Greetings. Here are all the symptoms:
- soon after boot, popup box says "khelper.sys not found"
- when on the network, popup box every 1 min or so says "iexplore" (sic)
- task manager, registry editor, Symantec Antivirus, Symantec Firewall are disabled (no errors, but the normal way to start them does nothing at all)
- firefox is no longer working; it gets in a loop trying to install something, fails with an error in a popup window, click ok, and cycles back to try again
- Microsoft Malware Removal Tool says it found backdoor win32/hupigon.gen!e and "partially fixed" it (the "iexplore" popup doesn't come up now, but everything else is still there).
- event log shows an attempt to replace beep.sys (stopped by Symantec?), net udp port sharing service failing soon after reboot, same for hid input service, and a few others
- it also mentions hacktool rootkit in khelper10.sys, and something similar for killer10.sys
- there are some messages that tcp/ip connections reached the maximum allowed, but network connectivity seems to be ok (with some exceptions, I suspect some ports are blocked?)
I hope you can help. From what I've read on the forum about what you do and in your spare time---you guys are incredible!
Thank you.
SM
DDS (Version 1.0) - NTFSx86
Run by stefanos at 20:51:12.58 on Tue 11/11/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.195 [GMT -5:00]
============== Psuedo HJT Report ===============
uStart Page = hxxp://w3.ibm.com/
uSearch Page = hxxp://www.live.com/
mDefault_Page_URL = hxxp://w3.ibm.com
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: {B56A7D7D-6927-48C8-A975-17DF180C71AC} - c:\progra~1\spywar~1\tools\iesdpb.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [IBM RecordNow!]
uRun: [EZBack-it-up Tray Scheduler] c:\program files\ezbackitup\EZBkuptray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [NetSP - restore settings on power failure] "c:\program files\at&t network client\NetSP.exe" -show
uRun: [QuickenScheduledUpdates] c:\program files\quickenw\bagent.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FFTI] c:\documents and settings\administrator\application data\mozilla\firefox\profiles\u0yzo4ij.default\extensions\{b13721c7-f507-4982-b2e5-502a71474fed}\ffti.exe /verysilent /suppressmsgboxes /norestart /destpath="c:\documents and settings\administrator\application data\mozilla\firefox\profiles/u0yzo4ij.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [C4EBReg] "c:\progra~1\c4ebreg\c4ebreg.exe" /q
mRun: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [stgclean] c:\sdwork\w32main2.exe /cleanup
mRun: [ISAMTray] "c:\progra~1\c4ebreg\isamtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [MyHelpService] "c:\program files\ibm\my help\workspace\service\delayStart.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [pmonmh] c:\program files\ibm\my help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [defergui] c:/sdwork/defergui.exe
mRun: [Rapid Restore] c:\program files\xpoint\pe\skin\rrpcsb.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~2\symant~2\VPTray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [Virus] Anti.exe
dRun: [Microsoft Corporation] jview.exe
dRunServices: [Virus] Anti.exe
dRunServices: [Microsoft Corporation] jview.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\ibm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\direct~1.lnk - c:\program files\olympus\dssplayer\DirectrecConfig.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HotSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotusq~1.lnk - c:\lotus\wordpro\ltsstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pushcl~1.lnk - c:\program files\interwise\participant\pull.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
uPolicies-explorer: NoDevMgrUpdate = 1 (0x1)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\ibm\bluetooth software\btsendto_ie_ctx.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\ibm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\ibm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {38F2C806-B109-4B08-AC5B-8CA637C1829F} = 9.0.8.1,9.0.9.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon -c:\program files\superantispyware\SASWINLO.dll
Notify: ACNotify -ACNotify.dll
Notify: AtiExtEvent -Ati2evxx.dll
Notify: NavLogon -c:\windows\system32\NavLogon.dll
Notify: tpfnf2 -notifyf2.dll
Notify: tphotkey -tphklock.dll
SSODL: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli ACGina
============= SERVICES / DRIVERS ===============
R3 agnfilt;AGN Filter Interface;c:\windows\system32\drivers\agnfilt.sys
S4 agnwifi;AT&T Wi-Fi Support Driver;c:\windows\system32\drivers\agnwifi.sys
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS
R3 Anydlc;Anydlc;c:\windows\system32\drivers\anydlc.sys
R3 Appn;Appn;c:\windows\system32\drivers\appn.sys
R2 AppnApi;AppnApi;c:\windows\system32\drivers\appnapi.sys
R3 AppnBase;AppnBase;c:\windows\system32\drivers\AppnBase.sys
S3 avpnnic;AGN Virtual Network Adapter;c:\windows\system32\drivers\avpnnic.sys
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys
S3 gwiopm;gwiopm;c:\program files\wst\gwiopm.sys
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys
S3 IBMTRP;IBM Token-Ring PCI Adapter (Generic);c:\windows\system32\drivers\IBMTRP.SYS
R2 IBM_LLC2;IBM Personal Communications LLC2 Driver;c:\windows\system32\drivers\llc2.sys
R3 KLOGNT;KLOGNT;c:\windows\system32\drivers\klognt.sys
S3 msdirectx;msdirectx;c:\documents and settings\administrator\msdirectx.sys
S3 Mykhelper;Mykhelper;c:\windows\system32\Khelper10.sys
R2 NsTrcNT;NsTrcNT;c:\windows\system32\drivers\nstrcnt.sys
R3 pdlnacom;PDLC Adapter -- COM;c:\windows\system32\drivers\pdlnacom.sys
R3 pdlnafac;PDLC Adapter Factory;c:\windows\system32\drivers\pdlnafac.sys
R3 pdlnatcm;Twinax Adapter Common;c:\windows\system32\drivers\pdlnatcm.sys
R3 pdlnatdl;Twinax Adapter;c:\windows\system32\drivers\pdlnatdl.sys
R3 pdlncbas;PDLC CxM Classes;c:\windows\system32\drivers\pdlncbas.sys
R3 pdlncfwk;PDLC Connection Manager;c:\windows\system32\drivers\pdlncfwk.sys
R2 pdlnctdl;Twinax CUT Adapter;c:\windows\system32\drivers\pdlnctdl.sys
R3 pdlndint;PDLC DLC Classes;c:\windows\system32\drivers\pdlndint.sys
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);c:\windows\system32\drivers\pdlndldl.sys
R3 pdlndlpb;PDLC LAPB;c:\windows\system32\drivers\pdlndlpb.sys
R3 pdlndoem;PDLC OEM Interface;c:\windows\system32\drivers\pdlndoem.sys
R3 pdlndqll;PDLC QLLC;c:\windows\system32\drivers\pdlndqll.sys
R3 pdlndsdl;PDLC SDLC;c:\windows\system32\drivers\pdlndsdl.sys
R3 pdlndtdl;Twinax DLC;c:\windows\system32\drivers\pdlndtdl.sys
R3 pdlnebas;PDLC Environment;c:\windows\system32\drivers\pdlnebas.sys
R3 pdlnecfg;PDLC Configuration;c:\windows\system32\drivers\pdlnecfg.sys
R3 pdlnemap;PDLC Mapper;c:\windows\system32\drivers\pdlnemap.sys
R3 pdlnemsg;PDLC Message Driver;c:\windows\system32\drivers\pdlnemsg.sys
R3 pdlnepkt;PDLC Buffer Manager;c:\windows\system32\drivers\pdlnepkt.sys
R3 pdlnshay;PDLC Hayes At signalling;c:\windows\system32\drivers\pdlnshay.sys
R3 pdlnslea;PDLC SDLC Leased;c:\windows\system32\drivers\pdlnslea.sys
R3 pdlnsv25;PDLC V25bis signalling;c:\windows\system32\drivers\pdlnsv25.sys
R3 pdlnsx25;PDLC X.25;c:\windows\system32\drivers\pdlnsx25.sys
S3 S3Inc;S3Inc;c:\windows\system32\drivers\s3mt3d.sys
R2 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys
R0 Shockprf;Shockprf;c:\windows\system32\drivers\Shockprf.sys
R1 TPPWR;TPPWR;c:\windows\system32\drivers\Tppwr.sys
S3 wcndis;IBM Mobility Client Virtual Miniport;c:\windows\system32\drivers\wcndis.sys
S2 BackGround switch;BackGround Switch Disktop Control;c:\windows\system32\regedit32.exe
R2 DCDClient-ISSI;IBM DCD Standard Client (DCDClient-ISSI);c:\program files\ibm\tivoli\dcd\client\issi\cds\CDSWinSrv.exe
S2 IBM Intelligent Miner service;IBM Intelligent Miner service;c:\program files\ibm\im\bin\idmd.exe
R2 ISAMSvc;IBM Standard Asset Manager Service;c:\progra~1\c4ebreg\c4ebreg.exe
S2 MyHelp;My Help;c:\program files\ibm\my help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
S2 SCardClnt;Smart Card Client;c:\windows\system32\SCardClnt.exe
S2 WRTService;WRT Service;c:\windows\wrtService.exe
=============== Created Last 30 ================
2008-11-11 20:07 250 a------- c:\windows\gmer.ini
2008-11-11 09:58 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-11 09:58 48,816 a------- c:\windows\system32\S32EVNT1.DLL
2008-11-11 09:27 7,645,120 a------- c:\temp\windows-kb890830-v2.4.exe
2008-11-10 17:39 <DIR> --d----- c:\program files\Spyware Doctor
2008-11-10 15:39 <DIR> --d----- c:\program files\Lavasoft
2008-11-10 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-11-10 12:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-11-10 12:33 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-11-10 12:33 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2008-11-10 12:33 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-09 01:12 674 a------- c:\windows\system32\info.dat
2008-11-08 14:26 242,367 a------- c:\windows\system32\qq.exe
2008-11-08 13:18 7,478,208 a------- c:\temp\windows-kb890830-v2.3.exe
2008-11-08 05:04 <DIR> --d----- c:\program files\common files\Lenovo
2008-10-31 00:38 13 a------- c:\windows\system32\error.dat
2008-10-30 17:11 10,240 a--shr-- c:\windows\system32\userinet.exe
2008-10-30 17:11 60,835 a------- c:\windows\system32\downloader.exe
==================== Find3M ====================
2008-11-11 19:49 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-11-11 18:45 <DIR> --d----- c:\program files\C4ebreg
2008-11-11 14:58 <DIR> --d----- c:\program files\AT&T Network Client
2008-11-11 14:08 <DIR> --d----- c:\program files\wst
2008-11-11 09:58 <DIR> --d----- c:\program files\Symantec
2008-11-11 09:58 <DIR> --d----- c:\program files\Symantec Client Security
2008-11-11 09:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-11-08 05:04 <DIR> --d----- c:\program files\Lenovo
2008-10-24 10:14 73,728 ---sh--- c:\windows\system32\regedit32.exe
2008-10-17 11:15 <DIR> --d----- c:\program files\QUICKENW
2008-09-23 16:43 124,100 a------- c:\windows\system32\server.exe
2008-04-23 13:44 <DIR> --d----- c:\docume~1\admini~1\applic~1\QcWizard
2008-03-23 20:40 <DIR> --d----- c:\docume~1\admini~1\applic~1\Intuit
2008-03-21 11:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lotus
2008-03-21 11:10 <DIR> --d----- c:\docume~1\admini~1\applic~1\Lotus
2008-02-21 11:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AGNS
2008-02-13 15:13 <DIR> --d----- c:\docume~1\admini~1\applic~1\WebEx
2007-08-23 08:46 <DIR> --d----- c:\docume~1\admini~1\applic~1\IBM
2007-07-05 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Musicnotes
2007-07-05 07:39 <DIR> --d----- c:\docume~1\admini~1\applic~1\SecondLife
2007-06-20 12:06 <DIR> --d----- c:\docume~1\admini~1\applic~1\JRE Bundle
2007-05-14 11:48 <DIR> --d----- c:\docume~1\admini~1\applic~1\Centra
2007-02-21 12:25 <DIR> --d----- c:\docume~1\admini~1\applic~1\Viewpoint
2007-02-21 12:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2006-09-16 23:08 <DIR> --d----- c:\docume~1\admini~1\applic~1\Canon
2006-08-21 14:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IGS
2006-07-10 09:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IBM
2006-01-02 15:09 <DIR> --d----- c:\docume~1\admini~1\applic~1\ACAMPREF
2005-11-15 12:51 <DIR> --d----- c:\docume~1\admini~1\applic~1\ICAClient
2005-09-14 16:28 <DIR> --d----- c:\docume~1\admini~1\applic~1\SAS
2005-04-11 16:28 <DIR> --d----- c:\docume~1\admini~1\applic~1\ActiveState
2005-04-04 08:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IBMERS
2005-02-22 00:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2004-09-02 11:54 <DIR> --d----- c:\docume~1\admini~1\applic~1\Visio
2003-09-27 11:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\InterTrust
2003-09-27 11:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PerSys
2003-09-27 10:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\InterTrust
2002-09-23 15:05 <DIR> --d----- c:\docume~1\admini~1\applic~1\PerSys
============= FINISH: 20:51:27.07 ===============
- soon after boot, popup box says "khelper.sys not found"
- when on the network, popup box every 1 min or so says "iexplore" (sic)
- task manager, registry editor, Symantec Antivirus, Symantec Firewall are disabled (no errors, but the normal way to start them does nothing at all)
- firefox is no longer working; it gets in a loop trying to install something, fails with an error in a popup window, click ok, and cycles back to try again
- Microsoft Malware Removal Tool says it found backdoor win32/hupigon.gen!e and "partially fixed" it (the "iexplore" popup doesn't come up now, but everything else is still there).
- event log shows an attempt to replace beep.sys (stopped by Symantec?), net udp port sharing service failing soon after reboot, same for hid input service, and a few others
- it also mentions hacktool rootkit in khelper10.sys, and something similar for killer10.sys
- there are some messages that tcp/ip connections reached the maximum allowed, but network connectivity seems to be ok (with some exceptions, I suspect some ports are blocked?)
I hope you can help. From what I've read on the forum about what you do and in your spare time---you guys are incredible!
Thank you.
SM
DDS (Version 1.0) - NTFSx86
Run by stefanos at 20:51:12.58 on Tue 11/11/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.195 [GMT -5:00]
============== Psuedo HJT Report ===============
uStart Page = hxxp://w3.ibm.com/
uSearch Page = hxxp://www.live.com/
mDefault_Page_URL = hxxp://w3.ibm.com
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: {B56A7D7D-6927-48C8-A975-17DF180C71AC} - c:\progra~1\spywar~1\tools\iesdpb.dll
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0311.0\msneshellx.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [IBM RecordNow!]
uRun: [EZBack-it-up Tray Scheduler] c:\program files\ezbackitup\EZBkuptray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [NetSP - restore settings on power failure] "c:\program files\at&t network client\NetSP.exe" -show
uRun: [QuickenScheduledUpdates] c:\program files\quickenw\bagent.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FFTI] c:\documents and settings\administrator\application data\mozilla\firefox\profiles\u0yzo4ij.default\extensions\{b13721c7-f507-4982-b2e5-502a71474fed}\ffti.exe /verysilent /suppressmsgboxes /norestart /destpath="c:\documents and settings\administrator\application data\mozilla\firefox\profiles/u0yzo4ij.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [C4EBReg] "c:\progra~1\c4ebreg\c4ebreg.exe" /q
mRun: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [stgclean] c:\sdwork\w32main2.exe /cleanup
mRun: [ISAMTray] "c:\progra~1\c4ebreg\isamtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [MyHelpService] "c:\program files\ibm\my help\workspace\service\delayStart.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [pmonmh] c:\program files\ibm\my help\workspace\..\plugins\com.ibm.myhelp.common_1.3.14/pmonmh.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [defergui] c:/sdwork/defergui.exe
mRun: [Rapid Restore] c:\program files\xpoint\pe\skin\rrpcsb.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~2\symant~2\VPTray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [Virus] Anti.exe
dRun: [Microsoft Corporation] jview.exe
dRunServices: [Virus] Anti.exe
dRunServices: [Microsoft Corporation] jview.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\ibm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\direct~1.lnk - c:\program files\olympus\dssplayer\DirectrecConfig.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\HotSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotusq~1.lnk - c:\lotus\wordpro\ltsstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pushcl~1.lnk - c:\program files\interwise\participant\pull.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
uPolicies-explorer: NoDevMgrUpdate = 1 (0x1)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\ibm\bluetooth software\btsendto_ie_ctx.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\ibm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\ibm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {38F2C806-B109-4B08-AC5B-8CA637C1829F} = 9.0.8.1,9.0.9.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon -c:\program files\superantispyware\SASWINLO.dll
Notify: ACNotify -ACNotify.dll
Notify: AtiExtEvent -Ati2evxx.dll
Notify: NavLogon -c:\windows\system32\NavLogon.dll
Notify: tpfnf2 -notifyf2.dll
Notify: tphotkey -tphklock.dll
SSODL: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli ACGina
============= SERVICES / DRIVERS ===============
R3 agnfilt;AGN Filter Interface;c:\windows\system32\drivers\agnfilt.sys
S4 agnwifi;AT&T Wi-Fi Support Driver;c:\windows\system32\drivers\agnwifi.sys
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS
R3 Anydlc;Anydlc;c:\windows\system32\drivers\anydlc.sys
R3 Appn;Appn;c:\windows\system32\drivers\appn.sys
R2 AppnApi;AppnApi;c:\windows\system32\drivers\appnapi.sys
R3 AppnBase;AppnBase;c:\windows\system32\drivers\AppnBase.sys
S3 avpnnic;AGN Virtual Network Adapter;c:\windows\system32\drivers\avpnnic.sys
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys
S3 gwiopm;gwiopm;c:\program files\wst\gwiopm.sys
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys
S3 IBMTRP;IBM Token-Ring PCI Adapter (Generic);c:\windows\system32\drivers\IBMTRP.SYS
R2 IBM_LLC2;IBM Personal Communications LLC2 Driver;c:\windows\system32\drivers\llc2.sys
R3 KLOGNT;KLOGNT;c:\windows\system32\drivers\klognt.sys
S3 msdirectx;msdirectx;c:\documents and settings\administrator\msdirectx.sys
S3 Mykhelper;Mykhelper;c:\windows\system32\Khelper10.sys
R2 NsTrcNT;NsTrcNT;c:\windows\system32\drivers\nstrcnt.sys
R3 pdlnacom;PDLC Adapter -- COM;c:\windows\system32\drivers\pdlnacom.sys
R3 pdlnafac;PDLC Adapter Factory;c:\windows\system32\drivers\pdlnafac.sys
R3 pdlnatcm;Twinax Adapter Common;c:\windows\system32\drivers\pdlnatcm.sys
R3 pdlnatdl;Twinax Adapter;c:\windows\system32\drivers\pdlnatdl.sys
R3 pdlncbas;PDLC CxM Classes;c:\windows\system32\drivers\pdlncbas.sys
R3 pdlncfwk;PDLC Connection Manager;c:\windows\system32\drivers\pdlncfwk.sys
R2 pdlnctdl;Twinax CUT Adapter;c:\windows\system32\drivers\pdlnctdl.sys
R3 pdlndint;PDLC DLC Classes;c:\windows\system32\drivers\pdlndint.sys
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);c:\windows\system32\drivers\pdlndldl.sys
R3 pdlndlpb;PDLC LAPB;c:\windows\system32\drivers\pdlndlpb.sys
R3 pdlndoem;PDLC OEM Interface;c:\windows\system32\drivers\pdlndoem.sys
R3 pdlndqll;PDLC QLLC;c:\windows\system32\drivers\pdlndqll.sys
R3 pdlndsdl;PDLC SDLC;c:\windows\system32\drivers\pdlndsdl.sys
R3 pdlndtdl;Twinax DLC;c:\windows\system32\drivers\pdlndtdl.sys
R3 pdlnebas;PDLC Environment;c:\windows\system32\drivers\pdlnebas.sys
R3 pdlnecfg;PDLC Configuration;c:\windows\system32\drivers\pdlnecfg.sys
R3 pdlnemap;PDLC Mapper;c:\windows\system32\drivers\pdlnemap.sys
R3 pdlnemsg;PDLC Message Driver;c:\windows\system32\drivers\pdlnemsg.sys
R3 pdlnepkt;PDLC Buffer Manager;c:\windows\system32\drivers\pdlnepkt.sys
R3 pdlnshay;PDLC Hayes At signalling;c:\windows\system32\drivers\pdlnshay.sys
R3 pdlnslea;PDLC SDLC Leased;c:\windows\system32\drivers\pdlnslea.sys
R3 pdlnsv25;PDLC V25bis signalling;c:\windows\system32\drivers\pdlnsv25.sys
R3 pdlnsx25;PDLC X.25;c:\windows\system32\drivers\pdlnsx25.sys
S3 S3Inc;S3Inc;c:\windows\system32\drivers\s3mt3d.sys
R2 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys
R0 Shockprf;Shockprf;c:\windows\system32\drivers\Shockprf.sys
R1 TPPWR;TPPWR;c:\windows\system32\drivers\Tppwr.sys
S3 wcndis;IBM Mobility Client Virtual Miniport;c:\windows\system32\drivers\wcndis.sys
S2 BackGround switch;BackGround Switch Disktop Control;c:\windows\system32\regedit32.exe
R2 DCDClient-ISSI;IBM DCD Standard Client (DCDClient-ISSI);c:\program files\ibm\tivoli\dcd\client\issi\cds\CDSWinSrv.exe
S2 IBM Intelligent Miner service;IBM Intelligent Miner service;c:\program files\ibm\im\bin\idmd.exe
R2 ISAMSvc;IBM Standard Asset Manager Service;c:\progra~1\c4ebreg\c4ebreg.exe
S2 MyHelp;My Help;c:\program files\ibm\my help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
S2 SCardClnt;Smart Card Client;c:\windows\system32\SCardClnt.exe
S2 WRTService;WRT Service;c:\windows\wrtService.exe
=============== Created Last 30 ================
2008-11-11 20:07 250 a------- c:\windows\gmer.ini
2008-11-11 09:58 109,744 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-11 09:58 48,816 a------- c:\windows\system32\S32EVNT1.DLL
2008-11-11 09:27 7,645,120 a------- c:\temp\windows-kb890830-v2.4.exe
2008-11-10 17:39 <DIR> --d----- c:\program files\Spyware Doctor
2008-11-10 15:39 <DIR> --d----- c:\program files\Lavasoft
2008-11-10 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-11-10 12:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-11-10 12:33 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-11-10 12:33 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2008-11-10 12:33 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-09 01:12 674 a------- c:\windows\system32\info.dat
2008-11-08 14:26 242,367 a------- c:\windows\system32\qq.exe
2008-11-08 13:18 7,478,208 a------- c:\temp\windows-kb890830-v2.3.exe
2008-11-08 05:04 <DIR> --d----- c:\program files\common files\Lenovo
2008-10-31 00:38 13 a------- c:\windows\system32\error.dat
2008-10-30 17:11 10,240 a--shr-- c:\windows\system32\userinet.exe
2008-10-30 17:11 60,835 a------- c:\windows\system32\downloader.exe
==================== Find3M ====================
2008-11-11 19:49 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-11-11 18:45 <DIR> --d----- c:\program files\C4ebreg
2008-11-11 14:58 <DIR> --d----- c:\program files\AT&T Network Client
2008-11-11 14:08 <DIR> --d----- c:\program files\wst
2008-11-11 09:58 <DIR> --d----- c:\program files\Symantec
2008-11-11 09:58 <DIR> --d----- c:\program files\Symantec Client Security
2008-11-11 09:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-11-08 05:04 <DIR> --d----- c:\program files\Lenovo
2008-10-24 10:14 73,728 ---sh--- c:\windows\system32\regedit32.exe
2008-10-17 11:15 <DIR> --d----- c:\program files\QUICKENW
2008-09-23 16:43 124,100 a------- c:\windows\system32\server.exe
2008-04-23 13:44 <DIR> --d----- c:\docume~1\admini~1\applic~1\QcWizard
2008-03-23 20:40 <DIR> --d----- c:\docume~1\admini~1\applic~1\Intuit
2008-03-21 11:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lotus
2008-03-21 11:10 <DIR> --d----- c:\docume~1\admini~1\applic~1\Lotus
2008-02-21 11:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AGNS
2008-02-13 15:13 <DIR> --d----- c:\docume~1\admini~1\applic~1\WebEx
2007-08-23 08:46 <DIR> --d----- c:\docume~1\admini~1\applic~1\IBM
2007-07-05 22:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Musicnotes
2007-07-05 07:39 <DIR> --d----- c:\docume~1\admini~1\applic~1\SecondLife
2007-06-20 12:06 <DIR> --d----- c:\docume~1\admini~1\applic~1\JRE Bundle
2007-05-14 11:48 <DIR> --d----- c:\docume~1\admini~1\applic~1\Centra
2007-02-21 12:25 <DIR> --d----- c:\docume~1\admini~1\applic~1\Viewpoint
2007-02-21 12:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2006-09-16 23:08 <DIR> --d----- c:\docume~1\admini~1\applic~1\Canon
2006-08-21 14:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IGS
2006-07-10 09:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IBM
2006-01-02 15:09 <DIR> --d----- c:\docume~1\admini~1\applic~1\ACAMPREF
2005-11-15 12:51 <DIR> --d----- c:\docume~1\admini~1\applic~1\ICAClient
2005-09-14 16:28 <DIR> --d----- c:\docume~1\admini~1\applic~1\SAS
2005-04-11 16:28 <DIR> --d----- c:\docume~1\admini~1\applic~1\ActiveState
2005-04-04 08:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IBMERS
2005-02-22 00:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2004-09-02 11:54 <DIR> --d----- c:\docume~1\admini~1\applic~1\Visio
2003-09-27 11:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\InterTrust
2003-09-27 11:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PerSys
2003-09-27 10:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\InterTrust
2002-09-23 15:05 <DIR> --d----- c:\docume~1\admini~1\applic~1\PerSys
============= FINISH: 20:51:27.07 ===============
