WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

AdAware SEPlus but still problems

Started by MGT , Feb 03 2006 11:59 PM

This topic is locked

11 replies to this topic

#1 MGT

New Member

Authentic Member
10 posts

Posted 03 February 2006 - 11:59 PM

Where do I go from here? Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 12:38:53 AM, on 2/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\trcboot.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\C4ebreg\isamsmt.exe
c:\sdwork\issimsvc.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\progra~1\c4ebreg\c4ebreg.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\progra~1\c4ebreg\isamtray.exe
C:\Program Files\Palm\inboxtogo-watch.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\Program Files\Palm\inboxtogo-agent.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Ddrive\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Ddrive\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [QCWLIcon] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [EasySync Pro - LtNts4] C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
O4 - HKLM\..\Run: [EasySync Pro] C:\Program Files\Common Files\XCPCMenu.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TeaTimer] C:\Ddrive\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [ISAMTray] "C:\progra~1\c4ebreg\isamtray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Ddrive\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Mail.lnk = C:\Program Files\Palm\inboxtogo-watch.exe
O4 - Global Startup: Enable tray menu for Lotus Notes Synchronization.lnk = C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{232FAC1A-FD6B-4B74-B129-6F58AE26C936}: Domain = ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = raleigh.ibm.com,ibm.com,boulder.ibm.com,pok.ibm.com,ibmus2.ibm.com,
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = raleigh.ibm.com,ibm.com,boulder.ibm.com,pok.ibm.com,ibmus2.ibm.com,
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - IBM Global Services - C:\Program Files\C4ebreg\isamsmt.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: ldlcserv - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrcBoot - IBM Corporation - C:\WINDOWS\System32\drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Advertisements

Register to Remove

#2 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 13 February 2006 - 10:10 PM

Please disable Teatimer or it could block any fixes. Tutorial here >>>> http://russelltexas....re/teatimer.htm

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#3 MGT

New Member

Authentic Member
10 posts

Posted 17 February 2006 - 07:17 PM

I ran e-wido and a new hijackthis log. Both are attached below. The e-wido removed 100 threats.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:58:35 PM, 2/17/2006
+ Report-Checksum: D96C0187

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Adware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Adware.SearchRelevancy : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\taor\ezw-102.0000 -> Adware.EZula : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@bellglobemediapublishing.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@cochranfirm.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wfk4chcjmbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wfk4enc5iep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wfk4qhc5alo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wfkywpajcfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wfl4wkd5shp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wfliqld5ebo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wfloepc5afp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wfmiklcjslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wfmyqhcpslo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wgkiemcpwfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wgkogmd5seo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wgl4glc5abo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjk4wpajefp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjkogodjwcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjkokpdzilp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjkowkcjcdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjkyehdzoap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjkyeoczgbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjkyuid5ckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjl4alczafq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjl4shazclp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjlikjajskq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjlikjcjmcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjlisjd5wko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjloshdjalq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjmieoczwap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjmyemcjeeq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjmyghd5eaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjny-1kazml.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjny-1pc5al.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjnyckc5geo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjnyejdzglp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjnyghdpwep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjnyolcpkeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@e-2dj6wjnyqgcpmeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@gmditech.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@gmgmacmortgage.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@mads.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@polo.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@preferredhotelgroup.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@sec1.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@tribuneinteractive.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\markgarvin@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\ezw.exe -> Adware.EZula : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\~225167.tmp -> Adware.Wintol : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\~431950.tmp -> Adware.Wintol : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\~612294.tmp -> Adware.Wintol : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\~631623.tmp -> Adware.Wintol : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\~738569.tmp -> Adware.Wintol : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\~781965.tmp -> Adware.Wintol : Cleaned with backup
C:\Program Files\SearchRelevant\SearchRelevant.dll -> Adware.Relevance : Cleaned with backup
C:\Program Files\Windows AdStatus\WinStatKeep.exe -> Adware.WinAD : Cleaned with backup
C:\Program Files\Windows ServeAd\WinAtServ.dll -> Adware.WinAD : Cleaned with backup
C:\WINDOWS\system32\arpa.exe -> Adware.PurityScan : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 8:11:04 PM, on 2/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\C4ebreg\isamsmt.exe
C:\WINDOWS\Explorer.EXE
c:\sdwork\issimsvc.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\progra~1\c4ebreg\c4ebreg.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Ddrive\Spybot - Search & Destroy\TeaTimer.exe
C:\progra~1\c4ebreg\isamtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\sdwork\w32main2.exe
C:\Program Files\Palm\inboxtogo-watch.exe
C:\Program Files\Palm\inboxtogo-agent.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Ddrive\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [QCWLIcon] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [EasySync Pro - LtNts4] C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
O4 - HKLM\..\Run: [EasySync Pro] C:\Program Files\Common Files\XCPCMenu.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TeaTimer] C:\Ddrive\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [ISAMTray] "C:\progra~1\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [w32msgr] C:\sdwork\w32main2.exe /log c:\sdwork\msgr.txt ospdb.pok.ibm.com
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Mail.lnk = C:\Program Files\Palm\inboxtogo-watch.exe
O4 - Global Startup: Enable tray menu for Lotus Notes Synchronization.lnk = C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{232FAC1A-FD6B-4B74-B129-6F58AE26C936}: Domain = ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - IBM Global Services - C:\Program Files\C4ebreg\isamsmt.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: ldlcserv - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrcBoot - IBM Corporation - C:\WINDOWS\System32\drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks for your help. Let me know where to go from here.

#4 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 17 February 2006 - 09:36 PM

Please do an online scan with Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
  - Extended (If available otherwise Standard)
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post as well as a bew hijackthis log please.

#5 MGT

New Member

Authentic Member
10 posts

Posted 18 February 2006 - 09:33 AM

Kapersky reported 7 viruses and 11 infections. Here are the new logs:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, February 18, 2006 10:27:49
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/02/2006
Kaspersky Anti-Virus database records: 177297
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
E:\

Scan Statistics:
Total number of scanned objects: 68426
Number of viruses found: 7
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 4524 sec

Infected Object Name - Virus Name
C:\Program Files\RRUInst\rrpc\superinstall.EXE/IGWSE2SAS2.1WM2.1.EXE/HOTVIEW.EXE Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333
C:\Program Files\RRUInst\rrpc\superinstall.EXE/IGWSE2SAS2.1WM2.1.EXE/OMNITHREAD_RT.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.g
C:\Program Files\RRUInst\rrpc\superinstall.EXE/IGWSE2SAS2.1WM2.1.EXE/VNCHOOKS.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333
C:\Program Files\RRUInst\rrpc\superinstall.EXE/IGWSE2SAS2.1WM2.1.EXE Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333
C:\Program Files\RRUInst\rrpc\superinstall.EXE Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP274\A0057190.dll Infected: not-a-virus:AdWare.Win32.Relevance.c
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP274\A0057191.exe Infected: not-a-virus:AdWare.Win32.WinAD.k
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP274\A0057192.dll Infected: not-a-virus:AdWare.Win32.WinAD.i
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP274\A0057193.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ao
C:\WINDOWS\woinstall.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak
C:\WINDOWS\woinstall.exe Infected: not-a-virus:AdWare.Win32.EZula.ak

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 10:30:16 AM, on 2/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\C4ebreg\isamsmt.exe
C:\WINDOWS\Explorer.EXE
c:\sdwork\issimsvc.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\progra~1\c4ebreg\c4ebreg.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Ddrive\Spybot - Search & Destroy\TeaTimer.exe
C:\progra~1\c4ebreg\isamtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Palm\inboxtogo-watch.exe
C:\Program Files\Palm\inboxtogo-agent.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Ddrive\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [QCWLIcon] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [EasySync Pro - LtNts4] C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
O4 - HKLM\..\Run: [EasySync Pro] C:\Program Files\Common Files\XCPCMenu.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TeaTimer] C:\Ddrive\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [ISAMTray] "C:\progra~1\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [w32msgr] C:\sdwork\w32main2.exe /log c:\sdwork\msgr.txt ospdb.pok.ibm.com
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Mail.lnk = C:\Program Files\Palm\inboxtogo-watch.exe
O4 - Global Startup: Enable tray menu for Lotus Notes Synchronization.lnk = C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{232FAC1A-FD6B-4B74-B129-6F58AE26C936}: Domain = ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - IBM Global Services - C:\Program Files\C4ebreg\isamsmt.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: ldlcserv - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrcBoot - IBM Corporation - C:\WINDOWS\System32\drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Let me know the next steps.

Thanks.

#6 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 18 February 2006 - 02:31 PM

Step #1

Please download and run Spybot 1.4 & AdAware SE Then follow the instructions in the link below to run.

Spybot & Adaware Tutorial

Step # 2

Then do a virus scan here >>> Trend Micro

Reboot and post a new HiJackThis log.

#7 MGT

New Member

Authentic Member
10 posts

Posted 18 February 2006 - 09:46 PM

I ran the Spybot program sucessfully and then tried AdAware SEPlus. AdAware got stuck on c:\garmin\amrbc7. This is a 317MB folder of maps. It did complete on another system with the same folder, files, file size. Here is the log file as far as it ran: Ad-Aware SE Build 1.06r1 Logfile Created on:Saturday, February 18, 2006 9:45:47 PM Using definitions file:SE1R92 14.02.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R89 24.01.2006 Internal build : 101 File location : C:\Program Files\Lavasoft\Ad-Aware SE Plus\defs.ref File size : 588187 Bytes Total size : 1770467 Bytes Signature data size : 1734546 Bytes Reference data size : 35409 Bytes Signatures total : 49142 CSI Fingerprints total : 1384 CSI data size : 40743 Bytes Target categories : 15 Target families : 825 2-18-2006 5:26:48 PM Performing WebUpdate... Installing Update... Definitions File Loaded: Reference Number : SE1R92 14.02.2006 Internal build : 105 File location : C:\Program Files\Lavasoft\Ad-Aware SE Plus\defs.ref File size : 612293 Bytes Total size : 1843069 Bytes Signature data size : 1808182 Bytes Reference data size : 34375 Bytes Signatures total : 50991 CSI Fingerprints total : 1581 CSI data size : 47541 Bytes Target categories : 15 Target families : 832 2-18-2006 5:27:05 PM Success Update successfully downloaded and installed. Memory + processor status: ========================== Number of processors : 1 Processor architecture : Non Intel Memory available:26 % Total physical memory:261040 kb Available physical memory:66900 kb Total page file size:639800 kb Available on page file:344140 kb Total virtual memory:2097024 kb Available virtual memory:2022872 kb OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600) Ad-Aware SE Settings =========================== Set : Move deleted files to Recycle Bin Set : Safe mode (always request confirmation) Set : Don't log streams smaller than 0 Bytes Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Let Windows remove files in use at next reboot Set : Block pop-ups aggressively Set : Automatically select problematic objects in results lists Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Show splash screen Set : Backup current definitions file before updating Set : Play sound at scan completion if scan locates critical objects 2/18/2006 9:45:47 PM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 732 ThreadCreationTime : 2/18/2006 10:21:45 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 780 ThreadCreationTime : 2/18/2006 10:21:53 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 816 ThreadCreationTime : 2/18/2006 10:21:59 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 860 ThreadCreationTime : 2/18/2006 10:22:00 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 872 ThreadCreationTime : 2/18/2006 10:22:00 PM BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ibmpmsvc.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1040 ThreadCreationTime : 2/18/2006 10:22:00 PM BasePriority : Normal #:7 [ati2evxx.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1080 ThreadCreationTime : 2/18/2006 10:22:02 PM BasePriority : Normal #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1116 ThreadCreationTime : 2/18/2006 10:22:03 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1264 ThreadCreationTime : 2/18/2006 10:22:03 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [s24evmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1348 ThreadCreationTime : 2/18/2006 10:22:04 PM BasePriority : Normal FileVersion : 4, 1, 0, 3 ProductVersion : 4, 1, 0, 3 ProductName : Mobile Unit Support Service CompanyName : Intel Corporation FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters. InternalName : S24EvMon LegalCopyright : Copyright © 2001 - 2003 Intel Corporation, 1997 - 2001 Symbol Technologies, Inc. Portions Copyright © MIT OriginalFilename : S24EvMon.exe #:11 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1580 ThreadCreationTime : 2/18/2006 10:22:05 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1640 ThreadCreationTime : 2/18/2006 10:22:05 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:13 [ccsetmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1816 ThreadCreationTime : 2/18/2006 10:22:06 PM BasePriority : Normal FileVersion : 2.2.4.003 ProductVersion : 2.2.4.003 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:14 [ccevtmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1924 ThreadCreationTime : 2/18/2006 10:22:07 PM BasePriority : Normal FileVersion : 2.2.4.003 ProductVersion : 2.2.4.003 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:15 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 660 ThreadCreationTime : 2/18/2006 10:22:08 PM BasePriority : Normal FileVersion : 5.1.2600.1699 (xpsp2.050610-1533) ProductVersion : 5.1.2600.1699 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:16 [trcboot.exe] FilePath : C:\WINDOWS\System32\drivers\ ProcessID : 1240 ThreadCreationTime : 2/18/2006 10:22:15 PM BasePriority : Normal #:17 [pcs_agnt.exe] FilePath : C:\Program Files\IBM\Personal Communications\ ProcessID : 1560 ThreadCreationTime : 2/18/2006 10:22:18 PM BasePriority : Normal FileVersion : 5060.0.2226.456 ProductVersion : 5.6.0 ProductName : Personal Communications CompanyName : IBM Corporation FileDescription : Always Resident PComm Process InternalName : PCS_AGNT.EXE LegalCopyright : Copyright © IBM Corp. 1989, 2002 LegalTrademarks : ® IBM is a registered trademark of International Business Machines Corporation. Windows™ is a trademark of Microsoft Corporation #:18 [defwatch.exe] FilePath : C:\Program Files\Symantec AntiVirus\ ProcessID : 1652 ThreadCreationTime : 2/18/2006 10:22:20 PM BasePriority : Normal FileVersion : 9.0.5.1000 ProductVersion : 9.0.5.1000 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Virus Definition Daemon InternalName : DefWatch LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved. OriginalFilename : DefWatch.exe #:19 [ewidoctrl.exe] FilePath : C:\Program Files\ewido anti-malware\ ProcessID : 2000 ThreadCreationTime : 2/18/2006 10:22:21 PM BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:20 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2012 ThreadCreationTime : 2/18/2006 10:22:21 PM BasePriority : Normal #:21 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 208 ThreadCreationTime : 2/18/2006 10:22:21 PM BasePriority : Normal FileVersion : 6.00.2800.1221 (xpsp2.030511-1403) ProductVersion : 6.00.2800.1221 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:22 [ewidoguard.exe] FilePath : C:\Program Files\ewido anti-malware\ ProcessID : 236 ThreadCreationTime : 2/18/2006 10:22:22 PM BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : guard CompanyName : ewido networks FileDescription : guard InternalName : guard LegalCopyright : Copyright © 2004 OriginalFilename : guard.exe #:23 [rrpcsb.exe] FilePath : C:\Program Files\IBM\IBM Rapid Restore Ultra\ ProcessID : 264 ThreadCreationTime : 2/18/2006 10:22:24 PM BasePriority : Normal FileVersion : 4,0,0,4026 ProductVersion : 4,0,0,4026 ProductName : rrpcsb Module FileDescription : rrpcsb Module InternalName : rrpcsb LegalCopyright : Copyright 2002 OriginalFilename : rrpcsb.EXE #:24 [isamsmt.exe] FilePath : C:\Program Files\C4ebreg\ ProcessID : 352 ThreadCreationTime : 2/18/2006 10:22:25 PM BasePriority : Normal FileVersion : 1.02 ProductVersion : 1.02 CompanyName : IBM Global Services FileDescription : ISAM Software Metering Tool InternalName : ISAMSMT LegalCopyright : © IBM Global Services, 2002 Comments : Written by: Operating Systems Platforms #:25 [issimsvc.exe] FilePath : c:\sdwork\ ProcessID : 528 ThreadCreationTime : 2/18/2006 10:22:28 PM BasePriority : Normal FileVersion : 2.09 ProductVersion : 2.09 CompanyName : IBM Global Services FileDescription : ISSI EZUpdate Service InternalName : ISSIMSVC LegalCopyright : © IBM Global Services, 2001, 2005 Comments : Written by: Operating Systems Platforms #:26 [netcfgsv.exe] FilePath : C:\PROGRA~1\AT&TNE~1\ ProcessID : 784 ThreadCreationTime : 2/18/2006 10:22:32 PM BasePriority : Normal FileVersion : 5.05.1 ProductVersion : 5.05.1 ProductName : NetCfgSvr Module CompanyName : AT&T FileDescription : Network configuration service InternalName : NetCfgSvr LegalCopyright : Copyright © 2002 AT&T. All Rights Reserved. OriginalFilename : NetCfgSvr.EXE #:27 [qconsvc.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1548 ThreadCreationTime : 2/18/2006 10:22:36 PM BasePriority : Normal FileVersion : 3, 0, 0, 0 ProductVersion : 3, 0, 0, 0 ProductName : IBM ThinkPad Utility CompanyName : IBM Corp. FileDescription : IBM Access Connections - Service Component. InternalName : QConSvc LegalCopyright : Copyright © IBM Corp. 2001, 2004 OriginalFilename : QConSvc.Exe Comments : IBM Access Connections Component. #:28 [regsrvc.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1692 ThreadCreationTime : 2/18/2006 10:22:36 PM BasePriority : Normal FileVersion : 4, 1, 0, 0 ProductVersion : 4, 1, 0, 0 ProductName : RegSrvc Module CompanyName : Intel Corporation FileDescription : RegSrvc Module InternalName : RegSrvc LegalCopyright : Copyright © 2002 - 2003 Intel Corporation OriginalFilename : RegSrvc.EXE #:29 [savroam.exe] FilePath : C:\Program Files\Symantec AntiVirus\ ProcessID : 1756 ThreadCreationTime : 2/18/2006 10:22:37 PM BasePriority : Normal FileVersion : 9.0.5.1000 ProductVersion : 9.0.5.1000 ProductName : Symantec SAVRoam CompanyName : symantec FileDescription : SAVRoam InternalName : SAVRoam LegalCopyright : Copyright 2002 - 2004 Symantec Corporation. All rights reserved. OriginalFilename : SAVRoam.exe #:30 [rtvscan.exe] FilePath : C:\Program Files\Symantec AntiVirus\ ProcessID : 452 ThreadCreationTime : 2/18/2006 10:22:43 PM BasePriority : Normal FileVersion : 9.0.5.1000 ProductVersion : 9.0.5.1000 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved. #:31 [agrsmmsg.exe] FilePath : C:\WINDOWS\ ProcessID : 572 ThreadCreationTime : 2/18/2006 10:22:44 PM BasePriority : Normal FileVersion : 2.1.31 2.1.31 06/27/2003 08:53:31 ProductVersion : 2.1.31 2.1.31 06/27/2003 08:53:31 ProductName : Agere SoftModem Messaging Applet CompanyName : Agere Systems FileDescription : SoftModem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Agere Systems 1998-2000 OriginalFilename : smdmstat.exe #:32 [tphkmgr.exe] FilePath : C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\ ProcessID : 1296 ThreadCreationTime : 2/18/2006 10:22:48 PM BasePriority : Normal #:33 [rundll32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1368 ThreadCreationTime : 2/18/2006 10:22:48 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : RUNDLL.EXE #:34 [tpkmpsvc.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1344 ThreadCreationTime : 2/18/2006 10:22:48 PM BasePriority : Normal #:35 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1428 ThreadCreationTime : 2/18/2006 10:22:50 PM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:36 [vsmon.exe] FilePath : C:\WINDOWS\system32\ZoneLabs\ ProcessID : 1572 ThreadCreationTime : 2/18/2006 10:22:50 PM BasePriority : Normal FileVersion : 3.5.175.087 ProductVersion : 3.5.175.087 ProductName : TrueVector Service CompanyName : Zone Labs Inc. FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1999-2002, Zone Labs Inc. OriginalFilename : vsmon.exe #:37 [tponscr.exe] FilePath : C:\Program Files\ThinkPad\PkgMgr\HOTKEY\ ProcessID : 2128 ThreadCreationTime : 2/18/2006 10:22:58 PM BasePriority : Normal #:38 [syntplpr.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ProcessID : 2164 ThreadCreationTime : 2/18/2006 10:22:59 PM BasePriority : Normal FileVersion : 7.5.17.6 28Aug03 ProductVersion : 7.5.17.6 28Aug03 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : TouchPad Driver Helper Application InternalName : SynTPLpr LegalCopyright : Copyright © Synaptics, Inc. 1996-2003 OriginalFilename : SynTPLpr.exe #:39 [tpscrex.exe] FilePath : C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\ ProcessID : 2200 ThreadCreationTime : 2/18/2006 10:23:00 PM BasePriority : Normal FileVersion : 1.06 ProductVersion : 1.06 ProductName : ThinkPad UltraZoom CompanyName : IBM Corporation FileDescription : ThinkPad UltraZoom InternalName : TPSCREX LegalCopyright : Copyright © 2000, IBM Corporation OriginalFilename : TpScrEx.exe #:40 [syntpenh.exe] FilePath : C:\Program Files\Synaptics\SynTP\ ProcessID : 2224 ThreadCreationTime : 2/18/2006 10:23:01 PM BasePriority : Normal FileVersion : 7.5.17.6 28Aug03 ProductVersion : 7.5.17.6 28Aug03 ProductName : Progressive Touch CompanyName : Synaptics, Inc. FileDescription : Synaptics TouchPad Enhancements InternalName : Scrolleroo LegalCopyright : Copyright © Synaptics, Inc. 1996-2003 OriginalFilename : SynTPEnh.exe #:41 [fxssvc.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2272 ThreadCreationTime : 2/18/2006 10:23:02 PM BasePriority : Normal FileVersion : 5.2.1776.1023 ProductVersion : 5.2.1776.1023 ProductName : Microsoft® Fax Server CompanyName : Microsoft Corporation FileDescription : Fax Service InternalName : FXSSVC.EXE LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : FXSSVC.EXE #:42 [ldlcserv.exe] FilePath : C:\WINDOWS\System32\Drivers\ ProcessID : 2356 ThreadCreationTime : 2/18/2006 10:23:05 PM BasePriority : Normal #:43 [c4ebreg.exe] FilePath : C:\progra~1\c4ebreg\ ProcessID : 2376 ThreadCreationTime : 2/18/2006 10:23:06 PM BasePriority : Normal FileVersion : 5.20 ProductVersion : 5.20 CompanyName : IBM Global Services FileDescription : IBM Standard Asset Manager InternalName : C4EBREG LegalCopyright : © IBM Global Services, 2000, 2005 Comments : Written by: Operating Systems Platforms #:44 [qcwlicon.exe] FilePath : C:\PROGRA~1\ThinkPad\CONNEC~1\ ProcessID : 2460 ThreadCreationTime : 2/18/2006 10:23:08 PM BasePriority : Normal FileVersion : 3, 0, 0, 0 ProductVersion : 3, 0, 0, 0 ProductName : IBM ThinkPad Utility CompanyName : IBM Corp. FileDescription : IBM Access Connections - Wireless Status Icon. InternalName : QCWLIcon LegalCopyright : Copyright © IBM Corp. 2001, 2004 OriginalFilename : QCWLIcon.exe Comments : IBM Access Connections Component. #:45 [ntsagent.exe] FilePath : C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\ ProcessID : 2524 ThreadCreationTime : 2/18/2006 10:23:08 PM BasePriority : Normal FileVersion : 2.3.6 ProductVersion : 4.21.XXX ProductName : XTNDConnect PC CompanyName : Extended Systems Inc. FileDescription : Lotus Notes translator agent InternalName : NtsAgnt LegalCopyright : Copyright © Extended Systems Inc 1998-2000. All rights reserved. LegalTrademarks : XTNDConnect PC is a trademark of Extended Systems Inc. OriginalFilename : NtsAgnt.EXE #:46 [blsloader.exe] FilePath : C:\Program Files\BellSouth Internet Tools\ ProcessID : 2628 ThreadCreationTime : 2/18/2006 10:23:12 PM BasePriority : Normal #:47 [ibmprc.exe] FilePath : C:\IBMTOOLS\UTILS\ ProcessID : 2756 ThreadCreationTime : 2/18/2006 10:23:14 PM BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 1 ProductName : ibmprc Application CompanyName : IBM Corp. FileDescription : ibmprc Application InternalName : ibmprc LegalCopyright : Copyright © 2004 IBM OriginalFilename : ibmprc.exe #:48 [qttask.exe] FilePath : C:\Program Files\QuickTime\ ProcessID : 2912 ThreadCreationTime : 2/18/2006 10:23:18 PM BasePriority : Normal FileVersion : 6.4 ProductVersion : QuickTime 6.4 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2003 OriginalFilename : QTTask.exe #:49 [qctray.exe] FilePath : C:\PROGRA~1\ThinkPad\CONNEC~1\ ProcessID : 3016 ThreadCreationTime : 2/18/2006 10:23:20 PM BasePriority : Normal FileVersion : 3, 0, 0, 0 ProductVersion : 3, 0, 0, 0 ProductName : IBM ThinkPad Utility CompanyName : IBM Corp. FileDescription : IBM Access Connections - Taskbar Application. InternalName : QCTray LegalCopyright : Copyright © IBM Corp. 2001, 2004 OriginalFilename : QCTray.exe Comments : IBM Access Connections Component. #:50 [tfswctrl.exe] FilePath : C:\WINDOWS\system32\dla\ ProcessID : 3024 ThreadCreationTime : 2/18/2006 10:23:21 PM BasePriority : Normal FileVersion : 1.04.08a CompanyName : Sonic Solutions FileDescription : Drive Letter Access Component LegalCopyright : Copyright © 2004 Sonic Solutions #:51 [realsched.exe] FilePath : C:\Program Files\Common Files\Real\Update_OB\ ProcessID : 3076 ThreadCreationTime : 2/18/2006 10:23:22 PM BasePriority : Normal FileVersion : 0.1.0.3208 ProductVersion : 0.1.0.3208 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:52 [isamtray.exe] FilePath : C:\progra~1\c4ebreg\ ProcessID : 3120 ThreadCreationTime : 2/18/2006 10:23:23 PM BasePriority : Normal FileVersion : 5.20 ProductVersion : 5.20 CompanyName : IBM Global Services FileDescription : ISAM Tray Icon InternalName : ISAMTRAY LegalCopyright : © IBM Global Services, 2005 Comments : Written by: Operating Systems Platforms #:53 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 3324 ThreadCreationTime : 2/18/2006 10:23:25 PM BasePriority : Normal FileVersion : 2.2.4.003 ProductVersion : 2.2.4.003 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:54 [vptray.exe] FilePath : C:\PROGRA~1\SYMANT~1\ ProcessID : 3628 ThreadCreationTime : 2/18/2006 10:23:32 PM BasePriority : Normal FileVersion : 9.0.5.1000 ProductVersion : 9.0.5.1000 ProductName : Symantec AntiVirus CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved. #:55 [inboxtogo-watch.exe] FilePath : C:\Program Files\Palm\ ProcessID : 3992 ThreadCreationTime : 2/18/2006 10:23:41 PM BasePriority : Normal FileVersion : 100.00 (124) ProductVersion : 100.00 (124) ProductName : DataViz Mail FileDescription : DataViz Mail System Watchdog InternalName : inboxtogo-watch.exe LegalCopyright : Copyright © 1999-2002 DataViz, Inc. OriginalFilename : inboxtogo-watch.exe #:56 [inboxtogo-agent.exe] FilePath : C:\Program Files\Palm\ ProcessID : 972 ThreadCreationTime : 2/18/2006 10:23:42 PM BasePriority : Normal FileVersion : 100.00 (124) ProductVersion : 100.00 (124) ProductName : DataViz Mail FileDescription : DataViz Mail Desktop Agent InternalName : inboxtogo-agent.exe LegalCopyright : Copyright © 1999-2002 DataViz, Inc. OriginalFilename : inboxtogo-agent.exe #:57 [iclient.exe] FilePath : C:\Program Files\Zone Labs\Integrity Client\ ProcessID : 604 ThreadCreationTime : 2/18/2006 10:23:44 PM BasePriority : Normal FileVersion : 3.5.175.087 ProductVersion : 3.5.175.087 ProductName : Integrity Client CompanyName : Zone Labs Inc. FileDescription : Integrity Client InternalName : iclient LegalCopyright : Copyright © 1999-2002, Zone Labs Inc. OriginalFilename : iclient.exe #:58 [hotsync.exe] FilePath : C:\Program Files\Palm\ ProcessID : 1868 ThreadCreationTime : 2/18/2006 10:23:50 PM BasePriority : Normal FileVersion : 4.0.4 ProductVersion : 4.1.0 ProductName : HotSync® Manager, Palm Desktop CompanyName : Palm, Inc. FileDescription : HotSync® Manager Application InternalName : HotSync® LegalCopyright : Copyright © 1995-2001 Palm, Inc. LegalTrademarks : HotSync® is a registered trademark of Palm, Inc. OriginalFilename : Hotsync.exe #:59 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\ ProcessID : 3936 ThreadCreationTime : 2/18/2006 10:24:41 PM BasePriority : Normal FileVersion : 6.2.0.237 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : markgarvin@2o7[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Administrator\Cookies\markgarvin@2o7[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : markgarvin@as-us.falkag[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Administrator\Cookies\markgarvin@as-us.falkag[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : markgarvin@bravenet[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Administrator\Cookies\markgarvin@bravenet[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : markgarvin@cgi-bin[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Administrator\Cookies\markgarvin@cgi-bin[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : markgarvin@sel.as-us.falkag[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Administrator\Cookies\markgarvin@sel.as-us.falkag[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : markgarvin@servedby.netshelter[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Administrator\Cookies\markgarvin@servedby.netshelter[1].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : markgarvin@serving-sys[2].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Administrator\Cookies\markgarvin@serving-sys[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : markgarvin@trafic[1].txt TAC Rating : 3 Category : Data Miner Comment : Value : C:\Documents and Settings\Administrator\Cookies\markgarvin@trafic[1].txt Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 8 Objects found so far: 8 <STOP> Now I'm stuck. What's next?

#8 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 18 February 2006 - 10:40 PM

Reboot

Please download Asquared from the link below.

http://www.emsisoft....tware/download/

Safe it to your desktop. Next open and check for updates.

Boot to safe mode (tap f8 while bios loads)

Then scan your system (this will take some time) after the scan is compelte allow it to fix what it has found. If there is something that it can not clean please let me know what it was.

Then reboot and post a new hijackthis log.

#9 MGT

New Member

Authentic Member
10 posts

Posted 19 February 2006 - 10:25 AM

Running asquared worked. Here is a copy of the log:

a-squared Report
Scan started: 2/19/2006 8:22:21 AM
Scan finished: 2/19/2006 9:11:25 AM
Scan duration: 0h 49min 4sec
Scanned files: 150230
Infected files: 39

No Malware objects found

And the hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 11:19:44 AM, on 2/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\progra~1\c4ebreg\c4ebreg.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\progra~1\c4ebreg\isamtray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Palm\inboxtogo-watch.exe
C:\Program Files\Palm\inboxtogo-agent.exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\C4ebreg\isamsmt.exe
c:\sdwork\issimsvc.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Ddrive\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [QCWLIcon] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [EasySync Pro - LtNts4] C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
O4 - HKLM\..\Run: [EasySync Pro] C:\Program Files\Common Files\XCPCMenu.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TeaTimer] C:\Ddrive\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [ISAMTray] "C:\progra~1\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [w32msgr] C:\sdwork\w32main2.exe /log c:\sdwork\msgr.txt ospdb.pok.ibm.com
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Mail.lnk = C:\Program Files\Palm\inboxtogo-watch.exe
O4 - Global Startup: Enable tray menu for Lotus Notes Synchronization.lnk = C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{232FAC1A-FD6B-4B74-B129-6F58AE26C936}: Domain = ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - IBM Global Services - C:\Program Files\C4ebreg\isamsmt.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: ldlcserv - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrcBoot - IBM Corporation - C:\WINDOWS\System32\drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Let me know what's next.

Thanks.

#10 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 19 February 2006 - 06:38 PM

Looks ok, how is it running?

#11 MGT

New Member

Authentic Member
10 posts

Posted 20 February 2006 - 05:32 PM

It's running great. Thanks for your help siggyx!! This is the only site I've found that can get my computer running again. I sent a donation. Thanks again.

#12 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 20 February 2006 - 08:08 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Body Background

skin color theme