08 14:27:06	114,176	----a-w	C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-05-20 16:34:41	114,176	----a-w	C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-10-08 14:27:15	260,096	----a-w	C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-05-20 16:34:54	260,096	----a-w	C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-10-08 14:27:09	5,156,864	----a-w	C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-05-20 16:34:46	5,156,864	----a-w	C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-10-08 14:27:07	10,752	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-05-20 16:34:43	10,752	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-10-08 14:27:06	507,904	----a-w	C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-05-20 16:34:41	507,904	----a-w	C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-10-08 14:27:06	13,312	----a-w	C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-05-20 16:34:42	13,312	----a-w	C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-10-08 14:27:11	8,192	----a-w	C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-05-20 16:34:49	8,192	----a-w	C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-10-08 14:27:11	36,864	----a-w	C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-05-20 16:34:49	36,864	----a-w	C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-10-08 14:27:12	5,632	----a-w	C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-05-20 16:34:50	5,632	----a-w	C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-10-08 14:27:07	413,696	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-05-20 16:34:42	413,696	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-10-08 14:27:07	36,864	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-05-20 16:34:43	36,864	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-10-08 14:27:07	647,168	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-05-20 16:34:43	647,168	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-10-08 14:27:07	73,728	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-05-20 16:34:43	73,728	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-10-08 14:27:06	749,568	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-05-20 16:34:42	749,568	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-10-08 14:27:16	110,592	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-05-20 16:34:55	110,592	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-10-08 14:27:16	372,736	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-05-20 16:34:55	372,736	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-10-08 14:27:05	28,672	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-05-20 16:34:36	28,672	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-10-08 14:27:15	667,648	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-05-20 16:34:55	667,648	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-10-08 14:27:16	5,632	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-05-20 16:34:56	5,632	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-10-08 14:27:06	12,800	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-05-20 16:34:41	12,800	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-10-08 14:27:05	32,768	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-05-20 16:34:36	32,768	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-10-08 14:27:05	7,168	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-05-20 16:34:40	7,168	----a-w	C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-10-08 14:27:14	110,592	----a-w	C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-05-20 16:34:53	110,592	----a-w	C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-10-08 14:27:08	81,920	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-05-20 16:34:44	81,920	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-10-08 14:27:14	413,696	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-05-20 16:34:53	413,696	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-10-08 14:27:13	716,800	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-05-20 16:34:51	716,800	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-10-08 14:27:06	888,832	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-05-20 16:34:41	888,832	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-10-08 14:27:11	5,001,216	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-05-20 16:34:49	5,001,216	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-10-08 14:27:08	188,416	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-05-20 16:34:45	188,416	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-10-08 14:27:08	397,312	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-05-20 16:34:44	397,312	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-10-08 14:27:08	81,920	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-05-20 16:34:45	81,920	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-10-08 14:27:15	577,536	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-05-20 16:34:54	577,536	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-10-08 14:27:13	372,736	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-05-20 16:34:52	372,736	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-10-08 14:27:15	258,048	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-05-20 16:34:54	258,048	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-10-08 14:27:14	299,008	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-05-20 16:34:52	299,008	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-10-08 14:27:14	131,072	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-05-20 16:34:52	131,072	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-10-08 14:27:08	258,048	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-05-20 16:34:44	258,048	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-10-08 14:27:08	114,688	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-05-20 16:34:45	114,688	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-10-08 14:27:15	835,584	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-05-20 16:34:54	835,584	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-10-08 14:27:09	86,016	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-05-20 16:34:46	86,016	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-10-08 14:27:09	823,296	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll


----------



## jefflimpc (Nov 13, 2007)

+ 2008-05-20 16:34:47	823,296	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-10-08 14:27:10	5,152,768	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-05-20 16:34:47	5,152,768	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-10-08 14:27:10	2,027,520	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-05-20 16:34:48	2,027,520	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-10-08 14:27:15	2,940,928	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-05-20 16:34:53	2,940,928	----a-w	C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-05-17 19:26:59	26,624	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\ce593058179385486e500ed739885db9\Accessibility.ni.dll
+ 2008-05-21 16:41:25	483,328	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ActivityMonitor\f0fa5d485d6f5696209c84cbc77b3e28\ActivityMonitor.ni.dll
+ 2008-05-18 08:31:14	282,624	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ADODB\46fcd5e4e23f575f02e61a57ba504350\ADODB.ni.dll
+ 2008-05-21 16:41:59	8,384,512	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AppIDPackage\f65b4ba095e11617d5f66c2b7ae356d9\AppIDPackage.ni.dll
+ 2008-05-17 19:27:00	888,832	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a4ce6512a108f3e7b3e16514a8849205\AspNetMMCExt.ni.dll
+ 2008-05-21 16:41:20	1,593,344	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ConnectionDlg\8649df4befeca88c2e61c5d035b6109f\ConnectionDlg.ni.dll
+ 2008-05-22 15:09:07	995,328	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CopyDatabaseWizard\d691d57628bd84d0e9a7682a8fdf8553\CopyDatabaseWizard.ni.exe
+ 2008-05-22 15:21:32	237,568	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2e3593cd147ff9d00e88890203ac0a21\CustomMarshalers.ni.dll
+ 2008-05-22 15:09:41	937,984	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DatabaseMailWizard\b6b077502a2cdd6c2eb37e3c970fae2a\DatabaseMailWizard.ni.exe
+ 2008-05-22 15:10:11	188,416	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DBMaintenancePlanHi#\e0edda0edff4dac0180c449ea33f11ff\DBMaintenancePlanHistory.ni.dll
+ 2008-05-22 15:10:42	851,968	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DBMaintenanceProper#\6381dc5267d6cdea05a9fc90a0ce7db9\DBMaintenanceProperties.ni.dll
+ 2008-05-22 15:17:24	466,944	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DBMirroring\59fe0a77db33b11c65bc2b3fb02b8827\DBMirroring.ni.dll
+ 2008-05-21 16:40:25	98,304	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DdsShapesLib\d378f1d27ec262b14328f3f58670ef5c\DdsShapesLib.ni.dll
+ 2008-05-22 15:21:31	15,360	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\781b1411d4bfec1d8e08e9d4561a624d\dfsvc.ni.exe
+ 2008-05-21 16:32:58	192,512	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DTA\36e5f00a771468682e83166ffdfdfa8b\DTA.ni.exe
+ 2008-05-21 16:32:59	749,568	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DTAClient\2337e493974152e45a8c1a48b5c9e3ad\DTAClient.ni.dll
+ 2008-05-21 16:40:45	749,568	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DTAClient\96b9374b451f2e778e155b7bea8f6950\DTAClient.ni.dll
+ 2008-05-21 16:40:47	1,765,376	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DTAShell\f050485444f38f7af4b1aaa41e7eb1be\DTAShell.ni.exe
+ 2008-05-17 19:27:00	102,400	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dtattach\78d116c7d7d9720a93de5caf8787b232\dtattach.ni.exe
+ 2008-05-18 08:31:26	172,032	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DTEParseMgd\1817f1c8d37979a7a5e9d573b2153003\DTEParseMgd.ni.dll
+ 2008-05-18 08:30:26	720,896	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DTSInstall\1552be6a3e6bda4f7a08460ea040f043\DTSInstall.ni.exe
+ 2008-05-18 08:30:34	598,016	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DTSMigrationWizard\a1b77c86ea9e2504ab65e688503a1fdf\DTSMigrationWizard.ni.exe
+ 2008-05-18 08:31:05	1,171,456	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DTSWizard\12ed92d1ee9e3e81cbee0f740762803d\DTSWizard.ni.exe
+ 2008-05-17 19:27:00	589,824	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\EnvDTE\837f5bfb5140d5a9885b29c3563e74c5\EnvDTE.ni.dll
+ 2008-05-22 15:13:13	294,912	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\EnvDTE80\1e7da7a6b7cc473fb1d22ac29a22ee76\EnvDTE80.ni.dll
+ 2008-05-18 08:31:14	41,472	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\interop.msdasc\29ca7b142116b863098956d5e16f142f\interop.msdasc.ni.dll
+ 2008-05-21 16:40:17	348,160	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.ShDocVw\cfba33f2a9bed3aaf872b35f76be35a8\Interop.ShDocVw.ni.dll
+ 2008-05-22 15:16:10	180,224	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.VisioGraph_#\5888c674b9c7dbbccb3d9438dcae0d58\Interop.VisioGraph_2_100.ni.dll
+ 2008-05-21 16:40:19	229,376	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MDXQueryGenerator\ad30b229da80926ce7c9985f0e64674f\MDXQueryGenerator.ni.dll
+ 2008-05-21 16:40:20	1,495,040	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\1231dfa8f8af363ae62d2a320ec81d3e\Microsoft.AnalysisServices.AdomdClient.ni.dll
+ 2008-05-22 15:12:28	114,688	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\1f6df278e3580f88aaa8c68c55baf0fd\Microsoft.AnalysisServices.OleDbDM.ni.dll
+ 2008-05-21 16:32:58	557,056	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\3ae153ed096f320b969a3fd4d44ca19b\Microsoft.AnalysisServices.Xmla.ni.dll
+ 2008-05-21 16:33:04	397,312	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\3b8d580468147d09f9f0e3227a291cf4\Microsoft.AnalysisServices.Graphing.ni.dll
+ 2008-05-22 15:12:26	1,118,208	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\431e7811968de73611cd53117b8f9b7b\Microsoft.AnalysisServices.Browse.ni.dll
+ 2008-05-21 16:40:23	176,128	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\4643fcb60a2fa7510ab53d663c43cb33\Microsoft.AnalysisServices.TimeDimGenerator.ni.dll
+ 2008-05-18 08:32:55	3,063,808	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\5b89fd2137356ff9bee3439bfeb765d4\Microsoft.AnalysisServices.ni.dll
+ 2008-05-22 15:12:24	63,488	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\6d6f9e4051169291066206ec6d6e995c\Microsoft.AnalysisServices.Normalizer.ni.dll
+ 2008-05-22 15:13:15	348,160	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\86c2424f78122993eb883bda55316f96\Microsoft.AnalysisServices.DeploymentEngine.ni.dll
+ 2008-05-22 15:12:34	2,818,048	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\988cd25cb2099ccffbda6a2edee7cbdd\Microsoft.AnalysisServices.Project.ni.dll
+ 2008-05-22 15:12:32	172,032	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\a700f63d84e7a5453e9dee990f6fc300\Microsoft.AnalysisServices.Commands.ni.dll
+ 2008-05-22 15:12:24	253,952	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\ae2fb25a6dbb5ea4f5c2f48f572b42be\Microsoft.AnalysisServices.OneClickCube.ni.dll
+ 2008-05-22 15:20:31	5,959,680	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\d551cfd3866f1aa0445cad87f5081ec0\Microsoft.AnalysisServices.Controls.ni.dll
+ 2008-05-22 15:12:28	1,966,080	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\dc52caef3af481eb52be2d91ade3a9e3\Microsoft.AnalysisServices.Viewers.ni.dll
+ 2008-05-22 15:12:31	2,969,600	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\e3fd94cba7b18f43cf8f3610c86dfde4\Microsoft.AnalysisServices.ManagementDialogs.ni.dll
+ 2008-05-21 16:40:14	5,959,680	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\ec391b3455d65415fccdb5c4b545a8d4\Microsoft.AnalysisServices.Controls.ni.dll
+ 2008-05-22 15:11:51	10,743,808	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.AnalysisS#\fb3d361f867836a28ceeb12116decbcc\Microsoft.AnalysisServices.Design.ni.dll
+ 2008-05-22 15:21:34	880,640	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\df0028441d78de1ed17952d38d29d846\Microsoft.Build.Engine.ni.dll
+ 2008-05-21 16:42:12	81,920	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\7654338bf64cd72aaab9695cd4ff8fd9\Microsoft.Build.Framework.ni.dll
+ 2008-05-22 15:21:36	1,687,552	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\be1c625f14d95edfe8791a0b33ff14f7\Microsoft.Build.Tasks.ni.dll
+ 2008-05-21 16:42:11	163,840	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\7ef0a03b502fa4097b1016b2a1f57580\Microsoft.Build.Utilities.ni.dll
+ 2008-05-21 16:40:25	17,408	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Data.Conn#\c6d21b302fd9ee0927257b96c88409c5\Microsoft.Data.ConnectionUI.ni.dll
+ 2008-05-21 16:40:24	700,416	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Data.Conn#\f8dafe426a1c24d87e01bc67693e8a00\Microsoft.Data.ConnectionUI.Dialog.ni.dll
+ 2008-05-22 15:13:21	1,826,816	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\1f9a7a3b97a1eec06e14a2a6014547e8\Microsoft.DatatransformationServices.DataFlowUI.ni.dll
+ 2008-05-22 15:14:00	19,968	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\46c23d81e054556bfec9a6c592748029\Microsoft.DataTransformationServices.Interfaces.ni.dll
+ 2008-05-22 15:17:23	573,440	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\49144717b97ac8ba1a9420b23426cc3f\Microsoft.DatatransformationServices.DTSExecUI.Controls.ni.dll
+ 2008-05-18 08:30:16	1,613,824	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\4ab0d04b3652be569d7b4f1ddf4efbf0\Microsoft.DataTransformationServices.Controls.ni.dll
+ 2008-05-22 15:15:07	1,224,704	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\7ad20bf4e37ed116d624c79fd1eeeae7\Microsoft.DataTransformationServices.Wizards.ni.dll
+ 2008-05-22 15:13:28	7,151,616	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\8c2b3c7a511d74434b3b131060bbc079\Microsoft.DataTransformationServices.Design.ni.dll
+ 2008-05-22 15:14:33	745,472	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.DataTrans#\95e3a6d96e4e98f2578213e4c8b754f7\Microsoft.DataTransformationServices.VsIntegration.ni.dll
+ 2008-05-21 16:40:24	106,496	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\364d070e2d2b17fcf982bb0d883a8d7a\Microsoft.DataWarehouse.SQM.ni.dll
+ 2008-05-21 16:33:07	2,928,640	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\37bb4885513ef96bf94b85dc568ea767\Microsoft.DataWarehouse.ni.dll
+ 2008-05-21 16:32:57	49,664	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\38fdfa394538202ca557821a60a15f1e\Microsoft.DataWarehouse.Interfaces.ni.dll
+ 2008-05-22 15:16:09	81,920	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\54d8c33d133ddfcbfc6030f38826cbf7\Microsoft.DataWarehouse.Layout.ni.dll
+ 2008-05-22 15:12:37	1,630,208	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\bc2e6a0bf9368d7d419f42a15cddd8f5\Microsoft.DataWarehouse.VsIntegration.ni.dll
+ 2008-05-22 15:20:36	2,904,064	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.DataWareh#\ccb2374fd830eb0ab350696db308b485\Microsoft.DataWarehouse.ni.dll
+ 2008-05-18 08:30:23	2,441,216	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\26053dcc914a1e80985130dbea110845\Microsoft.JScript.ni.dll
+ 2008-05-21 16:40:32	163,840	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.MSXML\8d9c3fa2720d239d0ea8d924490d60d5\Microsoft.MSXML.ni.dll
+ 2008-05-18 08:30:18	249,856	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.NetEnterp#\14b6a5a8f5fff56a322d7fa3c246c041\Microsoft.NetEnterpriseServers.ExceptionMessageBox.ni.dll
+ 2008-05-21 16:40:18	1,089,536	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\26b40ec2d9779d4f0182f8f505995f64\Microsoft.Office.Interop.Owc11.ni.dll
+ 2008-05-21 16:40:08	1,495,040	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\01cdd32542d25bfe4914be254229a517\Microsoft.ReportingServices.Diagnostics.ni.dll
+ 2008-05-22 15:20:45	2,899,968	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\5ffc6772f1e1288e29296d84b7f49e88\Microsoft.ReportingServices.SemanticQueryDesign.ni.dll
+ 2008-05-22 15:20:46	733,184	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\63169ae8be0198b9cce4ff9ff5e62ee0\Microsoft.ReportingServices.Design.ni.dll
+ 2008-05-21 16:41:52	1,478,656	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\82d55557ae19611ba2edb54d670c28b0\Microsoft.ReportingServices.Diagnostics.ni.dll
+ 2008-05-22 15:20:41	2,322,432	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\86ce432762cc89a58e4d6257d208a48f\Microsoft.ReportingServices.Modeling.ni.dll
+ 2008-05-22 15:20:39	1,847,296	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\8fd0c651307124afced31aa0dac2d31b\Microsoft.ReportingServices.QueryDesigners.ni.dll
+ 2008-05-22 15:20:47	520,192	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\b6c5e38c926a87cb00d2a6c5293e399b\Microsoft.ReportingServices.DataExtensions.ni.dll
+ 2008-05-21 16:40:07	102,400	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Reporting#\cf95f39c96e6ce13a112ee6f7a6be267\Microsoft.ReportingServices.Interfaces.ni.dll
+ 2008-05-21 16:42:11	151,552	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.ReportVie#\0194e8b9a32a28a8b46bbfabd61beb90\Microsoft.ReportViewer.ProcessingObjectModel.ni.dll
+ 2008-05-21 16:42:10	10,289,152	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.ReportVie#\b011a7df87596220639f746a695f09e7\Microsoft.ReportViewer.Common.ni.dll
+ 2008-05-21 16:42:02	1,032,192	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.ReportVie#\b64a896943decd299ddf436e77602e97\Microsoft.ReportViewer.WinForms.ni.dll
+ 2008-05-18 08:30:43	51,200	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\038e17ea7f899671a27833434e4c0548\Microsoft.SqlServer.ActiveXScriptTask.ni.dll
+ 2008-05-18 08:32:49	118,784	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\05adbd8afe6cb92599fa850b65a99934\Microsoft.SqlServer.ASTasks.ni.dll
+ 2008-05-18 08:32:31	94,208	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0d738f978a0b8eb0bbdf951d69a1088e\Microsoft.SqlServer.ADONETSrc.ni.dll
+ 2008-05-18 08:31:01	81,920	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\0ec1441ca7beb2f666fae148997b0e0a\Microsoft.SqlServer.WmiEnum.ni.dll
+ 2008-05-18 08:33:56	77,824	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\16affe10f2e0b07a25a31357c85fb6e3\Microsoft.SqlServer.TableTransferGeneratorTask.ni.dll
+ 2008-05-18 08:30:24	249,856	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1a3701179865a026fda579e446d16b1e\Microsoft.SqlServer.ScriptTask.ni.dll
+ 2008-05-18 08:30:37	34,304	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1b4aeb715fff113d6ae42035250aa63f\Microsoft.SqlServer.DTS8HelperObjectModel.ni.dll
+ 2008-05-22 15:21:41	1,028,096	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1cfab200f5bc9c00ab0792750bde2f8d\Microsoft.SqlServer.WizardFrameworkLite.ni.dll
+ 2008-05-18 08:31:01	36,352	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1f1365ec6d19a05ce1c2342d9c506e66\Microsoft.SqlServer.ServiceBrokerEnum.ni.dll
+ 2008-05-18 08:30:16	118,784	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\1f44aa4296433f87123d76eafdec0286\Microsoft.SqlServer.DlgGrid.ni.dll
+ 2008-05-18 08:30:47	106,496	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\21e90bc79a19563d3fc64c27e48aa1b1\Microsoft.SqlServer.FtpTask.ni.dll
+ 2008-05-18 08:31:24	69,632	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2235fae0ae4660c2e8d2f6e2919eb41d\Microsoft.SqlServer.Dts.DtsClient.ni.dll
+ 2008-05-18 08:30:38	86,016	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\22b1b215630320b6f1e213f1090d11f6\Microsoft.SqlServer.DtsMigration.ni.dll
+ 2008-05-18 08:30:46	31,744	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\22ccc5a0b63ef9c6c03ad17559487bf0\Microsoft.SqlServer.SQLTaskConnectionsWrap.ni.dll
+ 2008-05-18 08:30:44	389,120	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\243e8a6ba002d1e83f2e226249fd84ff\Microsoft.SqlServer.BulkInsertTaskConnections.ni.dll
+ 2008-05-21 16:32:55	200,704	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\24867e6561a4c0e3b528dcaa03512b9e\Microsoft.SqlServer.WebServiceTask.ni.dll
+ 2008-05-18 08:30:14	151,552	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\25e76224ff6693dfa7618dca7fac0555\Microsoft.SqlServer.PipelineHost.ni.dll
+ 2008-05-18 08:31:02	110,592	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\2b8268036031a2c71c966cfe7d19dced\Microsoft.SqlServer.TransferStoredProceduresTask.ni.dll
+ 2008-05-18 08:30:44	131,072	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\314fa5ba519cc99fcd05b99d53513f98\Microsoft.SqlServer.BulkInsertTask.ni.dll
+ 2008-05-18 08:30:13	81,920	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\316a74a402510d42e810809517d90c44\Microsoft.SqlServer.SqlTDiagM.ni.dll
+ 2008-05-18 08:31:00	3,252,224	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\32d11090f1008dc24187d126bb668067\Microsoft.SqlServer.Replication.ni.dll
+ 2008-05-18 08:30:55	5,181,440	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\358294167314c8d276dcbe073f981e55\Microsoft.SqlServer.Smo.ni.dll
+ 2008-05-17 19:27:07	33,280	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\35ad12141e995af37b28a09e8da77cba\Microsoft.SqlServer.Dts.Design.ni.dll
+ 2008-05-21 16:32:56	90,112	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\39ecf7d90f0dddd6d679e7935d0a3bad\Microsoft.SqlServer.WMIEWTask.ni.dll
+ 2008-05-18 08:31:26	86,016	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3cdb08bab751766e943c6a5008d08ec1\Microsoft.SqlServer.DataReaderDest.ni.dll
+ 2008-05-18 08:31:19	45,568	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3e588b4534d26d6b64cc90e5864860e2\Microsoft.SqlServer.DTEnum.ni.dll
+ 2008-05-18 08:33:37	491,520	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\3e626dd326cb2d83c18915549f3db6ae\Microsoft.SqlServer.MaintenancePlanTasks.ni.dll
+ 2008-05-18 08:30:57	1,372,160	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\403654797c35169781d9057edc85c37d\Microsoft.SqlServer.Rmo.ni.dll
+ 2008-05-18 08:31:14	22,528	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\404c2124bd98c97df6ab3af059bf4164\Microsoft.SqlServer.DTSUtilities.ni.dll
+ 2008-05-18 08:30:19	368,640	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\486595d5fb4162394140b6be918578e8\Microsoft.SqlServer.SmoEnum.ni.dll
+ 2008-05-18 08:30:44	36,352	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4866f3331b4ed42571be70222ef46c85\Microsoft.SqlServer.HelperUtility.ni.dll
+ 2008-05-18 08:32:15	155,648	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4b54cd812d36b3616e4cc414464fcc99\Microsoft.SqlServer.MgdSqlDumper.ni.dll
+ 2008-05-18 08:30:38	335,872	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\4c3e4e84ae098e6c7773e7bfe3e885bb\Microsoft.SqlServer.Dts80.ni.dll
+ 2008-05-18 08:31:49	176,128	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\556333dcec039811517aa5afb92af9f7\Microsoft.SqlServer.PipelineXML.ni.dll
+ 2008-05-18 08:31:03	106,496	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\55c7eb78422d532aacedbace8dce3b13\Microsoft.SqlServer.TransferJobsTask.ni.dll
+ 2008-05-18 08:30:43	212,992	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5810bb53a6f57f3816ff4f75d3d2f09a\Microsoft.SqlServer.ActiveXScriptTaskUtil.ni.dll
+ 2008-05-18 08:30:46	131,072	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5d2d9c5ed73a5175899a95941e9660da\Microsoft.SqlServer.SQLServerHelperUtil.ni.dll
+ 2008-05-18 08:31:44	18,432	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\5fb4484eb7c9ee5baf4fec13aa9036ff\Microsoft.SqlServer.ForEachFileEnumeratorWrap.ni.dll
+ 2008-05-18 08:32:41	323,584	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\60a8ef21004679d2e60f6b99ee15ecfa\Microsoft.SqlServer.TxScript.ni.dll
+ 2008-05-21 16:32:56	364,544	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\60daa5794dd918a9ee8cd656bb97528f\Microsoft.SqlServer.XMLTask.ni.dll
+ 2008-05-18 08:30:56	1,249,280	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\637373dc9aba8c57233bd26f02496cdb\Microsoft.SqlServer.SqlEnum.ni.dll
+ 2008-05-22 15:19:52	737,280	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\658c1458e8430bacff1d8f01d3b5536b\Microsoft.SqlServerCe.Client.ni.dll
+ 2008-05-18 08:31:14	143,360	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\673685b4048d7c9b82716c40eaa25ac8\Microsoft.SqlServer.DtsTransferProvider.ni.dll
+ 2008-05-22 15:21:38	1,024,000	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\683c0cb960cebe9c0ebc1ab7706cca31\Microsoft.SqlServer.MaintenancePlanTasksUI.ni.dll
+ 2008-05-18 08:30:18	184,320	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6958d0ec3e17f772cfbbbdcc7c47da61\Microsoft.SqlServer.DataStorage.ni.dll
+ 2008-05-21 16:32:55	94,208	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6ac45dfe2cd5bd4b51c36f2279dafc91\Microsoft.SqlServer.WMIDRTask.ni.dll
+ 2008-05-18 08:32:15	73,728	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6e478924d82000f9aa857fa84f92ad9b\Microsoft.SqlServer.ManagedConnections.ni.dll
+ 2008-05-18 08:32:25	41,984	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\6f99f70d6583876a992246d5f31afc23\Microsoft.SqlServer.ForEachNodeListEnumerator.ni.dll
+ 2008-05-18 08:30:42	73,728	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\705145d751f836d5710450ae2819b2fa\Microsoft.SqlServer.DTSCustTasks.ni.dll
+ 2008-05-18 08:30:18	90,112	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\71b17d418ac88c8b153b7dcc784ae6f0\Microsoft.SqlServer.CustomControls.ni.dll
+ 2008-05-22 15:18:41	4,845,568	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7635e5638af7ce94c9fe52fbbccef5ce\Microsoft.SqlServer.NotificationServices.ni.dll
+ 2008-05-22 15:17:25	491,520	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\784c57d545120774911cf7bb287c1850\Microsoft.SqlServer.MaintenancePlanTasks.ni.dll
+ 2008-05-18 08:30:20	319,488	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\79dbc6221dc7509ed9021464b751e110\Microsoft.SqlServer.ConnectionInfo.ni.dll
+ 2008-05-18 08:30:25	69,632	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7e77ca9465571d040640a61b2451728f\Microsoft.SqlServer.VSAHostingDT.ni.dll
+ 2008-05-18 08:30:40	253,952	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\7fb533a80c0925b1cea65f4f9073478b\Microsoft.SqlServer.TasksMigrationModules.ni.dll
+ 2008-05-18 08:30:27	1,036,288	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\80511a5588da4612c82c597a567fa3b9\Microsoft.SqlServer.WizardFramework.ni.dll
+ 2008-05-18 08:31:01	37,376	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\81a17650106d8b94d82e457ba6a61b05\Microsoft.SqlServer.CDWTasks.ni.dll
+ 2008-05-18 08:30:17	561,152	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\8709a5d7ab3d79fe0feb6e296112fe0b\Microsoft.SqlServer.GridControl.ni.dll
+ 2008-05-18 08:32:21	25,600	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\880ca000366da8fc21b39f5ac1fd1f82\Microsoft.SqlServer.ForEachFromVarEnumerator.ni.dll
+ 2008-05-18 08:32:19	73,728	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\91d6725f2fab437b964b2cdbb5ec22f4\Microsoft.SqlServer.ForEachADOEnumerator.ni.dll
+ 2008-05-22 15:16:11	397,312	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\91fc76bc6bc939bb019bf0e492d80cc7\Microsoft.SqlServer.DtsObjectExplorerUI.ni.dll
+ 2008-05-22 15:17:26	1,138,688	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\944d2494a7f70f30c2174e17564431fa\Microsoft.SqlServer.MaintenancePlanTasksUI.ni.dll
+ 2008-05-18 08:30:47	618,496	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\959fdcddd4828444bfd83c98742c9c76\Microsoft.SqlServerCe.Dts.Provider.ni.dll
+ 2008-05-18 08:30:14	172,032	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\97aac445ee3502d34d8c6cd8fe467af7\Microsoft.SqlServer.DtsMsg.ni.dll
+ 2008-05-18 08:30:20	659,456	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\97c9b82bfbaf24adedc6eb1b39777862\Microsoft.SqlServer.BatchParser.ni.dll
+ 2008-05-18 08:30:46	147,456	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9b59dc77ad66f296e41ca2b83a594ae5\Microsoft.SqlServer.SQLTask.ni.dll
+ 2008-05-18 08:30:25	77,824	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\9fecb13ed14bf0f8e29e04ea01e7bf32\Microsoft.SqlServer.VSAHosting.ni.dll
+ 2008-05-18 08:30:34	40,448	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a7b13d944c5b178dd80d5ef142b37ed6\Microsoft.SqlServer.SString.ni.dll
+ 2008-05-22 15:18:42	655,360	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\a809fcaedab3ae2a3c431a747271bccf\Microsoft.SqlServer.NotificationServices.Rules.ni.dll
+ 2008-05-17 19:27:08	139,264	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\ab205675eaa8916552e9a10ce51bb2f7\Microsoft.SqlServer.DTSPipelineWrap.ni.dll
+ 2008-05-18 08:30:45	23,552	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\aba7e2bc5e4ef3877c55fe64cc71f533\Microsoft.SqlServer.VariablesMigrationModule.ni.dll
+ 2008-05-21 16:42:00	598,016	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b0600b59a33901368d2a051a6b372888\Microsoft.SqlServer.SqlTools.VSIntegration.ni.dll
+ 2008-05-18 08:30:38	46,080	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b09ac8de96379ee73fe36d3d6dac1bf4\Microsoft.SqlServer.DTS8HelperUtility.ni.dll
+ 2008-05-18 08:30:43	126,976	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b60612b26ed8a928d82020209ca64e8e\Microsoft.SqlServer.Exec80PackageTask.ni.dll


----------



## jefflimpc (Nov 13, 2007)

+ 2008-05-17 19:27:07	106,496	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\b7af6660871ac62830f68efec26c5003\Microsoft.SqlServer.ScriptTaskUI.ni.dll
+ 2008-05-18 08:30:48	163,840	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\bc7bd71d1b697e90f00e5401a1886375\Microsoft.SqlServer.MSMQTask.ni.dll
+ 2008-05-17 19:27:09	708,608	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c10dc7b0fef7a2a87b1cf2844b86f995\Microsoft.SqlServer.ManagedDTS.ni.dll
+ 2008-05-18 08:31:04	31,744	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c3a570931cb153fcea486cbb50815d9d\Microsoft.SqlServer.ConnectionsMigrationModule.ni.dll
+ 2008-05-18 08:30:13	524,288	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c7203375e49eb61fb1bf04d976ec7ad6\Microsoft.SqlServer.msxml6_interop.ni.dll
+ 2008-05-18 08:32:44	524,288	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c743637b9c5b9fa7fc50b70771735764\Microsoft.SqlServer.XmlSrc.ni.dll
+ 2008-05-18 08:30:49	94,208	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c8e1022bc45e3e8c71a71815253e3a59\Microsoft.SqlServer.SendMailTask.ni.dll
+ 2008-05-18 08:31:03	196,608	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\c986c18736b115754b51e3aedadb7b8f\Microsoft.SqlServer.TransferSqlServerObjectsTask.ni.dll
+ 2008-05-18 08:31:02	110,592	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d2268c5c5a21a23240ea8b5d5e93fa6e\Microsoft.SqlServer.TransferErrorMessagesTask.ni.dll
+ 2008-05-18 08:30:43	24,064	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d5fc537cfaaf66e98fc2a6252d2b8ef3\Microsoft.SqlServer.DTS9HelperUtility.ni.dll
+ 2008-05-21 16:32:54	237,568	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\d82f025d3da43481cee4d3347b3ea172\Microsoft.SqlServer.TransferObjectsTask.ni.dll
+ 2008-05-18 08:31:01	143,360	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\dccfc72fd075b6d59f5ba77da0006be5\Microsoft.SqlServer.RegSvrEnum.ni.dll
+ 2008-05-18 08:30:49	114,688	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\dd6b3c7f99ed9fb4a48e517ec9e7e5d7\Microsoft.SqlServer.TransferLoginsTask.ni.dll
+ 2008-05-18 08:30:48	98,304	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\dda992dfec3b10060d8cc50f8c3c9dd8\Microsoft.SqlServer.FileSystemTask.ni.dll
+ 2008-05-18 08:30:45	86,016	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e225b483cc33fa4cb00cb10061af9f45\Microsoft.SqlServer.ExecProcTask.ni.dll
+ 2008-05-18 08:31:03	106,496	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e5003722d9c100802b1de88a060f746f\Microsoft.SqlServer.TransferDatabasesTask.ni.dll
+ 2008-05-18 08:32:37	94,208	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e5114fbf5d4757dff142dcf701ec4502\Microsoft.SqlServer.SqlCEDest.ni.dll
+ 2008-05-18 08:31:04	19,456	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e6f3a9f7459b01856704b9f69a6a3e51\Microsoft.SqlServer.WorkFlowMigrationModule.ni.dll
+ 2008-05-21 16:41:19	27,648	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e974a239419c84e504d806ebf6f8d211\Microsoft.SqlServer.Instapi.ni.dll
+ 2008-05-18 08:31:41	23,552	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\e9c9aa13238c5b161fbef1285d927410\Microsoft.SqlServer.DtsServer.Interop.ni.dll
+ 2008-05-18 08:32:27	73,728	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\edf26f85bef374413c7a751ca2c041e7\Microsoft.SqlServer.ForEachSMOEnumerator.ni.dll
+ 2008-05-21 16:32:57	118,784	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f004e24fb016da5d8cb3521ce38fa68d\Microsoft.SqlServer.OlapEnum.ni.dll
+ 2008-05-22 15:16:44	864,256	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f0e75cc031fa3508e707a0ade421412e\Microsoft.SqlServer.Management.MaintenancePlanWizard.ni.dll
+ 2008-05-18 08:31:45	49,152	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f4cdc07cec39604b80f11dcf72d96a3f\Microsoft.SqlServer.PackageFormatUpdate.ni.dll
+ 2008-05-22 15:21:40	376,832	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f6f05a903b9ac7674762ff3d32023947\Microsoft.SqlServer.Setup.ni.dll
+ 2008-05-17 19:27:08	380,928	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\f970e23fd06cab3d233be3ff29404701\Microsoft.SqlServer.DTSRuntimeWrap.ni.dll
+ 2008-05-21 16:41:19	22,016	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fc314e535ad7394def33c9e270583a27\Microsoft.SqlServer.Edition.ni.dll
+ 2008-05-22 15:15:06	17,920	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.SqlServer#\fdec19387367a850a93c5dbc67f289fc\Microsoft.SqlServer.ExecPackageTaskWrap.ni.dll
+ 2008-05-21 16:42:13	1,720,320	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\77d025b9488dd3117c9495338b766dcd\Microsoft.VisualBasic.ni.dll
+ 2008-05-17 19:27:09	17,920	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\0649d2304bb1bfae3284cee6d2e16798\Microsoft.VisualC.ni.dll
+ 2008-05-22 15:13:12	655,360	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\0b8c791f204a03244f9b9de5f8bf9c52\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2008-05-21 16:40:43	81,920	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\10e139a583ef0250a345b20446c0b1b3\Microsoft.VisualStudio.vspSqlTDiagM.ni.dll
+ 2008-05-21 16:40:30	4,513,792	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\27c7c10539e00090089da08c9a80efc5\Microsoft.VisualStudio.DataTools.ni.dll
+ 2008-05-22 15:21:46	241,664	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\439bfbe8135de7cc2243963b4db25b31\Microsoft.VisualStudio.Configuration.ni.dll
+ 2008-05-21 16:40:42	36,352	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4656afbed5138f2e5c0a3736d1707647\Microsoft.VisualStudio.vspServiceBrokerEnum.ni.dll
+ 2008-05-21 16:40:34	360,448	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4985dfeab5c1f6712183d2f8968945c8\Microsoft.VisualStudio.vspSmoEnum.ni.dll
+ 2008-05-22 15:13:10	23,040	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\601ed5e10cdbbb433a7885b7a4acb626\Microsoft.VisualStudio.Designer.Interfaces.ni.dll
+ 2008-05-21 16:40:44	901,120	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\60ea0fdf4dcd8528014843e3caab724a\Microsoft.VisualStudio.Shell.ni.dll
+ 2008-05-22 15:21:47	1,200,128	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6e92145391d82fccb21a481b6f3f8a56\Microsoft.VisualStudio.Design.ni.dll
+ 2008-05-21 16:40:25	86,016	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\71720bd00347dce755a586cc4cd5506a\Microsoft.VisualStudio.DataTools.Interop.ni.dll
+ 2008-05-21 16:40:25	573,440	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\7730e546ac060afb28c46c86b30d52df\Microsoft.VisualStudio.Shell.Interop.ni.dll
+ 2008-05-21 16:40:32	561,152	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\950f354bcf3056afa9de822a05fbf3ee\Microsoft.VisualStudio.vspGridControl.ni.dll
+ 2008-05-21 16:40:33	458,752	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\9c9b60f5899a08608c6c4e8622e21a7f\Microsoft.VisualStudio.Debugger.Interop.ni.dll
+ 2008-05-21 16:40:40	5,111,808	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a81a74978b1ade5c10f3049579e62317\Microsoft.VisualStudio.vspSmo.ni.dll
+ 2008-05-21 16:40:34	315,392	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b2cc03e97aa6fea1eda6ec658b338e66\Microsoft.VisualStudio.vspConnectionInfo.ni.dll
+ 2008-05-22 15:21:45	2,023,424	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b47b3ce21a7a2b818cfe5a58f8419363\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2008-05-21 16:40:42	135,168	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b6576ff0dd66349e30b2790c851dd035\Microsoft.VisualStudio.vspRegSvrEnum.ni.dll
+ 2008-05-22 15:21:43	708,608	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b852def77f96de516a07a48f9eec394f\Microsoft.VisualStudio.ni.dll
+ 2008-05-21 16:40:33	630,784	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bed2bf03854f24b1543a09b121add45d\Microsoft.VisualStudio.vspBatchParser.ni.dll
+ 2008-05-22 15:21:50	4,038,656	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c0144da93853b6a7f47dda4534afeffd\Microsoft.VisualStudio.Editors.ni.dll
+ 2008-05-22 15:21:52	868,352	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c21a8dfa2010a959deb39ed54ee970e3\Microsoft.VisualStudio.Windows.Forms.ni.dll
+ 2008-05-21 16:40:41	81,920	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\dc2cf371774272306d352927b776b372\Microsoft.VisualStudio.vspWmiEnum.ni.dll
+ 2008-05-21 16:40:31	405,504	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\dcb507d737a5938b76249e67e7b1f9a6\Microsoft.VisualStudio.Data.ni.dll
+ 2008-05-21 16:40:31	139,264	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e2f166d1f2208cc5d03ffc6377bf83e6\Microsoft.VisualStudio.TextManager.Interop.8.0.ni.dll
+ 2008-05-21 16:40:09	315,392	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e4cfaa741ad87d1c2f1440f784771ec0\Microsoft.VisualStudiLE.Interop.ni.dll
+ 2008-05-21 16:40:41	1,241,088	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e56d8f485416d23fa3691944a286836c\Microsoft.VisualStudio.vspSqlEnum.ni.dll
+ 2008-05-21 16:40:44	14,848	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e8e6999bb9743df3cdef90c4ea6638f5\Microsoft.VisualStudio.ProjectAggregator.ni.dll
+ 2008-05-21 16:40:31	372,736	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ea426511450cf91d2c3438cece1767cc\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll
+ 2008-05-21 16:40:26	73,728	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ead2597dbbe60e10909552e496a7a962\Microsoft.VisualStudio.Data.Interop.ni.dll
+ 2008-05-18 08:30:19	31,744	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ec67d4c7153ec60bae5cfbd137eef2ff\Microsoft.VisualStudio.VSHelp.ni.dll
+ 2008-05-18 08:30:19	23,552	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ee7071d7a9d36c6a51e924527fd42ae1\Microsoft.VisualStudio.VSHelp80.ni.dll
+ 2008-05-21 16:40:26	294,912	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f211abb9daa3fb703a5c9862566aed97\Microsoft.VisualStudio.TextManager.Interop.ni.dll
+ 2008-05-18 08:30:24	77,824	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\e3328303e5d50b6ebecc1abc95a0572c\Microsoft.Vsa.ni.dll
+ 2008-05-21 16:40:19	638,976	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscomctl\e48f5a8df05f894073bec34ae2777207\mscomctl.ni.dll
+ 2008-05-17 19:18:57	11,304,960	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\034ef3860a87b960f28c577461a5471d\mscorlib.ni.dll
+ 2008-05-21 16:40:18	14,336	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSDATASRC\5229ae244c0ed33d70cd1dcddfb1f05a\MSDATASRC.ni.dll
+ 2008-05-22 15:16:09	94,208	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msddslmp\59d0dfa08d85839e24d050acb0b89d1e\msddslmp.ni.dll
+ 2008-05-21 16:33:07	372,736	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msddsp\696cd57ce098fe3e2b67ed5b0b03e54a\msddsp.ni.dll
+ 2008-05-18 08:32:11	389,120	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MsDtsSrvr\b7b835e7a64b6e781a925ea3c1479394\MsDtsSrvr.ni.exe
+ 2008-05-21 16:40:23	3,026,944	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msmgdsrv\05e1167536ef20ae221127da4b912f66\msmgdsrv.ni.dll
+ 2008-05-22 15:09:40	98,304	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\NetShareEnum\7d1813481fbd7fdba4a2e9a959aa90b3\NetShareEnum.ni.dll
+ 2008-05-22 15:17:36	3,526,656	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ObjectExplorer\271757287df328aaeab77b2088a92c72\ObjectExplorer.ni.dll
+ 2008-05-22 15:18:07	774,144	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ObjectExplorerNotif#\a2ea28cc0a4ccfee9151f97d54c4f89d\ObjectExplorerNotificationServices.ni.dll
+ 2008-05-22 15:18:45	249,856	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ObjectExplorerRepli#\0ecfb13e6ac321fd4a7b213df2af015b\ObjectExplorerReplication.ni.dll
+ 2008-05-22 15:21:32	25,088	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PerformanceCounter\f083cd35ff8067bfaa0a814cf67b34a9\PerformanceCounter.ni.dll
+ 2008-05-21 16:41:22	786,432	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\pfclnt90\527b837b868bb4cc019e8ff0ab5c646f\pfclnt90.ni.dll
+ 2008-05-21 16:41:22	921,600	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\pfui90\43df76ea7d1733069422413973709fb5\pfui90.ni.dll
+ 2008-05-21 16:41:24	921,600	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\pfui90\677dd351587bd50e560428f6db7625a7\pfui90.ni.dll
+ 2008-05-21 16:41:21	626,688	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\pfutil90\fca7e920ad929bfe4f17f997ca134dff\pfutil90.ni.dll
+ 2008-05-21 16:40:09	290,816	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ReportingServicesNa#\5832f87e4c8e4d495dd0d814c4bd462f\ReportingServicesNativeClient.ni.dll
+ 2008-05-22 15:19:19	2,236,416	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SQLEditors\46c6965c0346aa9ece49cac23f2737db\SQLEditors.ni.dll
+ 2008-05-22 15:17:22	10,846,208	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SqlManagerUI\625ceb8c52f0322a820854fa86737fa0\SqlManagerUI.ni.dll
+ 2008-05-21 16:33:03	5,427,200	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SqlMgmt\ac72ceed0628d46c1ad738aaab2ab89c\SqlMgmt.ni.dll
+ 2008-05-22 15:21:33	42,496	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SqlToolsMailUtiliti#\d28940b0385c28a66a5c23374c979f50\SqlToolsMailUtilities.ni.dll
+ 2008-05-21 16:33:03	98,304	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SqlWorkbench.Interf#\b1025879424a7e27c5f100e2de1e4c7c\SqlWorkbench.Interfaces.ni.dll
+ 2008-05-22 15:19:53	364,544	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SqlWorkbenchProject\14b6972516b66b21d20eb9ff4b23eb2a\SqlWorkbenchProject.ni.dll
+ 2008-05-18 08:30:25	44,544	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\stdole\19ec59a02442836082b710b5ff43658a\stdole.ni.dll
+ 2008-05-18 08:30:12	163,840	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\3a1c2ee523443e2871b84e9f4f3b4182\System.Configuration.Install.ni.dll
+ 2008-05-17 19:27:01	1,003,520	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\618600566aec148a5f174de893dde45a\System.Configuration.ni.dll
+ 2008-05-18 08:30:10	1,179,648	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\a9d92ce314a87b2db02317afed5189d0\System.Data.OracleClient.ni.dll
+ 2008-05-22 15:19:52	618,496	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\8efd682800e07504c6fd8fb77c3bd22c\System.Data.SqlServerCe.ni.dll
+ 2008-05-17 19:27:04	2,695,168	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\1b5f96b1784d12ae017a0ec2a52ecb9a\System.Data.SqlXml.ni.dll
+ 2008-05-17 19:21:11	6,676,480	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\513e5f89f6ad0efeb7550594c91dcbaf\System.Data.ni.dll
+ 2008-05-17 19:27:07	1,724,416	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\934f7b35cc65c4d69323adfeae932e28\System.Deployment.ni.dll
+ 2008-05-17 19:21:36	10,702,848	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\1477de60f3da99e23fe3ff6d9ad5efa2\System.Design.ni.dll
+ 2008-05-18 08:30:11	512,000	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\0a3a086d9ee6d447251e7db22f0f56c1\System.DirectoryServices.Protocols.ni.dll
+ 2008-05-17 19:27:12	1,216,512	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\253f0e25646dcd62ea75813881cc9810\System.DirectoryServices.ni.dll
+ 2008-05-17 19:21:41	229,376	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\688ab895b74be29877f603f794a5ea79\System.Drawing.Design.ni.dll
+ 2008-05-17 19:21:40	1,601,536	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\acf5b62627392ecd5ee166ea913d8848\System.Drawing.ni.dll
+ 2008-05-17 19:27:10	659,456	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\0652f6c1958e7bae03e2775200a87c94\System.EnterpriseServices.ni.dll
+ 2008-05-17 19:27:10	294,912	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\0652f6c1958e7bae03e2775200a87c94\System.EnterpriseServices.Wrapper.dll
+ 2008-05-18 08:30:22	1,064,960	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\dbe097b3c49715bc7d11e21036559ddd\System.Management.ni.dll
+ 2008-05-18 08:30:49	655,360	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Messaging\df61e714a7cd81ab9f4cfd48561bcba5\System.Messaging.ni.dll
+ 2008-05-17 19:27:13	815,104	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4ed02a4f77380eb9e0f4c886e39f06e6\System.Runtime.Remoting.ni.dll
+ 2008-05-17 19:27:06	339,968	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\da4b6ad467134da3fa79040c77ed30a4\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-05-17 19:27:05	729,088	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\7a7aaec5706ec70a36a789660880cf30\System.Security.ni.dll
+ 2008-05-18 08:30:12	229,376	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e6c6262013fdb8192eb57855f5c7d74a\System.ServiceProcess.ni.dll
+ 2008-05-17 19:27:10	684,032	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\5590504450c6432baa8fb8b401fd79e5\System.Transactions.ni.dll
+ 2008-05-22 15:21:54	2,306,048	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\1c1f0ac6e586cc1499ab8f2395605d47\System.Web.Mobile.ni.dll
+ 2008-05-18 08:30:11	237,568	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\a5e6977e2145245a8ac5decaf4c844da\System.Web.RegularExpressions.ni.dll
+ 2008-05-18 08:30:09	1,941,504	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\62f57503e01529e718a1a1a430e8b5eb\System.Web.Services.ni.dll
+ 2008-05-18 08:30:07	12,185,600	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\5d730f6c1fcc3e23f9bbe300c7654722\System.Web.ni.dll
+ 2008-05-17 19:21:51	13,107,200	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3644e7269b251b7744d4580c6842ed78\System.Windows.Forms.ni.dll
+ 2008-05-17 19:21:56	5,623,808	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\ec7610b3d9dcf10e33431e5fc9b2b311\System.Xml.ni.dll
+ 2008-05-17 19:19:05	8,130,560	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\574b9fbe620d5a2497d846248b04c010\System.ni.dll
+ 2008-05-21 16:40:43	118,784	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VSLangProj\4c9bad4abffe06319efcc04a2c583c32\VSLangProj.ni.dll
+ 2008-05-22 15:21:55	118,784	----a-w	C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VSLangProj\591bd613b080424264d99179912a4710\VSLangProj.ni.dll
+ 2008-05-17 19:18:17	2,027,520	------w	C:\WINDOWS\assembly\temp\3CKSZ7EMT1\System.XML.dll
+ 2008-05-17 19:18:15	5,156,864	------w	C:\WINDOWS\assembly\temp\6FNV2AIPX4\System.Web.dll
+ 2008-05-17 19:18:11	258,048	------w	C:\WINDOWS\assembly\temp\KU19HOW4BJ\System.EnterpriseServices.dll
+ 2008-05-17 19:18:11	114,176	----a-w	C:\WINDOWS\assembly\temp\KU19HOW4BJ\System.EnterpriseServices.Wrapper.dll
+ 2008-05-17 19:18:23	2,940,928	------w	C:\WINDOWS\assembly\temp\KV2AHPW4CJ\System.dll
+ 2008-05-17 19:18:24	260,096	------w	C:\WINDOWS\assembly\temp\T3AJQY5DLS\System.Transactions.dll
+ 2008-05-17 19:18:17	2,902,016	------w	C:\WINDOWS\assembly\temp\V4CJRZ6ELT\System.Data.dll
+ 2008-05-17 19:18:23	413,696	------w	C:\WINDOWS\assembly\temp\Z9HOW3BIQY\System.configuration.dll
- 2008-05-14 16:35:47	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-05-23 18:11:04	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2006-10-30 09:50:16	134,400	------w	C:\WINDOWS\Driver Cache\i386\halmacpi.dll
- 2000-08-31 00:00:00	73,728	----a-w	C:\WINDOWS\fdsv.exe
+ 2000-08-31 00:00:00	89,504	----a-w	C:\WINDOWS\fdsv.exe
+ 2008-05-20 04:33:13	34,304	----a-r	C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
+ 2007-07-23 01:03:30	53,248	----a-w	C:\WINDOWS\system32\AgCPanelFrench.dll
+ 2007-07-23 01:03:30	53,248	----a-w	C:\WINDOWS\system32\AgCPanelGerman.dll
+ 2007-07-23 01:03:30	53,248	----a-w	C:\WINDOWS\system32\AgCPanelJapanese.dll
+ 2007-07-23 01:03:30	53,248	----a-w	C:\WINDOWS\system32\AgCPanelKorean.dll
+ 2007-07-23 01:03:30	53,248	----a-w	C:\WINDOWS\system32\AgCPanelPortugese.dll
+ 2007-07-23 01:03:30	53,248	----a-w	C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll
+ 2007-07-23 01:03:32	53,248	----a-w	C:\WINDOWS\system32\AgCPanelSpanish.dll
+ 2007-07-23 01:03:32	53,248	----a-w	C:\WINDOWS\system32\AgCPanelSwedish.dll
+ 2007-07-23 01:03:32	53,248	----a-w	C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll
+ 2007-07-24 00:20:06	207,405	----a-w	C:\WINDOWS\system32\AGEIA\AG1011\app.bin
+ 2007-05-16 00:42:42	122,249	----a-w	C:\WINDOWS\system32\AGEIA\AG1011\diag.bin
+ 2007-07-25 00:30:38	214,141	----a-w	C:\WINDOWS\system32\AGEIA\AG1021\app.bin
+ 2007-10-25 00:29:50	114,505	----a-w	C:\WINDOWS\system32\AGEIA\AG1021\diag.bin
+ 2007-09-12 23:43:00	120,320	-c--a-w	C:\WINDOWS\system32\DRVSTORE\PhysX32_FFB51AAB1A2BF852A002A5B1138133BBA89337D4\physX32.sys
- 2004-08-03 14:59:14	134,400	----a-w	C:\WINDOWS\system32\hal.dll
+ 2006-10-30 09:50:16	134,400	----a-w	C:\WINDOWS\system32\HAL.DLL
- 2008-05-14 16:28:48	233,978	----a-w	C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-05-23 18:10:16	233,978	----a-w	C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2007-10-08 14:32:50	121,156	----a-w	C:\WINDOWS\system32\perfc009.dat
+ 2008-05-20 16:34:58	121,156	----a-w	C:\WINDOWS\system32\perfc009.dat
- 2007-10-08 14:32:50	564,050	----a-w	C:\WINDOWS\system32\perfh009.dat
+ 2008-05-20 16:34:58	564,050	----a-w	C:\WINDOWS\system32\perfh009.dat
+ 2007-11-13 02:54:36	70,944	----a-w	C:\WINDOWS\system32\PhysXLoader.dll
- 2007-03-06 01:22:33	14,048	----a-w	C:\WINDOWS\system32\spmsg.dll
+ 2005-10-12 23:12:25	14,048	------w	C:\WINDOWS\system32\spmsg.dll
+ 2008-05-23 18:13:44	16,384	----atw	C:\WINDOWS\Temp\Perflib_Perfdata_424.dat
- 2007-10-08 14:27:06	258,048	----a-w	C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-05-20 16:34:41	258,048	----a-w	C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2007-10-08 14:27:06	114,176	----a-w	C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2008-05-20 16:34:41	114,176	----a-w	C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.


----------



## jefflimpc (Nov 13, 2007)

.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Creative Detector U"="C:\Program Files\Creative\MediaSource5\CTDetctu.exe" [2006-10-02 17:03 188416]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [ ]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-11-23 17:12 851968]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 21:57 289088]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-07-07 08:16 81920]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 17:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12 90112]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928]
"Logitech Utility"="Logi_MwX.Exe" [2004-03-03 17:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 14:11 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576]
"V0230Mon.exe"="C:\WINDOWS\system32\V0230Mon.exe" [2006-07-20 01:00 36961]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 13:03 53248]
"SideWinderTrayV4"="C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe" [2000-06-28 15:41 24649]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 13:20 190008]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26 489472]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-27 02:30 97357]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-06 03:08 115560]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\jefflimpc\Start Menu\Programs\Startup\
CoreCenter.lnk - C:\Program Files\MSI\Core Center\CoreCenter.exe [2007-04-08 02:28:34 931840]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-04-08 23:35:18 1183744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"G:\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 NcrBYNET;NcrBYNET;C:\WINDOWS\system32\drivers\NcrBYNET.sys [2000-11-01 14:31]
S2 BYNET;BYNET;C:\Program Files\NCR\BYNET Software\blmsvc.exe [2000-11-01 14:35]
S2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
S2 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2005-10-14 03:45]
S2 ONC RPC Portmapper;ONC RPC Portmapper;"C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe" [2003-01-20 15:09]
S2 PIPC Daemon;PIPC Daemon;"C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe" [2003-01-20 15:13]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"D:\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2005-10-14 03:44]
S2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-05-27 09:03]
S2 Seagate Sync Service;Seagate Sync Service;"C:\Program Files\Seagate\Sync\SeaSyncServices.exe" [2007-01-18 13:20]
S2 U3SHLPDR200;U3SHLPDR200;C:\WINDOWS\System32\Drivers\U3SHLPDR200.SYS [2007-05-31 23:12]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 GtwRsrvTdmst;Teradata GTW Reserve Port;"D:\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe" [2002-11-22 15:17]
S3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
S3 HwIOctl;HwIOctl;C:\Program Files\Setup Files\MS-7260 v1.60\HwIOctl.sys []
S3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
S3 Memctl;Memctl;C:\Program Files\Setup Files\MS-7260 v1.60\Memctl.sys []
S3 MicroStrategy Logging Client;MicroStrategy Logging Client;"D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCLogSvc.exe" -N -b -c C:20020 -a S:20009 -P "D:\MicroStrategy801\Narrowcast Server\Delivery Engine\CSGW_Connection_Config.txt" -C "D:\MicroStrategy801\Narrowcast Server\Delivery Engine\CSGW_Consumer_Config.txt" -Q 64 []
S3 MicroStrategy System Monitor;MicroStrategy System Monitor;"D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCMemUsg.EXE" [2005-07-19 12:42]
S3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\Core Center\NTGLM7X.sys [2006-07-13 18:04]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2004-10-25 14:40]
S3 PdeinetdService;Teradata inetd Service;"D:\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe" [2003-01-20 15:09]
S3 Pdesys;PDE Sys Driver;C:\WINDOWS\system32\drivers\pdesys.sys [2003-03-27 14:20]
S3 recond;Teradata Database Initiator (recond);"D:\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe" "-s" []
S3 RushTopDevice;RushTopDevice;C:\Program Files\MSI\Core Center\RushTop.sys [2006-07-13 11:48]
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 03:53]
S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;C:\WINDOWS\system32\DRIVERS\SWUSBFLT.sys [2001-08-17 14:02]
S3 TdqmServerService;TDQM Server;"C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe" [2002-11-26 13:55]
S3 V0230Vfx;V0230Vfx;C:\WINDOWS\system32\DRIVERS\V0230Vfx.sys [2006-03-24 01:00]
S3 V0230VID;Live! Cam Video IM Pro;C:\WINDOWS\system32\DRIVERS\V0230VID.sys [2006-07-25 01:00]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34be2470-0d64-11dd-996c-001617d766e4}]
\Shell\AutoRun\command - E:\WD_Windows_Tools\Setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 15:22:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-24 02:15:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MicroStrategy Logging Client]
"ImagePath"="\"D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCLogSvc.exe\" -N -b -c C:20020 -a S:20009 -P \"D:\MicroStrategy801\Narrowcast Server\Delivery Engine\CSGW_Connection_Config.txt\" -C \"D:\MicroStrategy801\Narrowcast Server\Delivery Engine\CSGW_Consumer_Config.txt\" -Q 64"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
Completion time: 2008-05-24 2:15:36
ComboFix-quarantined-files.txt 2008-05-23 18:15:31
ComboFix2.txt 2008-05-14 16:38:58

Pre-Run: 46,115,135,488 bytes free
Post-Run: 46,374,707,200 bytes free

647	--- E O F ---	2007-11-22 19:00:30


----------



## jefflimpc (Nov 13, 2007)

New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:34 AM, on 24-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
D:\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
D:\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: 203.96.63.155 mail.compudigm.co.nz
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {E59BB631-5F73-4002-825F-146921A178AA} (WebConf Control) - http://www.aculearn.com/aculearn-idm/dlls/webconf.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83CC77C4-A0F2-42A5-B33C-097131CAC7C0}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Amdkmod - Advanced Micro Devices - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - D:\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MicroStrategy Logging Client - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCLogSvc.exe
O23 - Service: MicroStrategy System Monitor - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCMemUsg.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 16659 bytes


----------



## Cookiegal (Aug 27, 2003)

Download *OTScanIt.exe *to your Desktop and double-click on it to extract the files. It will create a folder named *OTScanIt* on your desktop.

Close any open browsers.
Disconnect from the Internet.
Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of OTScanIt.
Open the *OTScanIt* folder and double-click on OTScanIt.exe to start the program.
Check the box that says *Scan All User Accounts*
Under Drivers select the radio button for *All*
Check the Radio buttons for Files/Folders Created Within *60 Days* and Files/Folders Modified Within *60 Days* 
Under Additional Scans check the following:
Reg - BotCheck
Reg - Disabled MS Config Items
File - Additional Folder Scans
Evnt - EventViewer Errors/Warnings (last 7 days)

Now click the *Run Scan* button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it automatically.
Save that Notepad file. Click the *Format* menu and make sure that *Word wrap* is not checked. If it is then click on it to uncheck it.
Use the *Reply* button and upload Notepad file here as an attachment please.


----------



## jefflimpc (Nov 13, 2007)

OTScanIt log attached...


----------



## Cookiegal (Aug 27, 2003)

Please take a look in this folder and let me know what files in contains please. If there are too many just give me a sampling of 4 or 5 of them.

C:\WINDOWS\*temp2*

Start *OTScanIt*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the OK button and Notepad will open with a log of actions taken during the fix. *Post that information back here along with a new HijackThis log please.



Code:


[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> LDM -> BackWeb-8876480.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe]
< Run [HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> LDM -> BackWeb-8876480.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 1 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 1 domain(s) and sub-domain(s) not assigned to a zone. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {0A94B111-4504-4e26-AB05-E61E474AA38B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL [Ask Search Assistant BHO]
YY -> {F4D76F01-7896-458a-890F-E1F05C46069F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskPBar\bar\1.bin\ASKPBAR.DLL [Ask Toolbar BHO]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> {F4D76F09-7896-458a-890F-E1F05C46069F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskPBar\bar\1.bin\ASKPBAR.DLL [Ask Toolbar]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YY -> WebBrowser\\{F4D76F09-7896-458A-890F-E1F05C46069F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskPBar\bar\1.bin\ASKPBAR.DLL [Ask Toolbar]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1003\] > -> HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\
YY -> WebBrowser\\{F4D76F09-7896-458A-890F-E1F05C46069F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskPBar\bar\1.bin\ASKPBAR.DLL [Ask Toolbar]
[Files/Folders - Created Within 60 days]
NY -> 1 C:\*.tmp files -> C:\*.tmp
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 60 days]
NY -> 1 C:\*.tmp files -> C:\*.tmp
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> 2 C:\Documents and Settings\jefflimpc\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\jefflimpc\Local Settings\Temp\*.tmp
NY -> 2 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]

*


----------



## jefflimpc (Nov 13, 2007)

I do not have a C:\Windows\Temp2 folder. I do have a C:\Windows\Temp folder. Attached is a snapshot of what's inside before and after I ran the fix...


----------



## jefflimpc (Nov 13, 2007)

OTScanIt log after running fix:

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LDM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LDM not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A94B111-4504-4e26-AB05-E61E474AA38B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A94B111-4504-4e26-AB05-E61E474AA38B}\ deleted successfully.
C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL unregistered successfully.
C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4D76F01-7896-458a-890F-E1F05C46069F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4D76F01-7896-458a-890F-E1F05C46069F}\ deleted successfully.
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL unregistered successfully.
C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{F4D76F09-7896-458a-890F-E1F05C46069F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4D76F09-7896-458a-890F-E1F05C46069F}\ not found.
File C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F4D76F09-7896-458A-890F-E1F05C46069F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4D76F09-7896-458A-890F-E1F05C46069F}\ not found.
File C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL not found.
Registry value HKEY_USERS\S-1-5-21-1606980848-602609370-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F4D76F09-7896-458A-890F-E1F05C46069F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4D76F09-7896-458A-890F-E1F05C46069F}\ not found.
File C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL not found.
[Files/Folders - Created Within 60 days]
C:\~QTWTMP.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\NV176192.TMP folder deleted successfully.
[Files/Folders - Modified Within 60 days]
File delete failed. C:\Documents and Settings\jefflimpc\Local Settings\Temp\JET50C6.tmp scheduled to be deleted on reboot.
C:\Documents and Settings\jefflimpc\Local Settings\Temp\nstA.tmp folder deleted successfully.
C:\WINDOWS\Temp\slu304f.tmp folder deleted successfully.
C:\WINDOWS\Temp\slu3052.tmp folder deleted successfully.
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\jefflimpc\Local Settings\Temp\JET50C6.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\jefflimpc\Local Settings\Temp\Perflib_Perfdata_179c.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\jefflimpc\Local Settings\Temp\Perflib_Perfdata_9a8.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\jefflimpc\Local Settings\Temp\Perflib_Perfdata_abc.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1608.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_b0c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_fa4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.14.3 fix logfile created on 05252008_230301

Files moved on Reboot...
File C:\Documents and Settings\jefflimpc\Local Settings\Temp\JET50C6.tmp not found!
File C:\Documents and Settings\jefflimpc\Local Settings\Temp\Perflib_Perfdata_179c.dat not found!
File C:\Documents and Settings\jefflimpc\Local Settings\Temp\Perflib_Perfdata_9a8.dat not found!
File C:\Documents and Settings\jefflimpc\Local Settings\Temp\Perflib_Perfdata_abc.dat not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_1608.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_b0c.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_fa4.dat not found!


----------



## jefflimpc (Nov 13, 2007)

New HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:19 PM, on 25-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\notepad.exe
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
D:\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
O1 - Hosts: 203.96.63.155 mail.compudigm.co.nz
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {E59BB631-5F73-4002-825F-146921A178AA} (WebConf Control) - http://www.aculearn.com/aculearn-idm/dlls/webconf.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83CC77C4-A0F2-42A5-B33C-097131CAC7C0}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Amdkmod - Advanced Micro Devices - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - D:\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MicroStrategy Logging Client - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCLogSvc.exe
O23 - Service: MicroStrategy System Monitor - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCMemUsg.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 16170 bytes


----------



## Cookiegal (Aug 27, 2003)

Please run a new OTScanIt scan as you did in post no. 56 so I can see if everything I saw is gone.


----------



## jefflimpc (Nov 13, 2007)

OTScanIt log attached.


----------



## Cookiegal (Aug 27, 2003)

*Click here* to download ATF Cleaner by Atribune and save it to your desktop.
Double-click *ATF-Cleaner.exe* to run the program. (Vista users right-click and slect "Run As Administrator").
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
*If you use Firefox:*
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


*If you use Opera:*
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*
[*]NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


Click *Exit* on the Main menu to close the program.

There are also a lot of errors showing in the Event Viewer so please do this:

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## jefflimpc (Nov 13, 2007)

Have ran the ATF Cleaner.

Below are the errors I found in Event Viewer within the last 48hrs:

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 25-05-2008
Time: 11:00:53 PM
User: N/A
Computer:	42SAR-K-P1
Description:
Hanging application CTCMSU.exe, version 5.2.13.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 43 54 43 4d 53 55 CTCMSU
0018: 2e 65 78 65 20 35 2e 32 .exe 5.2
0020: 2e 31 33 2e 30 20 69 6e .13.0 in
0028: 20 68 75 6e 67 61 70 70 hungapp
0030: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0038: 20 61 74 20 6f 66 66 73 at offs
0040: 65 74 20 30 30 30 30 30 et 00000
0048: 30 30 30 000

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 27-05-2008
Time: 1:22:08 AM
User: N/A
Computer:	42SAR-K-P1
Description:
Hanging application CTCMSU.exe, version 5.2.13.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 43 54 43 4d 53 55 CTCMSU
0018: 2e 65 78 65 20 35 2e 32 .exe 5.2
0020: 2e 31 33 2e 30 20 69 6e .13.0 in
0028: 20 68 75 6e 67 61 70 70 hungapp
0030: 20 30 2e 30 2e 30 2e 30 0.0.0.0
0038: 20 61 74 20 6f 66 66 73 at offs
0040: 65 74 20 30 30 30 30 30 et 00000
0048: 30 30 30 000

Event Type:	Error
Event Source:	Dhcp
Event Category:	None
Event ID:	1002
Date: 25-05-2008
Time: 10:38:02 PM
User: N/A
Computer:	42SAR-K-P1
Description:
The IP address lease 192.168.1.64 for the Network Card with network address 001617D766E4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7031
Date: 25-05-2008
Time: 10:56:48 PM
User: N/A
Computer:	42SAR-K-P1
Description:
The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Dhcp
Event Category:	None
Event ID:	1002
Date: 26-05-2008
Time: 12:17:38 PM
User: N/A
Computer:	42SAR-K-P1
Description:
The IP address lease 192.168.1.64 for the Network Card with network address 001617D766E4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Dhcp
Event Category:	None
Event ID:	1002
Date: 26-05-2008
Time: 9:28:34 PM
User: N/A
Computer:	42SAR-K-P1
Description:
The IP address lease 192.168.1.64 for the Network Card with network address 001617D766E4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7031
Date: 26-05-2008
Time: 9:56:40 PM
User: N/A
Computer:	42SAR-K-P1
Description:
The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7031
Date: 26-05-2008
Time: 9:56:57 PM
User: N/A
Computer:	42SAR-K-P1
Description:
The Symantec Endpoint Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7031
Date: 26-05-2008
Time: 10:00:08 PM
User: N/A
Computer:	42SAR-K-P1
Description:
The Symantec Endpoint Protection service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Dhcp
Event Category:	None
Event ID:	1002
Date: 27-05-2008
Time: 8:40:18 PM
User: N/A
Computer:	42SAR-K-P1
Description:
The IP address lease 192.168.1.64 for the Network Card with network address 001617D766E4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log.

How are things with the system now?


----------



## jefflimpc (Nov 13, 2007)

Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:28:22 PM, on 28-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\NCR\BYNET Software\blmsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
D:\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
D:\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
D:\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\system32\V0230Mon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\MediaSource5\CTDetctu.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
O1 - Hosts: 203.96.63.155 mail.compudigm.co.nz
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector U] "C:\Program Files\Creative\MediaSource5\CTDetctu.exe" /R
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {E59BB631-5F73-4002-825F-146921A178AA} (WebConf Control) - http://www.aculearn.com/aculearn-idm/dlls/webconf.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83CC77C4-A0F2-42A5-B33C-097131CAC7C0}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Amdkmod - Advanced Micro Devices - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BYNET - NCR - C:\Program Files\NCR\BYNET Software\blmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Teradata GTW Reserve Port (GtwRsrvTdmst) - NCR - D:\NCR\TDAT\TGTW\05.00.00.00\bin\GtwRsrvTdmst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MicroStrategy Logging Client - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCLogSvc.exe
O23 - Service: MicroStrategy System Monitor - MicroStrategy Incorporated - D:\MicroStrategy801\Narrowcast Server\Delivery Engine\MCMemUsg.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: ONC RPC Portmapper - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\portmap.exe
O23 - Service: Teradata inetd Service (PdeinetdService) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\pdeinetd.exe
O23 - Service: PIPC Daemon - Unknown owner - C:\Program Files\NCR\Teradata Warehouse Builder\bin\pipcd.exe
O23 - Service: Teradata Database Initiator (recond) (recond) - Unknown owner - D:\NCR\TDAT\PDE\05.00.00.11\bin\recond.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TDQM Server (TdqmServerService) - NCR - C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 16215 bytes


----------



## jefflimpc (Nov 13, 2007)

I was thinking that I shouldn't login to Messenger till this thing is resolved. Safe to do it now?


----------



## Cookiegal (Aug 27, 2003)

*R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O23 - Service: Amdkmod - Advanced Micro Devices - (no file)*

I would say it's time to see if there's still a problem.


----------



## jefflimpc (Nov 13, 2007)

Ok, will try it out...

Thanks a lot, you've been a great help!


----------



## Cookiegal (Aug 27, 2003)

You're welcome. Please do post back to this same thread if you encounter any problems over the next few days.

Here are some final instructions for you.

The following program will remove the tools we've used and their associated files and backups and then it will delete itself.

Please download *OTMoveIt2 by OldTimer*.

*Save* it to your *desktop*.
Make sure you have an Internet Connection.
Double-click *OTMoveIt.exe* to run it. (Vista users, please right-click on *OTMoveIt2.exe* and select "Run as an *Administrator*")
Click on the *CleanUp!* button
A list of tool components used in the cleanup of malware will be downloaded.
If your firewall or real-time protection attempts to block OTMoveIt2 to reach the Internet, please allow the application to do so.
Click Yes to begin the cleanup process and remove these components, including this application which will delete itself.
You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose *Yes.*

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading  *SPYWAREBLASTER* for added protection.

*Read here* for info on how to tighten your security.

Delete Temporary Files:

Go to *Start* - *Run* and type in *cleanmgr* and click OK. 
Let it scan your system for files to remove. 
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked. 
Press OK to remove them.

***

You should trim down your start-ups (these show as the 04 entries in your HijackThis log) as there are too many running. You can research them at these sites and if they arent required at start-up then you can uncheck them in msconfig via Start - Run - type msconfig click OK and then click on the start-up tab.

http://castlecops.com/StartupList.html
http://www.bleepingcomputer.com/startups/
http://www.windowsstartup.com/wso/index.php


----------



## jefflimpc (Nov 13, 2007)

Noted. Thanks again!


----------



## Cookiegal (Aug 27, 2003)

It's my pleasure.


----------

