Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Unable to remove few dlls Unable to remove few dlls
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 07-22-2008, 07:31 AM   #1 (permalink)
Registered User
 
Join Date: Jul 2008
Posts: 9
OS: XP


Unable to remove few dlls
Hi,

Pls. help me to resolve this problem. Not sure how severe is this one. I have also put in the log file of the HijackPlus.

There are two add-ons to IE which even though I have tried disabled it I can't delete them and the dll still running in memory and creating entries in regedit.

Also this has disabled automatic update entries in services.msc and even if I try to enable it manually it is not allowing me and throughing up Error 1058.

Pls. advice how to get through this. Thanks in advance for your help.

Suk


Log file of HijackThis

---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:04 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Wipro\Wipro VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\wipro\i-TOUCH\IMG_Contacts.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.wipro.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.wipro.com;*.wipro.co.in;10.*;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {870BCDEB-2E6F-4FC3-BBB8-4D1DFFBA5204} - C:\WINDOWS\system32\ddcDwvUN.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {CDA46C9C-A772-4F9C-B9F3-7C7A86EE0013} - C:\WINDOWS\system32\xxywttUM.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Wipro e-AssetTracker] C:\WINDOWS\Java\lib\e-Asset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [amsg] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: i-TOUCH.lnk = ?
O4 - Global Startup: Wipro VPN Client.lnk = C:\Program Files\wipro\Wipro VPN Client\vpngui.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://phx.corporate-ir.net
O15 - Trusted Zone: http://webcastingplayer.corporate-ir.net
O15 - Trusted Zone: http://event.on24.com
O15 - Trusted Zone: http://learning.wipro.com
O15 - Trusted Zone: http://wiprocrm.wipro.com
O16 - DPF: {3D67F67F-8997-4210-BB3C-48CBAB234FE2} (Wipro e-AssetTracker1.6.3) - http://ec-ls1.wipro.com/easset/jassetcab.cab
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://knet2.wipro.com/pdb/Portal/resources/msddsc.cab
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://desktopsupport.wipro.com:8080...weblaunch2.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://wipro.webex.com/client/v_myw...ex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wipro.com
O17 - HKLM\Software\..\Telephony: DomainName = wipro.com
O18 - Protocol: icoo - {86FE362E-74FA-4F71-8B69-B94D28880628} - C:\Program Files\ICOO Loader\addons\icoou.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: xxywttUM - C:\WINDOWS\SYSTEM32\xxywttUM.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Wipro\Wipro VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RemoteGetMacIDService - Unknown owner - C:\WINDOWS\system32\RemoteGetMacIDService.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe

--
End of file - 14338 bytes
gsukesh is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-22-2008, 10:41 AM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 24,585
OS: 2000 Pro; XP Pro; XP Home


Re: Unable to remove few dlls
Hello, gsukesh -

You have a Vundo infection. The dlls are hooked to winlogon, and typically do not like to just delete.

We require a bit more information, please.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006
Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum.

Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-23-2008, 02:08 AM   #3 (permalink)
Registered User
 
Join Date: Jul 2008
Posts: 9
OS: XP


Re: Unable to remove few dlls
Hi,

Thanks for your help. I don't how it got into my m/c.

I have done the scan and attached is the report. Looks like the culprit is these files which we can see together.

Also it has blocked Windows automatic update and disabled services. I can't start them as well.

How do I get this fixed?

Thanks,
Suk

Contents from Main.txt
-----------------------

Deckard's System Scanner v20071014.68
Run by rajivo on 2008-07-23 13:45:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
20: 2008-07-23 08:16:27 UTC - RP292 - Deckard's System Scanner Restore Point
19: 2008-07-23 07:01:15 UTC - RP291 - System Checkpoint
18: 2008-07-22 06:58:54 UTC - RP290 - System Checkpoint
17: 2008-07-21 06:35:26 UTC - RP289 - Software Distribution Service 3.0
16: 2008-07-20 16:55:02 UTC - RP288 - Installed Windows Internet Explorer 7.


-- First Restore Point --
1: 2008-07-19 18:03:01 UTC - RP273 - Removed Adobe Reader 7.1.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as rajivo.exe) ----------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-23 13:50:30
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\wipro\Wipro VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\WINDOWS\explorer.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
C:\Program Files\ThinkVantage\AMSG\AMSG.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\wipro\i-TOUCH\IMG_Contacts.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Documents and Settings\rajivo\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.wipro.com:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {3457D326-C1BD-4173-8EE6-4BCA61D559AB} - C:\WINDOWS\system32\ddcDwvUN.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {CDA46C9C-A772-4F9C-B9F3-7C7A86EE0013} - C:\WINDOWS\system32\xxywttUM.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Wipro e-AssetTracker] C:\WINDOWS\Java\lib\e-Asset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [amsg] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: i-TOUCH.lnk = ?
O4 - Global Startup: Wipro VPN Client.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options Group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://www.adobe.com (HKCU)
O15 - Trusted Zone: http://phx.corporate-ir.net (HKCU)
O15 - Trusted Zone: http://webcastingplayer.corporate-ir.net (HKCU)
O15 - Trusted Zone: http://onecare.live.com (HKCU)
O15 - Trusted Zone: http://update.microsoft.com (HKCU)
O15 - Trusted Zone: http://www.update.microsoft.com (HKCU)
O15 - Trusted Zone: http://event.on24.com (HKCU)
O15 - Trusted Zone: http://learning.wipro.com (HKCU)
O15 - Trusted Zone: http://wiprocrm.wipro.com (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...OGAControl.cab
O16 - DPF: {3D67F67F-8997-4210-BB3C-48CBAB234FE2} (Wipro e-AssetTracker1.6.3) - http://ec-ls1.wipro.com/easset/jassetcab.cab
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://knet2.wipro.com/pdb/Portal/resources/msddsc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1216748005375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1216747987281
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://desktopsupport.wipro.com:8080...weblaunch2.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://wipro.webex.com/client/v_myw...ex/ieatgpc.cab
O17 - HKLM\Software\..\Telephony: DomainName = wipro.com
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = wipro.com
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = wipro.com
O18 - Protocol: icoo - {86FE362E-74FA-4f71-8B69-B94D28880628} - C:\Program Files\ICOO Loader\addons\icoou.dll (file missing)
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: xxywttUM - C:\WINDOWS\system32\xxywttUM.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\wipro\Wipro VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RemoteGetMacIDService - Unknown owner - C:\WINDOWS\system32\RemoteGetMacIDService.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\system32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSvc.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe


--
End of file - 16529 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080722-160600-243 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080722-160736-905 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080722-160737-219 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080722-160737-824 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080722-161119-537 O2 - BHO: (no name) - {CDA46C9C-A772-4F9C-B9F3-7C7A86EE0013} - C:\WINDOWS\system32\xxywttUM.dll
backup-20080722-161119-715 O2 - BHO: (no name) - {BEF0F9AF-41B6-4AB2-AA25-0B2417147486} - (no file)
backup-20080722-161225-574 O2 - BHO: (no name) - {CDA46C9C-A772-4F9C-B9F3-7C7A86EE0013} - C:\WINDOWS\system32\xxywttUM.dll
backup-20080722-161436-676 O2 - BHO: (no name) - {CDA46C9C-A772-4F9C-B9F3-7C7A86EE0013} - C:\WINDOWS\system32\xxywttUM.dll
backup-20080722-162055-894 O2 - BHO: (no name) - {CDA46C9C-A772-4F9C-B9F3-7C7A86EE0013} - C:\WINDOWS\system32\xxywttUM.dll
backup-20080722-163712-223 O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
backup-20080722-163713-469 O2 - BHO: (no name) - {CDA46C9C-A772-4F9C-B9F3-7C7A86EE0013} - C:\WINDOWS\system32\xxywttUM.dll
backup-20080722-163735-376 O2 - BHO: (no name) - {9AC91C81-6116-4F28-B034-85718893A3A9} - C:\WINDOWS\system32\ddcDwvUN.dll
backup-20080722-163736-973 O2 - BHO: (no name) - {CDA46C9C-A772-4F9C-B9F3-7C7A86EE0013} - C:\WINDOWS\system32\xxywttUM.dll
backup-20080722-163949-396 O2 - BHO: (no name) - {CDA46C9C-A772-4F9C-B9F3-7C7A86EE0013} - C:\WINDOWS\system32\xxywttUM.dll
backup-20080722-164044-635 O2 - BHO: (no name) - {CDA46C9C-A772-4F9C-B9F3-7C7A86EE0013} - C:\WINDOWS\system32\xxywttUM.dll
backup-20080722-164156-581 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
backup-20080722-164419-228 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1213720368718
backup-20080722-164419-562 O20 - Winlogon Notify: xxywttUMa - xxywttUMa.dll (file missing)
backup-20080722-164419-921 O20 - Winlogon Notify: xxywttUM - C:\WINDOWS\SYSTEM32\xxywttUM.dll
backup-20080722-164419-971 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1213720335453
backup-20080722-164524-716 O17 - HKLM\System\CCS\Services\Tcpip\..\{89FC80CA-D1C0-4D30-8BE3-AFC49E7D6B9F}: NameServer = 85.255.116.28,85.255.112.85
backup-20080722-164622-305 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.28 85.255.112.85
backup-20080722-164622-311 O17 - HKLM\System\CCS\Services\Tcpip\..\{9E7D0F11-A549-477B-961F-DEE1AFF17516}: NameServer = 85.255.116.28,85.255.112.85
backup-20080722-173520-812 O21 - SSODL: System - {5A0BE61E-F791-4F7C-BBA3-44EBE06F089F} - dgflib.dll (file missing)
backup-20080722-182039-196 O20 - Winlogon Notify: xxywttUM - C:\WINDOWS\SYSTEM32\xxywttUM.dll
backup-20080722-182059-202 O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
backup-20080722-182059-909 O20 - Winlogon Notify: xxywttUM - C:\WINDOWS\SYSTEM32\xxywttUM.dll
backup-20080722-183233-460 O2 - BHO: (no name) - {870BCDEB-2E6F-4FC3-BBB8-4D1DFFBA5204} - C:\WINDOWS\system32\ddcDwvUN.dll
backup-20080722-185917-634 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080722-190609-737 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
backup-20080722-201329-915 O2 - BHO: (no name) - {870BCDEB-2E6F-4FC3-BBB8-4D1DFFBA5204} - C:\WINDOWS\system32\ddcDwvUN.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; Lenovo; ThinkVantage Active Protection System>
R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 Odptdi - c:\windows\system32\drivers\odptdi.sys <Not Verified; Aventail Corporation; Aventail(R) Connect(TM) with Smart Tunneling(TM)>
R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 CdpPacket (Cisco Discovery Protocol Packet Driver) - c:\windows\system32\drivers\cdppacket.sys <Not Verified; Cisco Systems; Cisco IP Communicator>
R2 EGATHDRV (IBM eGatherer) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys <Not Verified; IBM; RRU>
R2 iPassP (iPass Protocol (IEEE 802.1x) v3.5.1.0) - c:\windows\system32\drivers\ipassp.sys <Not Verified; Meetinghouse Data Communications; iPass Client 3.5.1.0>
R2 pmem - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 PrivateDisk - c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys <Not Verified; Utimaco Safeware AG; SafeGuard PrivateDisk>
R2 PROCDD (IPS Helper Driver) - c:\windows\system32\drivers\procdd.sys <Not Verified; Lenovo Group Limited; Away Manager>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 smi2 - c:\program files\smi2\smi2.sys <Not Verified; IBM Corp.; TVT SMI Bios driver>
R3 Cpmt (Cisco Media Termination) - c:\windows\system32\drivers\cpmt.sys <Not Verified; Cisco Systems, Inc.; Cisco IP Communicator>

S3 msgegh - c:\windows\system32\drivers\msgegh.sys (file missing)
S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys <Not Verified; Lenovo; SMI Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>
R2 IPSSVC (IPS Core Service) - c:\windows\system32\ipssvc.exe <Not Verified; Lenovo Group Limited; Away Manager>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
R2 TPHDEXLGSVC (ThinkPad HDD APS Logging Service) - system32\tphdexlg.exe <Not Verified; Lenovo.; ThinkVantage Active Protection System>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
R2 TVT Scheduler - "c:\program files\ibm thinkvantage\common\scheduler\tvtsched.exe" <Not Verified; ; tvtsched Module>
R2 UCLauncherService (ThinkVantage System Update) - c:\program files\thinkvantage\systemupdate\uclauncherservice.exe

S3 iPassConnectEngine - c:\program files\ipass\ipassconnect\ipassconnectengine.exe <Not Verified; iPass, Inc.; iPassConnectEngine>
S3 iPassPeriodicUpdateApp - "c:\program files\ipass\ipassconnect\ipassperiodicupdateapp.exe" <Not Verified; iPass, Inc.; Periodic Update>
S3 iPassPeriodicUpdateService - "c:\program files\ipass\ipassconnect\ipassperiodicupdateservice.exe" <Not Verified; iPass, Inc.; Periodic Update Service>
S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing)
S3 RemoteGetMacIDService - c:\windows\system32\remotegetmacidservice.exe
S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-07-22 12:14:28 316 --a------ C:\WINDOWS\Tasks\PMTask.job
2007-03-27 12:53:14 366 -----n--- C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-06-23 and 2008-07-23 -----------------------------

2008-07-23 10:55:43 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-22 16:01:01 0 d-------- C:\Program Files\Trend Micro
2008-07-21 17:46:18 0 d-------- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
2008-07-20 13:40:18 78848 --a------ C:\WINDOWS\system32\yhasiksvb.dll
2008-07-20 13:40:14 102912 --a------ C:\WINDOWS\system32\enrrsba.dll
2008-07-20 13:40:07 102912 --a------ C:\WINDOWS\system32\jiptgrmb.dll
2008-07-20 13:39:48 91648 --a------ C:\WINDOWS\system32\ydjmiaqnc.dll
2008-07-19 23:32:48 1289 --ahs---- C:\WINDOWS\system32\NUvwDcdd.ini2
2008-07-19 23:32:18 319488 --a------ C:\WINDOWS\system32\ddcDwvUN.dll
2008-07-19 23:27:00 26112 --a------ C:\WINDOWS\system32\xxywttUM.dll
2008-07-19 23:27:00 26112 --a------ C:\WINDOWS\system32\iifedaXo.dll
2008-07-19 22:39:32 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-07-18 00:19:27 0 d-------- C:\Documents and Settings\rajivo\Application Data\PCF-VLC
2008-07-17 23:52:09 0 d-------- C:\Documents and Settings\rajivo\Application Data\Participatory Culture Foundation
2008-07-17 23:51:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Participatory Culture Foundation
2008-07-17 23:50:34 0 d-------- C:\Program Files\Participatory Culture Foundation
2008-07-17 21:33:05 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-12 11:22:24 0 d-------- C:\Documents and Settings\rajivo\Application Data\Lenovo
2008-07-12 10:56:13 0 d-------- C:\Documents and Settings\rajivo\Application Data\gtk-2.0
2008-07-12 10:55:43 0 d-------- C:\Documents and Settings\rajivo\avidemux
2008-07-12 10:55:17 0 d-------- C:\Program Files\Avidemux 2.4
2008-07-07 10:19:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-07-07 10:18:46 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-01 1831 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-29 15:41:32 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-28 15:32:40 0 d-------- C:\Program Files\Burn4Free
2008-06-26 2335 0 d-------- C:\Documents and Settings\rajivo\Application Data\InfraRecorder
2008-06-26 23:05:19 0 d-------- C:\Program Files\InfraRecorder


-- Find3M Report ---------------------------------------------------------------

2008-07-21 23:58:41 40 --a------ C:\WINDOWS\system32\profile.dat
2008-07-21 22:32:35 0 d-------- C:\Documents and Settings\rajivo\Application Data\Skype
2008-07-20 23:08:23 0 d-------- C:\Documents and Settings\rajivo\Application Data\BitTorrent
2008-07-20 1540 0 d-------- C:\Documents and Settings\rajivo\Application Data\Mozilla
2008-07-20 00:00:14 5427 --a------ C:\WINDOWS\system32\EGATHDRV.SYS <Not Verified; IBM Corporation; IBM eGatherer>
2008-07-19 22:39:47 0 d-------- C:\Documents and Settings\rajivo\Application Data\Adobe
2008-07-19 22:39:32 0 d-------- C:\Program Files\Common Files
2008-07-19 13:33:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-18 23:26:54 0 d-------- C:\Documents and Settings\rajivo\Application Data\Azureus
2008-07-17 21:32:52 0 d-------- C:\Program Files\Common Files\Real
2008-07-17 21:32:07 0 d-------- C:\Program Files\Real
2008-07-16 15:49:35 0 d-------- C:\Documents and Settings\rajivo\Application Data\DivX
2008-07-08 21:23:20 0 d-------- C:\Program Files\Azureus
2008-07-06 16:23:23 0 d-------- C:\Program Files\DivX
2008-06-11 05:37:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 05:33:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 05:33:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 05:33:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 05:33:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 05:33:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 05:33:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 05:33:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-06 16:52:27 8 --a------ C:\WINDOWS\system32\success
2008-06-06 16:47:08 0 d-------- C:\Program Files\wipro
2008-06-06 16:47:06 0 d-------- C:\Program Files\Common Files\Deterministic Networks
2008-06-06 16:46:45 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-29 22:41:25 0 d-------- C:\Documents and Settings\rajivo\Application Data\AdobeUM
2008-05-23 03:48:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3457D326-C1BD-4173-8EE6-4BCA61D559AB}]
07/19/2008 11:32 PM 319488 --a------ C:\WINDOWS\system32\ddcDwvUN.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDA46C9C-A772-4F9C-B9F3-7C7A86EE0013}]
07/19/2008 11:27 PM 26112 --a------ C:\WINDOWS\system32\xxywttUM.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/29/2005 02:22 AM]
"Wipro e-AssetTracker"="C:\WINDOWS\Java\lib\e-Asset.exe" [10/06/2004 06:00 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/21/2005 10:03 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [05/28/2006 01:36 AM]
"amsg"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [11/15/2005 03:53 AM]
"TpShocks"="TpShocks.exe" [11/07/2005 11:44 PM C:\WINDOWS\system32\TpShocks.exe]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [10/29/2005 07:34 AM]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [03/10/2006 04:44 AM]
"TP4EX"="tp4ex.exe" [10/17/2005 01:41 PM C:\WINDOWS\system32\TP4EX.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [09/16/2005 02:27 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/16/2005 02:27 AM]
"suScheduler"="C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe" [08/02/2005 06:02 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/16/2005 02:49 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [05/07/2005 02:36 AM]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [12/07/2005 01:42 PM]
"PDService.exe"="C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [11/16/2005 01:43 AM]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [01/25/2006 01:33 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/29/2005 02:25 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/29/2005 02:25 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" []
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [11/17/2005 02:52 PM]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [11/29/2005 11:25 PM]
"cssauth"="C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [12/22/2005 06:38 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [12/07/2005 01:42 PM]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [04/18/2006 01:29 AM]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [04/18/2006 01:39 AM]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 05:30 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/17/2008 09:32 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:30 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [02/22/2005 09:25 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/24/2006 12:53:40 PM]
i-TOUCH.lnk - C:\WINDOWS\Installer\{4396FAB0-7E28-4FC8-A3CE-B7D4147A9CE7}\_2943A6231A45B04F50DBEB.exe [3/31/2008 5:03:32 PM]
Wipro VPN Client.lnk - C:\Program Files\wipro\Wipro VPN Client\vpngui.exe [6/6/2008 4:47:18 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{CDA46C9C-A772-4F9C-B9F3-7C7A86EE0013}"= C:\WINDOWS\system32\xxywttUM.dll [07/19/2008 11:27 PM 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 07/06/2005 12:15 PM 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 12/01/2005 08:46 AM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywttUM]
xxywttUM.dll 07/19/2008 11:27 PM 26112 C:\WINDOWS\system32\xxywttUM.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddcDwvUN
"Notification Packages"= scecli csspwntfy

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^rajivo^Start Menu^Programs^Startup^WordWeb.lnk]
path=C:\Documents and Settings\rajivo\Start Menu\Programs\Startup\WordWeb.lnk
backup=C:\WINDOWS\pss\WordWeb.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM7786d73f]
Rundll32.exe "C:\WINDOWS\system32\ydjmiaqn.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wipro OutdoYourself]
C:\WWC\outdo yourself.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07f37844-d522-11db-9ef4-001302b8f86a}]
AutoRun\command- scvhosts.exe
Open\command- scvhosts.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37503d4a-8565-11dc-9f5a-001302b8f86a}]
AutoRun\command- F:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{684cbbcf-3758-11dc-9f35-0015582f9ebf}]
AutoRun\command- scvhosts.exe
Open\command- scvhosts.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fd211f9-2f7f-11dc-9f2d-0015582f9ebf}]
Auto\command- F:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c481f7ac-4110-11dc-9f39-0015582f9ebf}]
Auto\command- F:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe




-- End of Deckard's System Scanner: finished at 2008-07-23 14:01:35 ------------
Attached Files
File Type: txt extra.txt (23.5 KB, 2 views)
Last edited by tetonbob : 07-23-2008 at 07:13 AM.
gsukesh is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-23-2008, 07:20 AM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 24,585
OS: 2000 Pro; XP Pro; XP Home


Re: Unable to remove few dlls
While I appreciate that you're just trying to help, please do not alter the logs by adding bbcode tags to them. Trust me, I can see what's bad.

Please visit this webpage for instructions for downloading and running ComboFix. When you run ComboFix, please insert whatever removable device is typically Drive F and/or Drive R. In addition to Vundo, you show signs of a autorun infection, which gets transferred via removable devices.

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

Be sure to use the package for Microsoft Windows XP Professional Service Pack 2.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

If you have any questions along the way, STOP and ask them before proceeding.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

It does not appear as though DSS was allowed to download and install HijackThis. To produce a HijackThis log for your next reply, please do this:

Please download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006
Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum.

Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 07-23-2008, 11:50 PM   #5 (permalink)
Registered User
 
Join Date: Jul 2008
Posts: 9
OS: XP


Re: Unable to remove few dlls
Hi,

Thanks for suggesting how to cure this.
I downloaded the files but had some issues in running for external drive.
I tried google and got an another suggestion, http://forums.spybot.info/archive/in...p/t-31241.html and it looks like those entries are gone.

I ran the DSS again and it din't generate the extra.txt file.

I am adding the contents from the main.txt file. Can you pls. analyse that it is cured completely

Thanks in advance for your help,
Suk


CONTENTS OF MAIN.TXT
----------------------------
Deckard's System Scanner v20071014.68
Run by rajivo on 2008-07-24 09:01:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as rajivo.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:43 AM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Wipro\Wipro VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\wipro\i-TOUCH\IMG_Contacts.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\rajivo\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\rajivo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy1.wipro.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.wipro.com;*.wipro.co.in;10.*;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Wipro e-AssetTracker] C:\WINDOWS\Java\lib\e-Asset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [amsg] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: i-TOUCH.lnk = ?
O4 - Global Startup: Wipro VPN Client.lnk = C:\Program Files\wipro\Wipro VPN Client\vpngui.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://phx.corporate-ir.net
O15 - Trusted Zone: http://webcastingplayer.corporate-ir.net
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: http://event.on24.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://learning.wipro.com
O15 - Trusted Zone: http://wiprocrm.wipro.com
O16 - DPF: {3D67F67F-8997-4210-BB3C-48CBAB234FE2} (Wipro e-AssetTracker1.6.3) - http://ec-ls1.wipro.com/easset/jassetcab.cab
O16 - DPF: {62CEC9E0-3811-4C36-A94E-4F7565DCD23F} (DDSC Class) - http://knet2.wipro.com/pdb/Portal/resources/msddsc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1216748005375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1216747987281
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} (CWebLaunchCtl Object) - http://desktopsupport.wipro.com:8080...weblaunch2.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://wipro.webex.com/client/v_myw...ex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wipro.com
O17 - HKLM\Software\..\Telephony: DomainName = wipro.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Wipro\Wipro VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O