Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser hijacker and pop up issues.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser hijacker and pop up issues.

Unread postby bhunt261 » June 17th, 2007, 9:01 am

Having proplems with browers pop ups, started with winantiviruspro... Following the steps listed for new user/new issue. Thanks...

Logfile of HijackThis v1.99.1
Scan saved at 7:57:16 AM, on 6/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MIP\AgentSrv.EXE
C:\Progra~1\Symantec\Symant~1\DefWatch.exe
C:\Documents and Settings\u242593\Application Data\tmp8.tmp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Progra~1\Symantec\Symant~1\Rtvscan.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Timbuktu Pro\TimbuktuRemoteConsole.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
c:\dowwapps\dwsservice\dwsservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Progra~1\Symantec\Symant~1\VPTray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Timbuktu Pro\Tb2Logon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Timbuktu Pro\tb2pro.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system32\dwdsregt.exe
C:\Program Files\Timbuktu Pro\TNOTIFY.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MIP\CBSysTray.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lahome.intranet.dow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dowhome.intranet.dow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.intranet.dow.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dowhome.intranet.dow.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=inet3.nam.dow.com:80;gopher=inet3.nam.dow.com:80;http=inet3.nam.dow.com:80;https=inet3.nam.dow.com:443
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {65d6ca19-c35d-4e2a-91b2-cef3fe00fe2d} - C:\WINDOWS\system32\imsula.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7e3c240c-fdce-453e-8033-108131b60733} - C:\WINDOWS\system32\cvelddf.dll (file missing)
O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32\tmpA.tmp.dll
O3 - Toolbar: (no name) - {F35CE83E-9EBF-40d5-AE87-53F982389740} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\Progra~1\Symantec\Symant~1\VPTray.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [RunWCW] C:\dowwapps\login\dwalogin.vbs
O4 - HKLM\..\Run: [DIRECT!] C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe
O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\Tb2Logon.exe"
O4 - HKLM\..\Run: [WDS] "C:\Program Files\Windows Desktop Search\WindowsSearch.exe" /startup
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Configuration] C:\Dowwapps\scripts\Config_Mobsync_Run.vbs
O4 - HKLM\..\Run: [{49-9C-C6-68-ZN}] C:\windows\system32\dwdsregt.exe CHD003
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\hgfffd.dll",realset
O4 - HKLM\..\RunOnce: [Synchronization Configuration] C:\dowwapps\scripts\config_mobsync_runonce.vbs
O4 - HKLM\..\RunServicesOnce: [DBKey2] C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\DBKey2.dll
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.7.4\webbuying.exe
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas53d.exe" /minimize
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\qodsregk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\MIP\CBSysTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://www.dow.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5327803480
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\Software\..\Telephony: DomainName = dow.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O20 - AppInit_DLLs: c:\windows\system32\mljgddd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: imsula - C:\WINDOWS\SYSTEM32\imsula.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: Timbuktu Pro - C:\Program Files\Timbuktu Pro\Hook32.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\MIP\AgentSrv.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Progra~1\Symantec\Symant~1\DefWatch.exe
O23 - Service: DomainService - - C:\Documents and Settings\u242593\Application Data\tmp8.tmp.exe
O23 - Service: DWSService - The Dow Chemical Company - c:\dowwapps\dwsservice\dwsservice.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OracleORAHOME90ClientCache - Unknown owner - C:\ORACLE\ORA90\BIN\ONRSD.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Progra~1\Symantec\Symant~1\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Progra~1\Symantec\Symant~1\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
bhunt261
Regular Member
 
Posts: 51
Joined: June 16th, 2007, 9:14 am
Advertisement
Register to Remove

Unread postby random/random » June 18th, 2007, 4:21 pm

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

New combo and hijack logs

Unread postby bhunt261 » June 18th, 2007, 5:01 pm

ComboFix 07-06-13.7
"u242593" - 2007-06-18 15:38:17 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\mljgddd.dll
C:\WINDOWS\ddabba.dll
C:\WINDOWS\hggebb.dll
C:\WINDOWS\jkjkkk.dll
C:\WINDOWS\mliigh.dll
C:\WINDOWS\vtusts.dll
C:\WINDOWS\wvvsqr.dll
C:\WINDOWS\xxyaxu.dll
C:\WINDOWS\uwyxbc.ini
C:\WINDOWS\abbadd.ini
C:\WINDOWS\ttwadd.ini
C:\WINDOWS\ruwycf.ini
C:\WINDOWS\bbeggh.ini
C:\WINDOWS\gghhkj.ini
C:\WINDOWS\hihjkj.ini
C:\WINDOWS\kkkjkj.ini
C:\WINDOWS\adeghk.ini
C:\WINDOWS\hgiilm.ini
C:\WINDOWS\nmlmnn.ini
C:\WINDOWS\nmoopo.ini
C:\WINDOWS\stsutv.ini
C:\WINDOWS\vuvutv.ini
C:\WINDOWS\rqsvvw.ini
C:\WINDOWS\uxayxx.ini
C:\WINDOWS\system32\imsula.dll
C:\WINDOWS\cbxywu.dll
C:\WINDOWS\ddawtt.dll
C:\WINDOWS\fcywur.dll
C:\WINDOWS\jkhhgg.dll
C:\WINDOWS\jkjhih.dll
C:\WINDOWS\khgeda.dll
C:\WINDOWS\nnmlmn.dll
C:\WINDOWS\opoomn.dll
C:\WINDOWS\vtuvuv.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\u242593\APPLIC~1\tmp11.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp12.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp13.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp14.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp15.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp16.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp1D.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp1E.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp1F.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp22.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp23.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp25.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp27.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp28.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp2A.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp2B.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp2BE.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp2C.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp2D.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp30.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp31.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp333.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp334.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp335.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp338.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp33C.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp33D.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp340.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp349.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp35.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp356.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp36A.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp3BE.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp3C.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp3C8.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp3D0.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp3D1.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp3DE.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp3DF.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp3E6.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp3ED.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp3EE.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp3EF.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp41.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp44.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp4A.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp4B.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp4C.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp4D.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp507.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp508.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp518.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp519.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp529.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp545.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp547.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp55.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp557.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp55B.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp55C.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp55F.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp56.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp560.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp564.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp569.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp56A.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp576.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp590.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp593.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp595.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp5AB.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp5AD.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp5B8.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp5E.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp61.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp70.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp744.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp745.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp74E.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp74F.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp750.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp752.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp753.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp78.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp7E7.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp8.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp835.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp839.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp856.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp85D.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp868.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp86C.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp870.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp874.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp88.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp9.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmp94.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmpA2.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmpA3.tmp.exe
C:\DOCUME~1\u242593\APPLIC~1\tmpA5.tmp.exe
C:\Temp\0b9
C:\Temp\0b9\tmpTF.log
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\tmp35.tmp.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


2007-06-18 15:36 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-18 15:26 46,336 --a------ C:\WINDOWS\system32\tmp3EE.tmp.dll
2007-06-18 15:16 46,336 --a------ C:\WINDOWS\system32\tmp3DE.tmp.dll
2007-06-18 15:09 46,336 --a------ C:\WINDOWS\system32\tmp349.tmp.dll
2007-06-18 15:04 46,336 --a------ C:\WINDOWS\system32\tmp94.tmp.dll
2007-06-18 06:41 <DIR> d-------- C:\WINDOWS\DowScanFiles
2007-06-17 20:10 46,336 --a------ C:\WINDOWS\system32\tmp3C8.tmp.dll
2007-06-17 20:04 46,336 --a------ C:\WINDOWS\system32\tmp334.tmp.dll
2007-06-17 08:39 46,336 --a------ C:\WINDOWS\system32\tmp15.tmp.dll
2007-06-17 06:57 46,336 --a------ C:\WINDOWS\system32\tmpA.tmp.dll
2007-06-16 17:23 46,336 --a------ C:\WINDOWS\system32\tmp336.tmp.dll
2007-06-16 16:29 46,336 --a------ C:\WINDOWS\system32\tmp2C.tmp.dll
2007-06-16 08:31 46,336 --a------ C:\WINDOWS\system32\tmp1F.tmp.dll
2007-06-16 08:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-16 03:30 46,336 --a------ C:\WINDOWS\system32\tmp752.tmp.dll
2007-06-16 03:08 46,336 --a------ C:\WINDOWS\system32\tmp74E.tmp.dll
2007-06-16 02:42 46,336 --a------ C:\WINDOWS\system32\tmp744.tmp.dll
2007-06-16 02:32 10,027 --a------ C:\WINDOWS\system32\mspriv32.dll
2007-06-16 02:29 <DIR> d---s---- C:\DOCUME~1\LOCALS~1\UserData
2007-06-15 22:16 46,336 --a------ C:\WINDOWS\system32\tmp5AD.tmp.dll
2007-06-15 22:04 46,336 --a------ C:\WINDOWS\system32\tmp593.tmp.dll
2007-06-15 16:16 46,336 --a------ C:\WINDOWS\system32\tmp56A.tmp.dll
2007-06-15 16:00 46,336 --a------ C:\WINDOWS\system32\tmp560.tmp.dll
2007-06-15 15:52 46,336 --a------ C:\WINDOWS\system32\tmp55C.tmp.dll
2007-06-15 15:38 46,336 --a------ C:\WINDOWS\system32\tmp545.tmp.dll
2007-06-15 15:35 60,288 --a------ C:\WINDOWS\system32\drivers\CDAVFS.sys
2007-06-15 09:44 46,336 --a------ C:\WINDOWS\system32\tmp519.tmp.dll
2007-06-15 08:43 46,336 --a------ C:\WINDOWS\system32\tmp508.tmp.dll
2007-06-15 07:28 46,336 --a------ C:\WINDOWS\system32\tmp2BE.tmp.dll
2007-06-15 06:12 46,336 --a------ C:\WINDOWS\system32\tmp8.tmp.dll
2007-06-14 16:47 46,336 --a------ C:\WINDOWS\system32\tmp33D.tmp.dll
2007-06-14 16:37 46,336 --a------ C:\WINDOWS\system32\tmp333.tmp.dll
2007-06-14 16:27 46,336 --a------ C:\WINDOWS\system32\tmp56.tmp.dll
2007-06-14 16:09 46,336 --a------ C:\WINDOWS\system32\tmp44.tmp.dll
2007-06-14 15:55 46,336 --a------ C:\WINDOWS\system32\tmp31.tmp.dll
2007-06-14 15:39 46,336 --a------ C:\WINDOWS\system32\tmp28.tmp.dll
2007-06-14 08:06 <DIR> d-------- C:\DOCUME~1\u242593\.housecall6.6
2007-06-14 07:41 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-13 16:52 <DIR> d-------- C:\WINDOWS\system32\win
2007-06-13 16:52 <DIR> d-------- C:\WINDOWS\system32\S7
2007-06-13 16:52 <DIR> d-------- C:\WINDOWS\system32\S6
2007-06-13 16:52 <DIR> d-------- C:\WINDOWS\system32\S2
2007-06-13 16:52 <DIR> d-------- C:\WINDOWS\system32\S1
2007-06-13 16:52 <DIR> d-------- C:\WINDOWS\system32\o02PrEz
2007-06-13 16:52 <DIR> d-------- C:\Temp\iee
2007-06-12 09:42 23 --ahs---- C:\WINDOWS\system32\afedcbcffccf_r.dll
2007-06-12 09:30 46,336 --a------ C:\WINDOWS\system32\tmp4D.tmp.dll
2007-06-05 17:09 46,336 --a------ C:\WINDOWS\system32\tmp13.tmp.dll
2007-06-05 07:57 <DIR> d-------- C:\DOCUME~1\u242593\APPLIC~1\Leadertech
2007-06-05 07:57 <DIR> d-------- C:\DOCUME~1\u242593\APPLIC~1\AdobeAUM
2007-06-05 06:51 1,310,720 --ah----- C:\DOCUME~1\ffrupdw\ntuser.dat
2007-06-05 06:51 <DIR> d---s---- C:\DOCUME~1\ffrupdw\UserData
2007-06-02 09:48 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-02 07:40 <DIR> d-------- C:\DOCUME~1\u242593\APPLIC~1\Lavasoft
2007-06-01 10:04 <DIR> d-------- C:\Program Files\LimeWire Turbo Accelerator
2007-06-01 10:04 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2007-05-19 12:40 <DIR> d-------- C:\Program Files\Maxis


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-18 17:29:47 -------- d-----w C:\Program Files\MIP
2007-06-17 05:00:00 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
2007-06-16 12:52:25 -------- d-----w C:\Program Files\LimeWire
2007-06-15 21:10:36 -------- d-----w C:\DOCUME~1\u242593\APPLIC~1\LimeWire
2007-06-13 21:16:30 -------- d-----w C:\DOCUME~1\u242593\APPLIC~1\PSM
2007-06-13 13:46:03 -------- d-----w C:\Program Files\mtl
2007-06-12 13:37:25 -------- d-----w C:\Program Files\Logbook
2007-06-08 16:35:19 -------- d-----w C:\Program Files\TMG
2007-06-06 20:50:33 -------- d-----w C:\Program Files\Lavasoft
2007-06-02 21:41:35 -------- d-----w C:\Program Files\Google
2007-06-02 14:51:45 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-02 14:50:58 -------- d-----w C:\DOCUME~1\u242593\APPLIC~1\yahoo!
2007-06-02 14:47:27 -------- d-----w C:\DOCUME~1\u242593\APPLIC~1\Google
2007-05-08 00:08:58 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-08 00:08:57 -------- d-----w C:\Program Files\Timbuktu Pro
2007-05-08 00:08:57 -------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2007-05-08 00:08:56 -------- d-----w C:\Program Files\Sierra On-Line
2007-05-08 00:08:55 -------- d-----w C:\Program Files\Messenger
2007-05-08 00:08:55 -------- d-----w C:\Program Files\Mattel Vidster
2007-05-08 00:08:53 -------- d-----w C:\Program Files\eTime
2007-05-08 00:08:53 -------- d-----w C:\Program Files\CTT
2007-05-08 00:08:53 -------- d-----w C:\Program Files\ce_logbook
2007-05-08 00:08:53 -------- d-----w C:\Program Files\BBPTool
2007-05-03 19:44:24 -------- d-----w C:\Program Files\DssEvolution.com
2007-05-03 14:17:15 -------- d-----w C:\Program Files\Virtual Earth 3D
2007-04-26 12:41:22 -------- d-----w C:\Program Files\Deer Drive


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 02:14]
{7e3c240c-fdce-453e-8033-108131b60733}=C:\WINDOWS\system32\cvelddf.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 07:11]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 13:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 13:16]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 16:14]
"vptray"="C:\Progra~1\Symantec\Symant~1\VPTray.exe" [2006-06-15 00:40]
"TPTRAY"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [2006-04-24 00:53]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-01-24 12:03]
"RunWCW"="C:\dowwapps\login\dwalogin.vbs" []
"DIRECT!"="C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe" [2004-04-27 11:09]
"TLogonPath"="C:\Program Files\Timbuktu Pro\Tb2Logon.exe" [2005-11-16 12:10]
"WDS"="C:\Program Files\Windows Desktop Search\WindowsSearch.exe" [2006-03-26 23:44]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [2006-03-24 11:27]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2006-05-12 21:15]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-05-12 21:09]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-07 00:12]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-12-07 00:12]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-24 01:22]
"TpShocks"="TpShocks.exe" [2005-11-07 12:14 C:\WINDOWS\system32\TpShocks.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-13 15:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-14 19:40]
"Synchronization Configuration"="C:\Dowwapps\scripts\Config_Mobsync_Run.vbs" [2003-04-24 14:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\cdas53d.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Synchronization Configuration"=C:\dowwapps\scripts\config_mobsync_runonce.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce]
"DBKey2"=C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\DBKey2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunLogonScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"HideShutdownScripts"=0 (0x0)
"disablecad"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoRemoteChangeNotify"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 14:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]
C:\Program Files\Timbuktu Pro\Hook32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\mljgddd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1060284298-861567501-682003330-77277\Scripts\Logoff\0\0]
"Script"=C:\Program Files\MIP\DWSBACKUP.vbs


Contents of the 'Scheduled Tasks' folder
2007-01-03 04:22:55 C:\WINDOWS\tasks\DWS Disk Cleanup.job
2007-02-22 02:20:45 C:\WINDOWS\tasks\DWS Disk Defrag.job
2007-06-18 20:53:43 C:\WINDOWS\tasks\PMTask.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 15:53:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-18 15:54:59 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-18 15:54

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 15:57, on 2007-06-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MIP\AgentSrv.EXE
C:\Progra~1\Symantec\Symant~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Progra~1\Symantec\Symant~1\Rtvscan.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Timbuktu Pro\TimbuktuRemoteConsole.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
c:\dowwapps\dwsservice\dwsservice.exe
C:\Program Files\Timbuktu Pro\tb2pro.exe
C:\Program Files\Timbuktu Pro\TNOTIFY.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Progra~1\Symantec\Symant~1\VPTray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Timbuktu Pro\Tb2Logon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\wscript.exe
C:\Program Files\MIP\CBSysTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lahome.intranet.dow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dowhome.intranet.dow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.intranet.dow.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=inet3.nam.dow.com:80;gopher=inet3.nam.dow.com:80;http=inet3.nam.dow.com:80;https=inet3.nam.dow.com:443
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7e3c240c-fdce-453e-8033-108131b60733} - C:\WINDOWS\system32\cvelddf.dll (file missing)
O3 - Toolbar: (no name) - {F35CE83E-9EBF-40d5-AE87-53F982389740} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\Progra~1\Symantec\Symant~1\VPTray.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [RunWCW] C:\dowwapps\login\dwalogin.vbs
O4 - HKLM\..\Run: [DIRECT!] C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe
O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\Tb2Logon.exe"
O4 - HKLM\..\Run: [WDS] "C:\Program Files\Windows Desktop Search\WindowsSearch.exe" /startup
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Configuration] C:\Dowwapps\scripts\Config_Mobsync_Run.vbs
O4 - HKLM\..\RunOnce: [Synchronization Configuration] C:\dowwapps\scripts\config_mobsync_runonce.vbs
O4 - HKLM\..\RunServicesOnce: [DBKey2] C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\DBKey2.dll
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas53d.exe" /minimize
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://www.dow.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5327803480
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\Software\..\Telephony: DomainName = dow.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O20 - AppInit_DLLs: c:\windows\system32\mljgddd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: Timbuktu Pro - C:\Program Files\Timbuktu Pro\Hook32.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\MIP\AgentSrv.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Progra~1\Symantec\Symant~1\DefWatch.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\u242593\Application Data\tmp8.tmp.exe (file missing)
O23 - Service: DWSService - The Dow Chemical Company - c:\dowwapps\dwsservice\dwsservice.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OracleORAHOME90ClientCache - Unknown owner - C:\ORACLE\ORA90\BIN\ONRSD.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Progra~1\Symantec\Symant~1\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Progra~1\Symantec\Symant~1\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

Thanks...
bhunt261
Regular Member
 
Posts: 51
Joined: June 16th, 2007, 9:14 am

Unread postby random/random » June 19th, 2007, 12:58 pm

  • Go to Start > My Computer
  • Go to Tools > Folder Options
  • Click on the View tab
  • Untick the following:
    • Hide extensions for known file types
    • Hide protected operating system files (Recommended)
  • You will get a message warning you about showing protected operating system files, click Yes
  • Make sure this option is selected:
    • Show hidden files and folders
  • Click Apply and then click OK


Then please upload this file:

C:\WINDOWS\system32\mspriv32.dll

To either jotti or virustotal and post the results as a reply to this topic

Repeat for each of these files:

C:\WINDOWS\wscript.exe
C:\Documents and Settings\u242593\Application Data\tmp8.tmp.exe
C:\WINDOWS\system32\afedcbcffccf_r.dll
C:\WINDOWS\system32\drivers\CDAVFS.sys
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Jotti scan of C:\WINDOWS\system32\mspriv32.dll

Unread postby bhunt261 » June 19th, 2007, 5:14 pm

Scan taken on 19 Jun 2007 21:03:57 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
bhunt261
Regular Member
 
Posts: 51
Joined: June 16th, 2007, 9:14 am

totti scan of C:\WINDOWS\wscript.exe

Unread postby bhunt261 » June 19th, 2007, 5:20 pm

Scan taken on 19 Jun 2007 21:15:14 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
bhunt261
Regular Member
 
Posts: 51
Joined: June 16th, 2007, 9:14 am

C:\Documents and Settings\u242593\Application Data\tmp8.tmp.

Unread postby bhunt261 » June 19th, 2007, 5:31 pm

File not found message came back when I tried to scan with Totti
bhunt261
Regular Member
 
Posts: 51
Joined: June 16th, 2007, 9:14 am

totti scan of C:\WINDOWS\system32\afedcbcffccf_r.dll

Unread postby bhunt261 » June 19th, 2007, 5:33 pm

Scan taken on 19 Jun 2007 21:32:18 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
bhunt261
Regular Member
 
Posts: 51
Joined: June 16th, 2007, 9:14 am

totti scan of C:\WINDOWS\system32\drivers\CDAVFS.sys

Unread postby bhunt261 » June 19th, 2007, 5:36 pm

Scan taken on 19 Jun 2007 21:34:14 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
bhunt261
Regular Member
 
Posts: 51
Joined: June 16th, 2007, 9:14 am

Unread postby random/random » June 20th, 2007, 3:30 pm

Copy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is turned off.

sc stop DomainService
sc delete DomainService
del /q "C:\WINDOWS\system32\tmp*.tmp.dll


Save it to your Desktop as cleanup.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: cleanup.bat

Locate cleanup.bat on your Desktop and double-click it. A DOS window will open briefly and then close, this is normal

Then rerun combofix and post the log produced, along with a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Log files after cleanup.bat

Unread postby bhunt261 » June 20th, 2007, 6:23 pm

ComboFix 07-06-18.2
"u242593" - 2007-06-20 17:16:48 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 )))))))))))))))))))))))))))))))


2007-06-18 15:36 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-18 06:41 <DIR> d-------- C:\WINDOWS\DowScanFiles
2007-06-16 08:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-16 02:32 10,027 --a------ C:\WINDOWS\system32\mspriv32.dll
2007-06-16 02:29 <DIR> d---s---- C:\DOCUME~1\LOCALS~1\UserData
2007-06-15 15:35 60,288 --a------ C:\WINDOWS\system32\drivers\CDAVFS.sys
2007-06-14 08:06 <DIR> d-------- C:\DOCUME~1\u242593\.housecall6.6
2007-06-14 07:41 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-13 16:52 <DIR> d-------- C:\WINDOWS\system32\win
2007-06-13 16:52 <DIR> d-------- C:\WINDOWS\system32\S7
2007-06-13 16:52 <DIR> d-------- C:\WINDOWS\system32\S6
2007-06-13 16:52 <DIR> d-------- C:\WINDOWS\system32\S2
2007-06-13 16:52 <DIR> d-------- C:\WINDOWS\system32\S1
2007-06-13 16:52 <DIR> d-------- C:\WINDOWS\system32\o02PrEz
2007-06-13 16:52 <DIR> d-------- C:\Temp\iee
2007-06-12 09:42 23 --ahs---- C:\WINDOWS\system32\afedcbcffccf_r.dll
2007-06-05 07:57 <DIR> d-------- C:\DOCUME~1\u242593\APPLIC~1\Leadertech
2007-06-05 07:57 <DIR> d-------- C:\DOCUME~1\u242593\APPLIC~1\AdobeAUM
2007-06-05 06:51 1,310,720 --ah----- C:\DOCUME~1\ffrupdw\ntuser.dat
2007-06-05 06:51 <DIR> d---s---- C:\DOCUME~1\ffrupdw\UserData
2007-06-02 09:48 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-02 07:40 <DIR> d-------- C:\DOCUME~1\u242593\APPLIC~1\Lavasoft
2007-06-01 10:04 <DIR> d-------- C:\Program Files\LimeWire Turbo Accelerator
2007-06-01 10:04 <DIR> d-------- C:\Program Files\Common Files\Download Manager


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-18 17:29:47 -------- d-----w C:\Program Files\MIP
2007-06-17 05:00:00 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
2007-06-16 12:52:25 -------- d-----w C:\Program Files\LimeWire
2007-06-15 21:10:36 -------- d-----w C:\DOCUME~1\u242593\APPLIC~1\LimeWire
2007-06-13 21:16:30 -------- d-----w C:\DOCUME~1\u242593\APPLIC~1\PSM
2007-06-13 13:46:03 -------- d-----w C:\Program Files\mtl
2007-06-12 13:37:25 -------- d-----w C:\Program Files\Logbook
2007-06-08 16:35:19 -------- d-----w C:\Program Files\TMG
2007-06-06 20:50:33 -------- d-----w C:\Program Files\Lavasoft
2007-06-02 21:41:35 -------- d-----w C:\Program Files\Google
2007-06-02 14:51:45 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-02 14:50:58 -------- d-----w C:\DOCUME~1\u242593\APPLIC~1\yahoo!
2007-06-02 14:47:27 -------- d-----w C:\DOCUME~1\u242593\APPLIC~1\Google
2007-05-19 17:40:09 -------- d-----w C:\Program Files\Maxis
2007-05-08 00:08:58 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-08 00:08:57 -------- d-----w C:\Program Files\Timbuktu Pro
2007-05-08 00:08:57 -------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2007-05-08 00:08:56 -------- d-----w C:\Program Files\Sierra On-Line
2007-05-08 00:08:55 -------- d-----w C:\Program Files\Messenger
2007-05-08 00:08:55 -------- d-----w C:\Program Files\Mattel Vidster
2007-05-08 00:08:53 -------- d-----w C:\Program Files\eTime
2007-05-08 00:08:53 -------- d-----w C:\Program Files\CTT
2007-05-08 00:08:53 -------- d-----w C:\Program Files\ce_logbook
2007-05-08 00:08:53 -------- d-----w C:\Program Files\BBPTool
2007-05-03 19:44:24 -------- d-----w C:\Program Files\DssEvolution.com
2007-05-03 14:17:15 -------- d-----w C:\Program Files\Virtual Earth 3D
2007-04-26 12:41:22 -------- d-----w C:\Program Files\Deer Drive


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll [2006-05-03 02:14]
{7e3c240c-fdce-453e-8033-108131b60733}=C:\WINDOWS\system32\cvelddf.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 07:11]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 13:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 13:16]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 16:14]
"vptray"="C:\Progra~1\Symantec\Symant~1\VPTray.exe" [2006-06-15 00:40]
"TPTRAY"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [2006-04-24 00:53]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-01-24 12:03]
"RunWCW"="C:\dowwapps\login\dwalogin.vbs" []
"DIRECT!"="C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe" [2004-04-27 11:09]
"TLogonPath"="C:\Program Files\Timbuktu Pro\Tb2Logon.exe" [2005-11-16 12:10]
"WDS"="C:\Program Files\Windows Desktop Search\WindowsSearch.exe" [2006-03-26 23:44]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [2006-03-24 11:27]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2006-05-12 21:15]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-05-12 21:09]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-07 00:12]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-12-07 00:12]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-24 01:22]
"TpShocks"="TpShocks.exe" [2005-11-07 12:14 C:\WINDOWS\system32\TpShocks.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-13 15:19]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-14 19:40]
"Synchronization Configuration"="C:\Dowwapps\scripts\Config_Mobsync_Run.vbs" [2003-04-24 14:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyberDefender Early Detection Center"="C:\Program Files\CyberDefender\AntiSpyware\cdas53d.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Synchronization Configuration"=C:\dowwapps\scripts\config_mobsync_runonce.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce]
"DBKey2"=C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\DBKey2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunLogonScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"HideShutdownScripts"=0 (0x0)
"disablecad"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoRemoteChangeNotify"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"=1 (0x1)
"NoWindowsUpdate"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"="C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 14:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Timbuktu Pro]
C:\Program Files\Timbuktu Pro\Hook32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\mljgddd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1060284298-861567501-682003330-77277\Scripts\Logoff\0\0]
"Script"=C:\Program Files\MIP\DWSBACKUP.vbs


Contents of the 'Scheduled Tasks' folder
2007-01-03 04:22:55 C:\WINDOWS\tasks\DWS Disk Cleanup.job
2007-02-22 02:20:45 C:\WINDOWS\tasks\DWS Disk Defrag.job
2007-06-20 11:58:23 C:\WINDOWS\tasks\PMTask.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-20 17:19:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-20 17:19:47
C:\ComboFix-quarantined-files.txt ... 2007-06-20 17:19
C:\ComboFix2.txt ... 2007-06-18 15:54

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 17:22, on 2007-06-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MIP\AgentSrv.EXE
C:\Progra~1\Symantec\Symant~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Progra~1\Symantec\Symant~1\Rtvscan.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Timbuktu Pro\TimbuktuRemoteConsole.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
c:\dowwapps\dwsservice\dwsservice.exe
C:\Program Files\Timbuktu Pro\tb2pro.exe
C:\Program Files\Timbuktu Pro\TNOTIFY.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Progra~1\Symantec\Symant~1\VPTray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Timbuktu Pro\Tb2Logon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MIP\CBSysTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\wscript.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lahome.intranet.dow.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dowhome.intranet.dow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.intranet.dow.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=inet3.nam.dow.com:80;gopher=inet3.nam.dow.com:80;http=inet3.nam.dow.com:80;https=inet3.nam.dow.com:443
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7e3c240c-fdce-453e-8033-108131b60733} - C:\WINDOWS\system32\cvelddf.dll (file missing)
O3 - Toolbar: (no name) - {F35CE83E-9EBF-40d5-AE87-53F982389740} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\Progra~1\Symantec\Symant~1\VPTray.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [RunWCW] C:\dowwapps\login\dwalogin.vbs
O4 - HKLM\..\Run: [DIRECT!] C:\Program Files\Courion Corporation\Identity Management Suite DIRECT!\direct.exe
O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\Tb2Logon.exe"
O4 - HKLM\..\Run: [WDS] "C:\Program Files\Windows Desktop Search\WindowsSearch.exe" /startup
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Synchronization Configuration] C:\Dowwapps\scripts\Config_Mobsync_Run.vbs
O4 - HKLM\..\RunOnce: [Synchronization Configuration] C:\dowwapps\scripts\config_mobsync_runonce.vbs
O4 - HKLM\..\RunServicesOnce: [DBKey2] C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\DBKey2.dll
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas53d.exe" /minimize
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://www.dow.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.c ... hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5327803480
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\Software\..\Telephony: DomainName = dow.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = dow.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dow.com,intranet.dow.com,nam.dow.com,eur.dow.com,lam.dow.com,asa.dow.com,aus.dow.com,afr.dow.com,sct.ucarb.com
O20 - AppInit_DLLs: c:\windows\system32\mljgddd.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: Timbuktu Pro - C:\Program Files\Timbuktu Pro\Hook32.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\MIP\AgentSrv.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Progra~1\Symantec\Symant~1\DefWatch.exe
O23 - Service: DWSService - The Dow Chemical Company - c:\dowwapps\dwsservice\dwsservice.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OracleORAHOME90ClientCache - Unknown owner - C:\ORACLE\ORA90\BIN\ONRSD.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Progra~1\Symantec\Symant~1\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Progra~1\Symantec\Symant~1\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe



P.S. I appreiciate what you've done so far. The pop ups have almost(recieved only 1 today) nearly stopped. Thanks....
bhunt261
Regular Member
 
Posts: 51
Joined: June 16th, 2007, 9:14 am

Unread postby random/random » June 23rd, 2007, 4:10 am

Before we go any further I would to know if this is a business PC, because there are a number of policies set that the IT department may not want you to remove and you also appear to be running software connected to a company e.g.

O23 - Service: DWSService - The Dow Chemical Company - c:\dowwapps\dwsservice\dwsservice.exe
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Unread postby bhunt261 » June 23rd, 2007, 2:55 pm

Yes, it is a company owned pc that I also use at home.
bhunt261
Regular Member
 
Posts: 51
Joined: June 16th, 2007, 9:14 am

Unread postby random/random » June 23rd, 2007, 3:10 pm

If it is a company owned PC then it should really be dealt with by the IT department - This is because they should be aware of the possible threat to their network (Your manager/boss is unlikely to be happy if your customer's data gets stolen and sold on for $1 per customer)

Also on company machine there are often a number of restrictions in place.

A number of these restrictions are removed by the tools that we use, and removing them may be against your company's rules - and you may get in trouble for removing them

Please let me know how you would like to continue
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Unread postby bhunt261 » June 25th, 2007, 8:52 am

The problem seems resolved but, I will contact IT. Thanks...
bhunt261
Regular Member
 
Posts: 51
Joined: June 16th, 2007, 9:14 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware