Jump to content

Malwarebytes cannot remove Trojan.Vundo.H virus


Recommended Posts

Malwarebytes cannot remove the 4 infected objects from Trojan.Vundo.H virus on my laptop running XP professional. It says that those will be deleted on reboot but it does not happen and the same infected objects always show up on immediate re-scanning with Malwarebytes after reboot.

As suggested on the Malwarebytes help page, i am copying below the most recent Malwarebytes Anti-malware log file and the HijackThis log file.

Malwarebytes Anti-malware log file:

Malwarebytes' Anti-Malware 1.40

Database version: 2638

Windows 5.1.2600 Service Pack 2

8/20/2009 9:15:01 AM

mbam-log-2009-08-20 (09-15-01).txt

Scan type: Quick Scan

Objects scanned: 138246

Time elapsed: 10 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25a02b6f-9039-4a77-862a-331dbe2b8e94} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\txnsbpwr (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{25a02b6f-9039-4a77-862a-331dbe2b8e94} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\peggeug.dll (Trojan.Vundo.H) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 1:30:21 PM, on 8/20/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\RemoteSupportManager\DaMaint.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\RemoteSupportManager\DesktopAuthority.exe

C:\WINDOWS\system32\locator.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\RemoteSupportManager\RMGui.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\WINDOWS\system32\svchost.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\System32\TPHDEXLG.EXE

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Registry Mechanic\RegMech.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\RealVNC\vncviewer.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Spyware Doctor\pctsGui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://desktop.google.com/uninstall-feedback.html?hl=en

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll

O2 - BHO: (no name) - {25A02B6F-9039-4A77-862A-331DBE2B8E94} - c:\windows\system32\peggeug.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll

O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"

O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Remote Support Manager GUI] "C:\Program Files\RemoteSupportManager\rmgui.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

O4 - HKUS\S-1-5-21-3799410101-3337346180-4158169983-1909\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-3799410101-3337346180-4158169983-1909\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?')

O4 - HKUS\S-1-5-21-3799410101-3337346180-4158169983-1909\..\Run: [Google Update] "C:\Documents and Settings\kaushikr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')

O4 - HKUS\S-1-5-21-3799410101-3337346180-4158169983-1909\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')

O4 - HKUS\S-1-5-21-3799410101-3337346180-4158169983-1909\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')

O4 - HKUS\S-1-5-21-3799410101-3337346180-4158169983-1909\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')

O4 - HKUS\S-1-5-21-3799410101-3337346180-4158169983-2025\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-3799410101-3337346180-4158169983-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-4055016802-102347834-2544747134-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-21-4055016802-102347834-2544747134-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'user')

O4 - HKUS\S-1-5-21-4055016802-102347834-2544747134-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: VPN Client.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230970506343

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1231195788099

O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.co...agi3.0.84.2.cab

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://na.ntrsupport.com/inquiero/mod/setu...tivex118_28.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = open-silicon.com

O17 - HKLM\Software\..\Telephony: DomainName = open-silicon.com

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = open-silicon.com

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = open-silicon.com

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: DAinit.dll ilhxer.dll

O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

O20 - Winlogon Notify: txnsbpwr - C:\WINDOWS\SYSTEM32\peggeug.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Remote Support Manager Maintenance Service (DAMaint) - ScriptLogic Corporation - C:\Program Files\RemoteSupportManager\DaMaint.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Support Manager Service (RemoteSupportManager) - ScriptLogic Corporation - C:\Program Files\RemoteSupportManager\DesktopAuthority.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--

End of file - 19734 bytes

Link to post
Share on other sites

  • Staff

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Link to post
Share on other sites

Hi Mieke,

Thanks for your reply. As advised by you, I am posting the log report after running ComboFix. Please advise on the next steps.

ComboFix 09-08-21.02 - kaushikr 08/23/2009 0:07.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.374 [GMT 5.5:30]

Running from: c:\documents and settings\kaushikr.USLAPTOP84\Desktop\ComboFix.exe

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\recycler\S-1-5-21-0249434345-8430261702-435052847-1734

c:\recycler\S-1-5-21-0352476751-1465560766-405562394-3963

c:\recycler\S-1-5-21-0385465467-6729064479-674158266-2037

c:\recycler\S-1-5-21-0427686732-7618248150-493305925-5067

c:\recycler\S-1-5-21-0441379281-6739896528-760610157-5445

c:\recycler\S-1-5-21-1251947929-5327451133-151648700-3065

c:\recycler\S-1-5-21-1504338875-4180615457-731877383-1005

c:\recycler\S-1-5-21-1504338875-4180615457-731877383-500

c:\recycler\S-1-5-21-176802489-2647281098-3888138391-1008

c:\recycler\S-1-5-21-1851595302-0402482216-521588687-2242

c:\recycler\S-1-5-21-2681162694-3113383947-948753289-500

c:\recycler\S-1-5-21-2788221634-5016871480-507602517-3360

c:\recycler\S-1-5-21-2796324700-4344354361-997463830-6972

c:\recycler\S-1-5-21-3011191875-9001894311-539926240-7464

c:\recycler\S-1-5-21-3854764844-7669030216-699656737-1406

c:\recycler\S-1-5-21-4226699359-7758265904-260054836-8196

c:\recycler\S-1-5-21-47370044-3361868128-331293029-500

c:\recycler\S-1-5-21-4758125231-8305794422-251353725-9626

c:\recycler\S-1-5-21-4776308009-5643543179-025548948-5099

c:\recycler\S-1-5-21-4945853503-6821123424-194968872-5846

c:\recycler\S-1-5-21-4954019143-7928350927-824102327-7122

c:\recycler\S-1-5-21-4992958136-1245697705-387803322-5913

c:\recycler\S-1-5-21-5168299767-5972993917-067358068-0135

c:\recycler\S-1-5-21-6397425840-1374934049-858040790-7147

c:\recycler\S-1-5-21-6608885418-7006118751-093561555-4257

c:\recycler\S-1-5-21-7357876299-2731893408-562531109-0686

c:\recycler\S-1-5-21-7860223171-0968189188-475635837-8702

c:\recycler\S-1-5-21-8200665522-1082727903-033896651-0237

c:\recycler\S-1-5-21-8340876564-3634932267-204283766-9351

c:\recycler\S-1-5-21-9122583975-8563780428-929153954-3166

c:\recycler\S-1-5-21-9732652555-2460997042-371468874-7259

c:\recycler\S-1-5-21-9881065321-8022056448-280900329-6724

c:\recycler\S-1-5-21-9891554134-2204678747-024950227-5069

c:\windows\Installer\174fb08.msp

c:\windows\Installer\184b49d8.msi

c:\windows\Installer\191bbb0.msp

c:\windows\Installer\333ec89.msi

c:\windows\Installer\353e3.msi

c:\windows\Installer\362fb0a7.msp

c:\windows\Installer\362fb0b1.msp

c:\windows\Installer\362fb0ba.msp

c:\windows\Installer\387a4.msi

c:\windows\Installer\387aa.msp

c:\windows\Installer\4ce6e6.msi

c:\windows\Installer\57506c.msp

c:\windows\Installer\575076.msp

c:\windows\Installer\7658e.msp

c:\windows\Installer\765a4.msp

c:\windows\Installer\c7277f.msp

c:\windows\Installer\d92eb5.msi

c:\windows\Installer\ddb27.msi

c:\windows\Installer\ddb30.msi

c:\windows\Installer\f0ae61.msp

c:\windows\system32\drivers\psuindax.sys

c:\windows\system32\drivers\riydkyca.sys

c:\windows\system32\iibypuw.dll

c:\windows\system32\peggeug.dll

c:\windows\system32\shuigtwd.dll

c:\windows\system32\woumgyou.ini

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_RIYDKYCA

-------\Service_riydkyca

((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))

.

2009-08-22 14:48 . 2004-08-03 17:40 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys

2009-08-22 14:48 . 2004-08-03 17:40 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys

2009-08-22 14:48 . 2004-08-03 17:40 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys

2009-08-22 14:48 . 2004-08-03 17:40 15360 ----a-w- c:\windows\system32\dllcache\streamip.sys

2009-08-22 14:48 . 2004-08-03 17:40 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys

2009-08-22 14:48 . 2004-08-03 17:40 11136 ----a-w- c:\windows\system32\dllcache\slip.sys

2009-08-22 14:48 . 2004-08-03 17:40 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS

2009-08-22 14:48 . 2004-08-03 17:40 19328 ----a-w- c:\windows\system32\dllcache\wstcodec.sys

2009-08-22 14:48 . 2004-08-03 17:40 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys

2009-08-22 14:48 . 2004-08-03 17:40 85376 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys

2009-08-22 14:47 . 2004-08-03 17:40 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys

2009-08-22 14:47 . 2004-08-03 17:40 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys

2009-08-22 14:47 . 2005-01-31 10:04 2180096 ----a-r- c:\windows\system32\drivers\lvsvf2.sys

2009-08-22 14:47 . 2004-08-03 19:26 53760 ----a-w- c:\windows\system32\vfwwdm32.dll

2009-08-22 14:47 . 2004-08-03 19:26 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll

2009-08-22 14:28 . 2009-08-22 14:28 -------- d-----w- c:\documents and settings\kaushikr.USLAPTOP84\Local Settings\Application Data\WMTools Downloaded Files

2009-08-22 14:23 . 2005-01-31 10:12 22016 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys

2009-08-22 14:23 . 2005-01-31 10:00 106496 ----a-r- c:\windows\system32\lvcoinst.dll

2009-08-22 14:23 . 2005-01-31 10:18 372736 ----a-r- c:\windows\system32\LVUI2RC.dll

2009-08-22 14:23 . 2005-01-31 10:10 204800 ----a-r- c:\windows\system32\LVUI2.dll

2009-08-22 14:23 . 2005-01-31 10:08 204800 ----a-r- c:\windows\system32\lvcodec2.dll

2009-08-22 14:23 . 2005-01-31 10:20 211712 ----a-r- c:\windows\system32\drivers\LV561AV.SYS

2009-08-22 14:19 . 2009-08-22 14:19 -------- d-----w- c:\documents and settings\kaushikr.USLAPTOP84\Application Data\FotoWire

2009-08-22 14:19 . 2009-08-22 14:19 -------- d-----w- c:\program files\Common Files\FotoWire

2009-08-22 14:18 . 2004-10-08 07:16 53248 ----a-r- c:\windows\system32\InstMed.exe

2009-08-22 11:18 . 2009-08-22 11:18 -------- d-----w- c:\documents and settings\kaushikr.USLAPTOP84\Local Settings\Application Data\Logitech-LS

2009-08-22 10:48 . 2009-08-22 14:17 -------- d-----w- c:\program files\Common Files\Logitech

2009-08-22 10:47 . 2009-08-22 14:19 -------- d-----w- c:\program files\Logitech

2009-08-22 10:44 . 2009-08-22 10:44 -------- d-----w- c:\documents and settings\kaushikr.USLAPTOP84\Local Settings\Application Data\Apple Computer

2009-08-20 07:59 . 2009-08-20 07:59 -------- d-----w- c:\program files\Trend Micro

2009-08-20 07:28 . 2009-08-20 07:28 -------- d-----w- c:\documents and settings\kaushikr.USLAPTOP84\Local Settings\Application Data\Help

2009-08-19 08:58 . 2009-03-31 05:53 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys

2009-08-19 08:58 . 2009-03-31 05:53 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys

2009-08-19 08:58 . 2009-03-31 05:53 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys

2009-08-19 08:58 . 2009-03-31 05:53 51488 ----a-w- c:\windows\system32\drivers\TfFsMon.sys

2009-08-18 19:13 . 2008-12-11 03:08 159600 ------w- c:\windows\system32\drivers\pctgntdi.sys

2009-08-18 19:13 . 2009-04-03 04:48 130936 ------w- c:\windows\system32\drivers\PCTCore.sys

2009-08-18 19:13 . 2008-12-18 05:46 73840 ------w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-08-18 19:13 . 2009-08-22 18:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-18 19:13 . 2009-08-18 19:34 -------- d-----w- c:\program files\Common Files\PC Tools

2009-08-18 19:13 . 2008-12-10 06:06 64392 ------w- c:\windows\system32\drivers\pctplsg.sys

2009-08-18 19:12 . 2009-08-22 12:11 -------- d-----w- c:\program files\Spyware Doctor

2009-08-18 19:12 . 2009-08-19 08:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2009-08-18 19:12 . 2009-08-18 19:12 -------- d-----w- c:\documents and settings\kaushikr.USLAPTOP84\Application Data\PC Tools

2009-08-18 05:07 . 2009-08-18 05:07 45056 ------w- c:\windows\NCUNINST.EXE

2009-08-18 05:05 . 2002-08-09 12:41 53248 ------w- c:\windows\system32\hpbmmon.dll

2009-08-18 05:05 . 2001-07-31 03:47 94274 ------w- c:\windows\system32\HPBHealr.dll

2009-08-18 05:05 . 2000-03-23 05:55 58368 ------w- c:\windows\system32\hpdomon.dll

2009-08-18 05:02 . 2009-08-18 05:02 -------- d-----w- c:\program files\Common Files\SWF Studio

2009-08-17 18:12 . 2009-08-17 18:12 -------- d-sh--w- c:\documents and settings\kaushikr.USLAPTOP84\PrivacIE

2009-08-17 18:12 . 2009-08-17 18:12 -------- d-sh--w- c:\documents and settings\kaushikr.USLAPTOP84\IETldCache

2009-08-15 18:24 . 2009-08-15 18:24 56 ---h--w- c:\windows\system32\ezsidmv.dat

2009-08-15 18:24 . 2009-08-22 15:12 -------- d-----w- c:\documents and settings\kaushikr.USLAPTOP84\Application Data\skypePM

2009-08-15 18:20 . 2009-08-22 18:16 -------- d-----w- c:\documents and settings\kaushikr.USLAPTOP84\Application Data\Skype

2009-08-15 18:18 . 2009-08-15 18:18 -------- d-----w- c:\program files\Common Files\Skype

2009-08-15 18:18 . 2009-08-15 18:20 -------- d-----r- c:\program files\Skype

2009-08-15 18:18 . 2009-08-15 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-08-13 21:35 . 2009-08-13 21:35 -------- d-----w- c:\windows\ServicePackFiles

2009-08-13 04:36 . 2009-06-09 15:06 1871872 ------w- c:\windows\system32\dllcache\mstscax.dll

2009-08-08 02:38 . 2009-08-08 02:38 -------- d-----w- c:\documents and settings\kaushikr.USLAPTOP84\Local Settings\Application Data\Mozilla

2009-08-08 02:26 . 2009-08-08 02:41 -------- d-----w- c:\documents and settings\kaushikr.USLAPTOP84\Local Settings\Application Data\Adobe

2009-08-08 02:23 . 2009-08-08 02:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2009-08-07 19:43 . 2009-08-07 19:43 -------- d-----w- c:\documents and settings\kaushikr.USLAPTOP84\Application Data\Yahoo!

2009-08-07 19:33 . 2009-08-07 19:33 -------- d-----w- c:\documents and settings\kaushikr.USLAPTOP84\Application Data\Malwarebytes

2009-08-07 05:17 . 2009-08-07 05:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\vflesaqt

2009-08-07 05:17 . 2009-08-07 05:17 -------- d-----w- c:\documents and settings\NetworkService\Application Data\vflesaqt

2009-08-06 19:16 . 2009-08-06 19:16 87888 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0c06.vdb\NAVENG.SYS

2009-08-06 19:16 . 2009-08-06 19:16 875728 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0c06.vdb\NAVEX15.SYS

2009-08-06 19:16 . 2009-08-06 19:16 371248 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0c06.vdb\eeCtrl.sys

2009-08-06 19:16 . 2009-08-06 19:16 259368 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0c06.vdb\ecmsvr32.dll

2009-08-06 19:16 . 2009-08-06 19:16 2414128 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0c06.vdb\cceraser.dll

2009-08-06 19:16 . 2009-08-06 19:16 177520 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0c06.vdb\NAVENG32.DLL

2009-08-06 19:16 . 2009-08-06 19:16 1181040 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0c06.vdb\NAVEX32A.DLL

2009-08-06 19:16 . 2009-08-06 19:16 101936 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2e0c06.vdb\ERASER.SYS

2009-08-06 18:30 . 2009-08-06 18:30 -------- d-----w- c:\documents and settings\kaushikr\Local Settings\Application Data\vflesaqt

2009-08-06 18:30 . 2009-08-06 18:30 -------- d-----w- c:\documents and settings\kaushikr\Application Data\vflesaqt

2009-08-06 14:34 . 2009-08-06 14:34 24576 ------w- c:\windows\system32\VundoFixSVC.exe

2009-08-06 14:10 . 2009-08-17 16:31 -------- d-----w- C:\VundoFix Backups

2009-08-05 15:29 . 2009-08-06 00:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\SITEguard

2009-08-05 15:28 . 2009-08-17 10:12 -------- d-----w- c:\program files\STOPzilla!

2009-08-05 15:28 . 2009-08-05 15:28 -------- d-----w- c:\program files\Common Files\iS3

2009-08-05 15:28 . 2009-08-19 14:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\STOPzilla!

2009-08-05 09:11 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

2009-08-05 05:00 . 2009-08-05 05:00 -------- d-----w- c:\windows\system32\InstallShield Installation Information

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-22 18:44 . 2008-10-01 23:05 12 ----a-w- c:\windows\bthservsdp.dat

2009-08-22 18:44 . 2008-09-26 21:36 -------- d-----w- c:\program files\RemoteSupportManager

2009-08-22 18:29 . 2007-01-18 19:39 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS

2009-08-22 10:47 . 2007-01-18 19:17 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-19 14:32 . 2007-04-26 22:29 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2009-08-19 09:32 . 2009-08-19 09:32 120 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg

2009-08-19 09:32 . 2009-08-19 09:32 666 ----a-w- c:\program files\slwfhgje.txt

2009-08-18 05:04 . 2008-02-25 01:54 -------- d-----w- c:\program files\Hewlett-Packard

2009-08-17 16:31 . 2008-03-14 02:05 -------- d-----w- c:\documents and settings\kaushikr\Application Data\InterVideo

2009-08-17 16:31 . 2007-04-24 00:31 -------- d-----w- c:\documents and settings\kaushikr\Application Data\Intel

2009-08-17 08:03 . 2009-01-05 17:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-17 08:03 . 2009-01-05 17:50 3942047 ------w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-08-13 21:35 . 2007-10-06 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-08 02:26 . 2009-08-08 02:25 142 ------w- c:\documents and settings\kaushikr.USLAPTOP84\Local Settings\Application Data\fusioncache.dat

2009-08-08 01:46 . 2007-03-31 10:00 -------- d-----w- c:\documents and settings\user.USLAPTOP77\Application Data\Lenovo

2009-08-08 01:46 . 2009-08-08 02:25 -------- d-----w- c:\documents and settings\kaushikr.USLAPTOP84\Application Data\Lenovo

2009-08-08 01:46 . 2009-02-12 21:07 -------- d-----w- c:\documents and settings\nableadmin\Application Data\Lenovo

2009-08-08 01:46 . 2008-10-29 23:42 -------- d-----w- c:\documents and settings\administrator.OPEN-SILICON\Application Data\Lenovo

2009-08-08 01:46 . 2007-04-24 00:31 -------- d-----w- c:\documents and settings\kaushikr\Application Data\Lenovo

2009-08-08 01:46 . 2007-03-20 14:35 -------- d-----w- c:\documents and settings\user\Application Data\Lenovo

2009-08-08 01:46 . 2007-01-18 19:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Lenovo

2009-08-08 01:43 . 2007-01-18 19:38 -------- d-----w- c:\program files\TVT SMBus

2009-08-08 01:43 . 2007-01-18 19:18 -------- d-----w- c:\program files\ThinkVantage Fingerprint Software

2009-08-08 01:42 . 2007-01-18 19:31 -------- d-----w- c:\program files\Symantec

2009-08-08 01:42 . 2007-03-24 14:03 -------- d-----w- c:\program files\RealVNC

2009-08-08 01:42 . 2007-01-18 19:38 -------- d-----w- c:\program files\SMI2

2009-08-08 01:42 . 2007-01-18 19:30 -------- d-----w- c:\program files\PCDR5

2009-08-08 01:42 . 2007-01-18 19:20 -------- d-----w- c:\program files\NetWaiting

2009-08-08 01:41 . 2007-01-18 19:20 -------- d-----w- c:\program files\Digital Line Detect

2009-08-08 01:41 . 2007-01-18 19:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-08 01:41 . 2007-01-18 19:31 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-08 01:41 . 2007-01-18 19:29 -------- d-----w- c:\program files\Common Files\SureThing Shared

2009-08-08 01:41 . 2007-01-18 19:29 -------- d-----w- c:\program files\Common Files\Sonic Shared

2009-08-08 01:40 . 2007-03-31 10:00 -------- d-----w- c:\documents and settings\user.USLAPTOP77\Application Data\OfficeUpdate12

2009-08-08 01:40 . 2007-04-24 00:31 -------- d-----w- c:\documents and settings\kaushikr\Application Data\OfficeUpdate12

2009-08-08 01:39 . 2007-03-27 16:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\OfficeUpdate12

2009-08-08 01:32 . 2008-04-29 17:50 -------- d-----w- c:\program files\WinSCP

2009-08-08 01:32 . 2007-01-18 19:14 -------- d-----w- c:\program files\Windows Media Connect 2

2009-08-08 01:31 . 2008-10-31 05:05 -------- d-----w- c:\program files\Replay Music 3

2009-08-08 01:31 . 2008-01-20 08:59 -------- d-----w- c:\program files\QuickTime

2009-08-08 01:31 . 2008-09-19 08:12 -------- d-----w- c:\program files\NetBeans 6.1

2009-08-08 01:31 . 2009-03-25 21:36 -------- d-----w- c:\program files\Microsoft Works

2009-08-08 01:30 . 2008-05-28 01:09 -------- d-----w- c:\program files\iTunes

2009-08-08 01:30 . 2008-01-17 04:48 -------- d-----w- c:\program files\eMusic Download Manager

2009-08-08 01:29 . 2009-01-05 17:52 -------- d-----w- c:\program files\CCleaner

2009-08-08 01:29 . 2009-02-12 06:52 -------- d-----w- c:\program files\audiograbber

2009-08-08 01:29 . 2008-05-28 01:09 -------- d-----w- c:\program files\Bonjour

2009-08-08 01:29 . 2008-11-04 01:19 -------- d-----w- c:\program files\Apple Software Update

2009-08-08 01:28 . 2009-02-12 21:07 -------- d-----w- c:\documents and settings\nableadmin\Application Data\OfficeUpdate12

2009-08-08 01:28 . 2009-04-10 19:34 -------- d-----w- c:\documents and settings\kaushikr\Application Data\ntr

2009-08-08 01:28 . 2008-06-23 20:53 -------- d-----w- c:\documents and settings\kaushikr\Application Data\Move Networks

2009-08-08 01:28 . 2008-05-28 01:10 -------- d-----w- c:\documents and settings\kaushikr\Application Data\Apple Computer

2009-08-08 01:28 . 2007-09-06 23:53 -------- d-----w- c:\documents and settings\kaushikr\Application Data\CodecX

2009-08-08 01:28 . 2007-05-14 21:53 -------- d-----w- c:\documents and settings\kaushikr\Application Data\AdobeUM

2009-08-08 01:28 . 2008-10-29 23:42 -------- d-----w- c:\documents and settings\administrator.OPEN-SILICON\Application Data\OfficeUpdate12

2009-08-08 01:27 . 2008-03-28 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2009-08-08 01:27 . 2007-01-18 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lenovo

2009-08-07 19:43 . 2007-10-28 03:14 -------- d-----w- c:\program files\Yahoo!

2009-08-07 19:41 . 2007-01-18 19:24 -------- d-----w- c:\program files\Google

2009-08-05 09:11 . 2006-04-30 06:55 204800 ------w- c:\windows\system32\mswebdvd.dll

2009-08-03 08:06 . 2009-01-05 17:49 38160 ------w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 08:06 . 2009-01-05 17:49 19096 ------w- c:\windows\system32\drivers\mbam.sys

2009-07-20 16:30 . 2009-07-20 16:30 -------- d---a-w- c:\documents and settings\kaushikr\Application Data\Downloaded Installations

2009-07-20 09:27 . 2009-07-20 09:27 17408 ------r- c:\windows\system32\SZIO5.dll

2009-07-20 09:26 . 2009-07-20 09:26 311296 ------r- c:\windows\system32\SZBase5.dll

2009-07-20 09:26 . 2009-07-20 09:26 540672 ------r- c:\windows\system32\SZComp5.dll

2009-07-17 18:55 . 2006-04-30 06:55 58880 ------w- c:\windows\system32\atl.dll

2009-07-14 23:00 . 2009-07-14 23:00 87888 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ddc04.vdb\NAVENG.SYS

2009-07-14 23:00 . 2009-07-14 23:00 875728 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ddc04.vdb\NAVEX15.SYS

2009-07-14 23:00 . 2009-07-14 23:00 371248 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ddc04.vdb\eeCtrl.sys

2009-07-14 23:00 . 2009-07-14 23:00 259368 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ddc04.vdb\ecmsvr32.dll

2009-07-14 23:00 . 2009-07-14 23:00 2414128 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ddc04.vdb\cceraser.dll

2009-07-14 23:00 . 2009-07-14 23:00 177520 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ddc04.vdb\NAVENG32.DLL

2009-07-14 23:00 . 2009-07-14 23:00 1181040 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ddc04.vdb\NAVEX32A.DLL

2009-07-14 23:00 . 2009-07-14 23:00 101936 ------w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\I2_LDVP.VDB\vd2ddc04.vdb\ERASER.SYS

2009-07-13 18:13 . 2006-04-30 06:56 286208 ------w- c:\windows\system32\wmpdxm.dll

2009-07-09 10:22 . 2009-07-09 10:22 126976 ------r- c:\windows\system32\IS3HTUI5.dll

2009-07-09 10:22 . 2009-07-09 10:22 393216 ------r- c:\windows\system32\IS3DBA5.dll

2009-07-09 10:21 . 2009-07-09 10:21 385024 ------r- c:\windows\system32\IS3UI5.dll

2009-07-09 10:21 . 2009-07-09 10:21 61440 ------r- c:\windows\system32\IS3Hks5.dll

2009-07-09 10:21 . 2009-07-09 10:21 23040 ------r- c:\windows\system32\IS3XDat5.dll

2009-07-09 10:20 . 2009-07-09 10:20 225280 ------r- c:\windows\system32\IS3Win325.dll

2009-07-09 10:20 . 2009-07-09 10:20 94208 ------r- c:\windows\system32\IS3Inet5.dll

2009-07-09 10:20 . 2009-07-09 10:20 90112 ------r- c:\windows\system32\IS3Svc5.dll

2009-07-09 10:17 . 2009-07-09 10:17 724992 ------r- c:\windows\system32\IS3Base5.dll

2009-06-25 18:36 . 2006-04-30 06:55 95744 ------w- c:\windows\system32\mqsec.dll

2009-06-25 18:36 . 2006-04-30 06:55 661504 ------w- c:\windows\system32\mqqm.dll

2009-06-25 18:36 . 2006-04-30 06:55 517120 ------w- c:\windows\system32\mqsnap.dll

2009-06-25 18:36 . 2006-04-30 06:55 48640 ------w- c:\windows\system32\mqupgrd.dll

2009-06-25 18:36 . 2006-04-30 06:55 471552 ------w- c:\windows\system32\mqutil.dll

2009-06-25 18:36 . 2006-04-30 06:55 47104 ------w- c:\windows\system32\mqdscli.dll

2009-06-25 18:36 . 2006-04-30 06:55 225280 ------w- c:\windows\system32\mqoa.dll

2009-06-25 18:36 . 2006-04-30 06:55 186880 ------w- c:\windows\system32\mqtrig.dll

2009-06-25 18:36 . 2006-04-30 06:55 177152 ------w- c:\windows\system32\mqrt.dll

2009-06-25 18:36 . 2006-04-30 06:55 16896 ------w- c:\windows\system32\mqise.dll

2009-06-25 18:36 . 2006-04-30 06:55 138240 ------w- c:\windows\system32\mqad.dll

2009-06-25 18:36 . 2006-04-30 06:55 123392 ------w- c:\windows\system32\mqrtdep.dll

2009-06-25 08:17 . 2006-04-30 06:56 59392 ------w- c:\windows\system32\wdigest.dll

2009-06-25 08:17 . 2006-04-30 06:55 56320 ------w- c:\windows\system32\secur32.dll

2009-06-25 08:17 . 2006-04-30 06:55 168448 ------w- c:\windows\system32\schannel.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]

"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 110592]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 512000]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]

"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]

"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]

"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696]

"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 41472]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-11-08 802816]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-11-08 696320]

"vptray"="c:\progra~1\SYMANT~2\SYMANT~1\vptray.exe" [2002-07-30 77824]

"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-13 185896]

"pdfFactory Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2008-04-18 520192]

"Remote Support Manager GUI"="c:\program files\RemoteSupportManager\rmgui.exe" [2008-05-04 460720]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]

"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]

"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]

"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2006-03-16 106496]

"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-6-1 622653]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-1-19 24576]

VPN Client.lnk - c:\windows\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico [2007-3-24 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]

2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2006-04-26 03:20 40448 ------w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\DAinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"szserver"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Administrator\\Desktop\\putty.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=

"c:\\j2sdk1.4.2_17\\bin\\tnameserv.exe"=

"c:\\Program Files\\Java\\jdk1.6.0_05\\bin\\java.exe"=

"c:\\Program Files\\Java\\jdk1.6.0_05\\jre\\bin\\java.exe"=

"%windir%\\system32\\drivers\\svchost.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1153:UDP"= 1153:UDP:Windows Media Format SDK (iexplore.exe)

"1152:UDP"= 1152:UDP:Windows Media Format SDK (iexplore.exe)

"1155:UDP"= 1155:UDP:Windows Media Format SDK (iexplore.exe)

"4617:UDP"= 4617:UDP:Windows Media Format SDK (iexplore.exe)

"4616:UDP"= 4616:UDP:Windows Media Format SDK (iexplore.exe)

"1433:TCP"= 1433:TCP:sql

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/19/2009 12:43 AM 130936]

R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [1/19/2007 12:47 AM 88576]

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [5/12/2009 2:13 PM 61328]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [8/19/2009 2:28 PM 51488]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [8/19/2009 2:28 PM 39200]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/19/2009 12:43 AM 159600]

R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [1/19/2007 12:47 AM 4736]

R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [1/19/2007 12:47 AM 4442]

R2 DAInfo;Remote Support Manager Kernel Information Provider;c:\program files\RemoteSupportManager\DAinfo.sys [5/5/2008 2:33 AM 12080]

R2 DAMaint;Remote Support Manager Maintenance Service;c:\program files\RemoteSupportManager\DaMaint.exe [5/5/2008 2:33 AM 63408]

R2 DAtf;Remote Support Manager Token Factory;c:\program files\RemoteSupportManager\DAtf.sys [5/5/2008 2:33 AM 11184]

R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/14/2006 5:35 AM 58368]

R2 RemoteSupportManager;Remote Support Manager Service;c:\program files\RemoteSupportManager\DesktopAuthority.exe [5/5/2008 2:32 AM 1312688]

R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/15/2006 5:25 AM 3968]

R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [4/26/2006 8:30 AM 3456]

R3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [5/5/2008 2:33 AM 9264]

S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [8/19/2009 12:43 AM 64392]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/19/2009 12:43 AM 348752]

S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [8/19/2009 2:28 PM 33056]

S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - RIYDKYCA

*Deregistered* - riydkyca

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A27BB37-D90E-4842-0D41-0B18D033B4DE}]

c:\windows\system32\stream.exe

.

Contents of the 'Scheduled Tasks' folder

2009-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3799410101-3337346180-4158169983-1909Core.job

- c:\documents and settings\kaushikr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 20:42]

2009-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3799410101-3337346180-4158169983-1909UA.job

- c:\documents and settings\kaushikr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 20:42]

2009-08-22 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-01-18 16:13]

2007-03-20 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-01-18 01:32]

2009-08-22 c:\windows\Tasks\User_Feed_Synchronization-{AAA90938-5FEF-4E98-8897-2676013880B2}.job

- c:\windows\system32\msfeedssync.exe [2009-01-15 10:01]

.

- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://desktop.google.com/uninstall-feedback.html?hl=en

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

TCP: {8822E137-B2FC-462E-855E-B5BC7E167EDA} = 192.168.2.4,202.56.250.6

FF - ProfilePath - c:\documents and settings\kaushikr.USLAPTOP84\Application Data\Mozilla\Firefox\Profiles\my4xxkgr.default\

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-23 00:16

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)

c:\windows\system32\vrlogon.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\infra.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\windows\system32\biologon.dll

c:\program files\ThinkVantage Fingerprint Software\homepass.dll

c:\program files\ThinkVantage Fingerprint Software\bio.dll

c:\program files\ThinkVantage Fingerprint Software\remote.dll

c:\windows\system32\tphklock.dll

c:\program files\ThinkVantage Fingerprint Software\crypto.dll

c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'lsass.exe'(864)

c:\windows\system32\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\infra.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll

- - - - - - - > 'explorer.exe'(4256)

c:\windows\system32\SynTPFcs.dll

c:\windows\system32\PROCHLP.DLL

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\program files\WinSCP\DragExt.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\system32\IPSSVC.EXE

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\HPZipm12.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\locator.exe

c:\program files\Lenovo\System Update\SUService.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\windows\system32\TPHDEXLG.exe

c:\windows\system32\TpKmpSvc.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Common Files\Lenovo\Logger\logmon.exe

c:\windows\system32\rundll32.exe

c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.exe

c:\program files\ThinkPad\UltraNav Wizard\UNavTray.exe

c:\windows\system32\rundll32.exe

c:\program files\Logitech\Video\FxSvr2.exe

c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe

c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe

c:\program files\ATI Technologies\ATI.ACE\CLI.exe

.

**************************************************************************

.

Completion time: 2009-08-22 0:23 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-22 18:53

Pre-Run: 29,123,604,480 bytes free

Post-Run: 29,086,896,128 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

521 --- E O F --- 2009-08-21 21:30

Link to post
Share on other sites

  • Staff

Hi,

This looks OK again.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

Link to post
Share on other sites

Hi Mieke,

Thanks again for your reply.

After running the command ComboFix /u, there was a message window which said ComboFix is uninstalled.

I ran Malwarebytes Anti-Malware again and this time there were no malicious items detected. I guess this fixes the issue.

Thanks for your help.

Kaushik

Link to post
Share on other sites

  • Staff

Glad I could help. :lol:

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

Link to post
Share on other sites

  • Staff

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.