Thread: Spyware/Virus Removal (cont'd from previous thread)
View Single Post
Old 06-22-2009, 09:53 AM   #1 (permalink)
e-bama
Registered User
 
Join Date: Jun 2009
Posts: 4
OS: xp


Spyware/Virus Removal (cont'd from previous thread)
Previous topic

Spyware/Virus Removal - PLEASE HELP!!

Please help with the remaining steps in cleaning my computer. ComboFix.txt log listed below.

THANKS!


ComboFix 09-06-21.01 - 410Brantley 06/22/2009 10:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2279 [GMT -5:00]
Running from: c:\documents and settings\410brantley\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\410brantley\Application Data\mllntuec
c:\documents and settings\410brantley\Local Settings\Application Data\mllntuec
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\NetworkService\Application Data\mllntuec
c:\documents and settings\NetworkService\Local Settings\Application Data\mllntuec
c:\program files\Common
c:\recycler\S-1-5-21-1233931459-2918598142-4291659859-1005
c:\recycler\S-1-5-21-703021747-2940346758-2480081977-500
c:\windows\system32\drivers\pdmpdpgu.sys
c:\windows\system32\drivers\wjuzuyas.sys
c:\windows\system32\gkbqdlu.dll
c:\windows\system32\spkdmqm.dll
c:\windows\Tasks\At1.job
c:\documents and settings\410brantley\Application Data\mllntuec\profiles.ini
c:\documents and settings\410brantley\Application Data\mllntuec\Profiles\6ql0ki60.default\cert8.db
c:\documents and settings\410brantley\Application Data\mllntuec\Profiles\6ql0ki60.default\compatibility.ini
c:\documents and settings\410brantley\Application Data\mllntuec\Profiles\6ql0ki60.default\compreg.dat
c:\documents and settings\410brantley\Application Data\mllntuec\Profiles\6ql0ki60.default\cookies.sqlite
c:\documents and settings\410brantley\Application Data\mllntuec\Profiles\6ql0ki60.default\formhistory.sqlite
c:\documents and settings\410brantley\Application Data\mllntuec\Profiles\6ql0ki60.default\key3.db
c:\documents and settings\410brantley\Application Data\mllntuec\Profiles\6ql0ki60.default\localstore.rdf
c:\documents and settings\410brantley\Application Data\mllntuec\Profiles\6ql0ki60.default\permissions.sqlite
c:\documents and settings\410brantley\Application Data\mllntuec\Profiles\6ql0ki60.default\places.sqlite
c:\documents and settings\410brantley\Application Data\mllntuec\Profiles\6ql0ki60.default\pluginreg.dat
c:\documents and settings\410brantley\Application Data\mllntuec\Profiles\6ql0ki60.default\prefs.js
c:\documents and settings\410brantley\Application Data\mllntuec\Profiles\6ql0ki60.default\secmod.db
c:\documents and settings\410brantley\Application Data\mllntuec\Profiles\6ql0ki60.default\webappsstore.sqlite
c:\documents and settings\410brantley\Application Data\mllntuec\Profiles\6ql0ki60.default\xpti.dat
c:\documents and settings\410brantley\Local Settings\Application Data\mllntuec\Profiles\6ql0ki60.default\urlclassifier3.sqlite
c:\documents and settings\410brantley\Local Settings\Application Data\mllntuec\Profiles\6ql0ki60.default\XPC.mfl
c:\documents and settings\NetworkService\Application Data\mllntuec\profiles.ini
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\cert8.db
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\compatibility.ini
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\compreg.dat
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\cookies.sqlite
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\formhistory.sqlite
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\key3.db
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\localstore.rdf
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\permissions.sqlite
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\places.sqlite
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\places.sqlite-journal
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\pluginreg.dat
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\prefs.js
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\secmod.db
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\webappsstore.sqlite
c:\documents and settings\NetworkService\Application Data\mllntuec\Profiles\gymdxgv1.default\xpti.dat
c:\documents and settings\NetworkService\Local Settings\Application Data\mllntuec\Profiles\gymdxgv1.default\urlclassifier3.sqlite
c:\documents and settings\NetworkService\Local Settings\Application Data\mllntuec\Profiles\gymdxgv1.default\XPC.mfl
c:\program files\Common\helper.dll
c:\recycler\S-1-5-21-1233931459-2918598142-4291659859-1005\desktop.ini
c:\recycler\S-1-5-21-1233931459-2918598142-4291659859-1005\INFO2
c:\recycler\S-1-5-21-703021747-2940346758-2480081977-500\desktop.ini
c:\recycler\S-1-5-21-703021747-2940346758-2480081977-500\INFO2
c:\windows\pesp32p.dll

----- BITS: Possible infected sites -----

hxxp://SCCM01.EMJMETALS.COM:80
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GWMKZOFE
-------\Legacy_WJUZUYAS
-------\Service_gwmkzofe
-------\Service_wjuzuyas


((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-22 15:21 . 2009-06-22 15:21 -------- d-----w- C:\quarantine
2009-06-16 15:27 . 2006-09-15 01:00 58464 ----a-w- c:\windows\system32\drivers\mvstdi5x.sys
2009-06-16 15:27 . 2006-09-15 01:00 116992 ----a-w- c:\windows\system32\drivers\naiavf5x.sys
2009-06-16 15:27 . 2009-06-16 15:27 -------- d-----w- c:\program files\Common Files\Network Associates
2009-06-15 19:57 . 2009-06-15 21:16 -------- d-----w- c:\documents and settings\410brantley\.housecall6.6
2009-06-15 18:34 . 2009-06-22 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-15 18:34 . 2009-06-22 15:00 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 15:35 . 2009-04-13 16:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-22 01:35 . 2007-02-25 18:04 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2009-06-16 15:27 . 2007-04-18 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates
2009-06-16 15:27 . 2007-04-18 14:09 -------- d-----w- c:\program files\Network Associates
2009-06-16 01:47 . 2007-02-25 17:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 01:47 . 2009-04-06 15:41 -------- d-----w- c:\program files\Common Files\Kaspersky Lab
2009-06-16 01:42 . 2009-04-13 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-15 15:27 . 2009-04-12 03:00 0 ----a-w- c:\windows\Rnojetasoyuy.bin
2009-05-27 18:42 . 2009-01-08 16:31 66696 ----a-w- c:\documents and settings\410brantley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-28 21:47 . 2007-02-25 17:52 -------- d-----w- c:\program files\Java
2009-04-16 17:07 . 2009-04-11 02:03 408 ----a-w- c:\windows\Kfawocub.dat
2009-04-14 19:33 . 2009-04-14 19:33 2609 ----a-w- c:\windows\mdgmemsg.dll
2009-04-14 14:03 . 2009-04-14 14:03 2609 ----a-w- c:\windows\sh32df.dll
2009-04-14 13:59 . 2009-04-14 13:59 2609 ----a-w- c:\windows\iforobif.dll
2009-04-13 19:41 . 2009-04-13 19:41 2609 ----a-w- c:\windows\mdgxdl.dll
2009-04-13 19:37 . 2009-04-13 19:37 2609 ----a-w- c:\windows\ukegajekumibol.dll
2009-04-11 02:03 . 2009-04-11 02:03 2609 ----a-w- c:\windows\cmp320n.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-03 2832280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-07-04 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-10-27 143360]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2006-10-04 131072]
"RightFAX Print-to-Fax Driver"="c:\program files\RightFax\Client\FaxCtrl.exe" [2004-10-22 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2008-06-25 49928]
"Mobile Synchronization"="c:\program files\Pivotal\SyncStream\\HttpSyncStat.exe" [2007-05-29 1236992]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2006-07-11 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-08-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2006-03-16 106496]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-5-9 1528880]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-8 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-8-19 282624]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2009-1-8 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ----a-w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-06-25 01:31 95496 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-10-27 17:57 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-127668209-1135159211-1132862498-14694\Scripts\Logoff\0\0]
"Script"=Logoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-127668209-1135159211-1132862498-14694\Scripts\Logon\0\0]
"Script"=Logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"52988:TCP"= 52988:TCP:@xpsp2res.dll,-22009
"37077:TCP"= 37077:TCP:@xpsp2res.dll,-22009
"8635:TCP"= 8635:TCP:@xpsp2res.dll,-22009
"15665:TCP"= 15665:TCP:@xpsp2res.dll,-22009
"15639:TCP"= 15639:TCP:@xpsp2res.dll,-22009
"6325:TCP"= 6325:TCP:@xpsp2res.dll,-22009
"45651:TCP"= 45651:TCP:@xpsp2res.dll,-22009
"60637:TCP"= 60637:TCP:@xpsp2res.dll,-22009
"64141:TCP"= 64141:TCP:@xpsp2res.dll,-22009
"58808:TCP"= 58808:TCP:@xpsp2res.dll,-22009
"35789:TCP"= 35789:TCP:@xpsp2res.dll,-22009
"38368:TCP"= 38368:TCP:@xpsp2res.dll,-22009
"45349:TCP"= 45349:TCP:@xpsp2res.dll,-22009
"31509:TCP"= 31509:TCP:@xpsp2res.dll,-22009
"60965:TCP"= 60965:TCP:@xpsp2res.dll,-22009
"48049:TCP"= 48049:TCP:@xpsp2res.dll,-22009
"24038:TCP"= 24038:TCP:@xpsp2res.dll,-22009
"14288:TCP"= 14288:TCP:@xpsp2res.dll,-22009
"45851:TCP"= 45851:TCP:@xpsp2res.dll,-22009
"3026:TCP"= 3026:TCP:@xpsp2res.dll,-22009
"27566:TCP"= 27566:TCP:@xpsp2res.dll,-22009
"44743:TCP"= 44743:TCP:@xpsp2res.dll,-22009
"62696:TCP"= 62696:TCP:@xpsp2res.dll,-22009
"48351:TCP"= 48351:TCP:@xpsp2res.dll,-22009
"3562:TCP"= 3562:TCP:@xpsp2res.dll,-22009
"34612:TCP"= 34612:TCP:@xpsp2res.dll,-22009
"19107:TCP"= 19107:TCP:@xpsp2res.dll,-22009
"63709:TCP"= 63709:TCP:@xpsp2res.dll,-22009

R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2/25/2007 12:42 PM 88576]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2/15/2007 3:00 AM 26624]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [6/16/2009 10:27 AM 58464]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2/25/2007 12:42 PM 4736]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2/25/2007 12:42 PM 4442]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 7:05 PM 58368]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 6:55 PM 3968]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [6/24/2008 8:07 PM 12560]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2/7/2007 3:00 AM 2944]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WJUZUYAS
*Deregistered* - wjuzuyas
.
Contents of the 'Scheduled Tasks' folder

2009-06-22 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-02-25 16:13]
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://emjcommunity/JAZ/home.asp
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: emjmetals.com
Trusted Zone: emjmetals.com\archivemanager
Trusted Zone: zillappprod
Trusted Zone: zilloptiprod
Trusted Zone: emjmetals.com\archivemanager
Trusted Zone: zillappprod
Trusted Zone: zilloptiprod
TCP: {9AAACF33-4612-4673-953E-F0C29967A4F4} = 68.28.90.91 68.28.82.91
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 10:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(448)
c:\windows\system32\CSGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'lsass.exe'(504)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll

- - - - - - - > 'explorer.exe'(5824)
c:\windows\system32\PROCHLP.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\DWRCS.EXE
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Common Files\System\MSSearch\Bin\mssearch.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\DWRCST.EXE
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\msiexec.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
.
**************************************************************************
.
Completion time: 2009-06-22 10:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-22 15:44

Pre-Run: 55,422,844,928 bytes free
Post-Run: 55,795,175,424 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

341 --- E O F --- 2009-01-08 17:01
e-bama is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here